Ir para conteúdo

Foto

Páginas abrindo sozinhas.


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
13 respostas neste tópico

#1
studiopontocom

studiopontocom

    Novato

  • Membro
  • Pip
  • 42 posts

Bom dia, ao abrir um navegador com qualquer endereço, abre-se outra janela com propaganda. 
Obrigado pela ajuda.

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.447 posts

studiopontocom,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

 

 

Esse computador é de uso pessoal?



#3
studiopontocom

studiopontocom

    Novato

  • Membro
  • Pip
  • 42 posts

Bom dia, sim, é de uso pessoal.

 

Obrigado pela ajuda.



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.447 posts

Ok,

 

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554



#5
studiopontocom

studiopontocom

    Novato

  • Membro
  • Pip
  • 42 posts

Boa tarde:

 

Logfile of HijackThis v1.99.1
Scan saved at 08:23:59, on 31/07/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Downloads\Software\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-se...121564&tsp=4957
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0035382 - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMS Server Service (KMSEmulator) - Unknown owner - C:\ProgramData\KMSAuto\KMSES.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 8 Enterprise x64
Ran by manoel on 01/08/2013 at 14:49:31,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\manoel\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\manoel\appdata\local\visualbeeclient"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\manoel\AppData\Roaming\mozilla\firefox\profiles\m4pds8ar.default\invalidprefs.js
Successfully deleted the following from C:\Users\manoel\AppData\Roaming\mozilla\firefox\profiles\m4pds8ar.default\prefs.js
 
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.js", "\n\n  /************************************************************
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.js", "\n\n  /************************************************************
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "14020f6e05163dd0890e50ad28048c8b");
Emptied folder: C:\Users\manoel\AppData\Roaming\mozilla\firefox\profiles\m4pds8ar.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/08/2013 at 14:52:14,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.08.01.07
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
manoel :: MM [administrador]
 
Proteção: Permitir
 
01/08/2013 14:58:42
mbam-log-2013-08-01 (14-58-42).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  237788
Tempo decorrido: 2 minuto(s), 22 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 17
C:\Users\manoel\AppData\Local\Temp\plus-hd-2-5-br.exe (Heuristics.Shuriken) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\AppData\Local\Temp\XmOm9p6G.exe.part (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.
C:\$Recycle.Bin\S-1-5-21-237971141-3245003879-1109622991-1001\$R5794I8.exe (PUP.Optional.Somoto) -> Enviado para a Quarentena e deletado com sucesso.
C:\$Recycle.Bin\S-1-5-21-237971141-3245003879-1109622991-1001\$R76CRUC.exe (PUP.Optional.Somoto) -> Enviado para a Quarentena e deletado com sucesso.
C:\$Recycle.Bin\S-1-5-21-237971141-3245003879-1109622991-1001\$RJDWJHF.exe (PUP.Optional.Somoto) -> Enviado para a Quarentena e deletado com sucesso.
C:\$Recycle.Bin\S-1-5-21-237971141-3245003879-1109622991-1001\$RQOWBM4.exe (PUP.Optional.Somoto) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\AppData\Local\Temp\32B6A1DD-BAB0-7891-AB28-7D18D7697E66\Latest\ccp.exe (PUP.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\AppData\Local\Temp\32B6A1DD-BAB0-7891-AB28-7D18D7697E66\Latest\MyDeltaTB.exe (PUP.Delta.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\AppData\Local\Temp\32B6A1DD-BAB0-7891-AB28-7D18D7697E66\Latest\Setup.exe (PUP.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\AppData\Local\Temp\is701137889\dp.exe (PUP.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\AppData\Local\Temp\is701137889\Setup-D502DD2B71B5.exe (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\Downloads\daemon-tools-lite-44710335-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\Downloads\KMSv6.1downlaodsfull.rar (1).exe (PUP.Optional.Installex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\Downloads\KMSv6.1downlaodsfull.rar (1).rar (PUP.Optional.Installex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\Downloads\KMSv6.1downlaodsfull.rar.exe (PUP.Optional.Installex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\Downloads\PDFCreator.exe (PUP.Optional.Solimba) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\manoel\Downloads\setup.exe (PUP.Optional.Ibryte) -> Enviado para a Quarentena e deletado com sucesso.
 
(fim)
 
Obrigado pela atenção.


#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.447 posts

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.* /s

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
Net User /c

/md5start

services.*

/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#7
studiopontocom

studiopontocom

    Novato

  • Membro
  • Pip
  • 42 posts

Pronto:
 

OTL logfile created on: 01/08/2013 17:59:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\Software
64bit- Enterprise Edition  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
15,96 Gb Total Physical Memory | 13,78 Gb Available Physical Memory | 86,36% Memory free
18,21 Gb Paging File | 15,91 Gb Available in Paging File | 87,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,42 Gb Total Space | 159,15 Gb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive F: | 683,59 Gb Total Space | 455,98 Gb Free Space | 66,70% Space Free | Partition Type: NTFS
Drive K: | 752,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MM | User Name: manoel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/01 17:54:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2013/07/27 05:41:25 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/27 05:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2013/07/13 13:23:54 | 000,277,504 | ---- | M] () -- C:\ProgramData\KMSAuto\KMSES.exe
PRC - [2013/07/13 10:38:31 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/04/08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/27 10:11:00 | 006,875,136 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/11 03:22:32 | 003,547,136 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/01 06:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 03:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 03:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 01:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 23:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 23:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 20:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 20:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 06:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 03:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 00:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 00:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 00:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 00:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 00:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 00:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 00:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 00:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 00:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 00:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 00:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 00:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 00:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/07/27 05:49:33 | 014,984,480 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/07/27 05:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2013/07/14 10:18:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/13 13:23:54 | 000,277,504 | ---- | M] () [Auto | Running] -- C:\ProgramData\KMSAuto\KMSES.exe -- (KMSEmulator)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 09:53:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/06/18 11:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013/04/08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012/07/26 00:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 00:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/12 21:11:18 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/09 01:28:50 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/01 08:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 08:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 08:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/01 00:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/14 16:28:40 | 000,039,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/05/04 04:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 04:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 07:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 07:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 07:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/28 22:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 20:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/09 22:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/27 00:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 01:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 00:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012/10/12 05:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 04:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 04:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 04:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 04:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 04:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 02:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 02:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 02:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 02:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 02:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 02:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 02:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 02:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 02:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 02:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 02:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 02:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 02:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 02:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 02:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 02:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 02:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 01:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 01:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 01:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 01:50:20 | 000,053,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2012/07/26 00:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 23:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 23:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 23:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 23:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 23:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 23:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 23:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 23:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 23:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 23:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 23:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 23:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 23:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 23:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 23:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 23:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 23:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 23:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 23:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 23:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 23:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 23:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 23:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 23:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 23:23:42 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2012/07/25 23:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/02 11:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mmrede.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.br.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 33 8D E8 5D 7A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {75D20CB5-6EE7-4A68-9CD7-2B994E102F7B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{75D20CB5-6EE7-4A68-9CD7-2B994E102F7B}: "URL" = http://www.google.co...search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "webwebweb"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: del.icio.us%40askin.ws:1.2.0
FF - prefs.js..extensions.enabledAddons: vdpure%40link64:1.97.5
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.8
FF - prefs.js..extensions.enabledAddons: 05dd836e-2cbd-4204-9ff3-2f8a8665967d%40a8876730-fb0c-4057-a2fc-f9c09d438e81.com:0.91.3
FF - prefs.js..extensions.enabledAddons: 75c9b989-a6e6-4455-971f-45304161eb23%4002648b91-49b2-4d7f-99ef-7e959a8e6505.com:0.91.16
FF - prefs.js..extensions.enabledAddons: %7B2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25%7D:9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\manoel\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/07/27 13:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/14 10:44:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\manoel\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi [2013/07/17 18:49:19 | 000,013,596 | ---- | M] ()
 
[2013/07/06 12:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manoel\AppData\Roaming\mozilla\Extensions
[2013/07/31 08:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions
[2013/07/31 08:36:28 | 000,000,000 | ---D | M] ("FoodBuzz") -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}
[2013/07/28 17:55:06 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
[2013/07/31 08:35:54 | 000,000,000 | ---D | M] ("Plus-HD-2.5") -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com
[2013/07/28 17:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\extensionCode
[2013/07/31 08:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\chrome\content\extensionCode
[2013/07/10 20:54:36 | 000,014,052 | ---- | M] () (No name found) -- C:\Users\manoel\AppData\Roaming\mozilla\firefox\profiles\m4pds8ar.default\extensions\del.icio.us@askin.ws.xpi
[2013/07/14 16:47:33 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\manoel\AppData\Roaming\mozilla\firefox\profiles\m4pds8ar.default\extensions\firebug@software.joehewitt.com.xpi
[2013/07/24 23:44:51 | 000,028,003 | ---- | M] () (No name found) -- C:\Users\manoel\AppData\Roaming\mozilla\firefox\profiles\m4pds8ar.default\extensions\vdpure@link64.xpi
[2013/08/01 11:29:32 | 000,001,087 | ---- | M] () -- C:\Users\manoel\AppData\Roaming\mozilla\firefox\profiles\m4pds8ar.default\searchplugins\webwebweb.xml
[2013/07/28 17:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013/07/06 12:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/07/06 12:52:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/28 16:44:41 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2013/07/27 13:20:39 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013/06/13 20:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FoodBuzz = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fliacamcdcfemghfnaekoojeliaifleg\9.0_0\
CHR - Extension: Plus-HD-2.5 = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\crossrider
CHR - Extension: Plus-HD-2.5 = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\
CHR - Extension: hosts = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.4_0\crossrider
CHR - Extension: hosts = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.4_0\
CHR - Extension: GBBD Banco do Brasil = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\
CHR - Extension: Gmail = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/28 17:26:23 | 000,001,693 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 209.34.83.73:443
O1 - Hosts: 127.0.0.1 209.34.83.73:43
O1 - Hosts: 127.0.0.1 209.34.83.73
O1 - Hosts: 127.0.0.1 209.34.83.67:443
O1 - Hosts: 127.0.0.1 209.34.83.67:43
O1 - Hosts: 127.0.0.1 209.34.83.67
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 199.7.52.190:80
O1 - Hosts: 5 more lines...
O2:64bit: - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader64.dll ()
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Arquivos de Programas\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll ()
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Baixar com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Baixar tudo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Baixar vídeo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download selecionado pelo Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Baixar com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AADA890C-02BC-408C-AFA5-E8A24826A7C9}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/13 18:04:47 | 000,000,175 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell\AutoRun\command - "" = K:\SETUP.EXE -- [2012/10/01 21:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell\configure\command - "" = K:\setup.exe -- [2012/10/01 21:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell\install\command - "" = K:\setup.exe -- [2012/10/01 21:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
Continua ->

Continuação ->

 

========== Files/Folders - Created Within 90 Days ==========
 
[2013/08/01 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Malwarebytes
[2013/08/01 14:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/01 14:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/01 14:55:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/01 14:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/01 14:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/08/01 14:49:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/31 12:50:38 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Firestorm
[2013/07/31 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Firestorm
[2013/07/31 12:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2013/07/31 12:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
[2013/07/31 08:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoodBuzz
[2013/07/31 08:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.5
[2013/07/31 08:35:24 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\emaze
[2013/07/30 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\manoel\Documents\Modelos Personalizados do Office
[2013/07/30 20:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/30 20:07:09 | 000,000,000 | ---D | C] -- C:\NvidiaLogging
[2013/07/28 19:27:08 | 000,000,000 | ---D | C] -- C:\Users\manoel\Desktop\Adobe Fireworks CS6
[2013/07/28 17:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownLite
[2013/07/28 17:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hosts
[2013/07/28 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\manoel\Desktop\Adobe Dreamweaver CS6
[2013/07/28 16:56:39 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/07/28 16:45:07 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Free Download Manager
[2013/07/28 16:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013/07/28 16:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2013/07/27 13:34:13 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\PDF Architect
[2013/07/27 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/07/27 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
[2013/07/27 13:23:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security
[2013/07/27 13:22:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/07/27 13:20:41 | 000,000,000 | ---D | C] -- C:\Users\manoel\Documents\PDF Architect Files
[2013/07/27 13:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/07/27 13:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013/07/27 13:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/07/27 13:20:34 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013/07/27 13:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013/07/27 13:17:24 | 017,464,864 | ---- | C] (pdfforge GbR) -- C:\Users\manoel\Desktop\PDFCreator-1_6_2_setup.exe
[2013/07/27 13:17:12 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Baidu Security
[2013/07/27 12:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2013/07/27 12:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2013/07/27 12:26:31 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\manoel\Documents\APNSetup.exe
[2013/07/20 15:43:28 | 000,000,000 | ---D | C] -- C:\Users\manoel\Application Data
[2013/07/20 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/07/20 15:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/07/20 15:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/07/17 18:39:43 | 000,031,088 | ---- | C] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
[2013/07/17 18:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin
[2013/07/17 18:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GbPlugin
[2013/07/17 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\GAS Tecnologia
[2013/07/17 18:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GAS Tecnologia
[2013/07/17 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Programs
[2013/07/17 18:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/07/15 20:02:06 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\NVIDIA
[2013/07/14 15:03:50 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\GlobalSCAPE
[2013/07/14 15:03:49 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\GlobalSCAPE
[2013/07/14 10:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/07/14 10:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2013/07/14 10:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/07/14 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/07/14 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/07/14 10:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/07/14 10:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/07/14 10:54:01 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Adobe
[2013/07/13 18:01:12 | 000,000,000 | RHSD | C] -- C:\Office Activation Technologies
[2013/07/13 18:01:06 | 000,000,000 | ---D | C] -- C:\Windows\Office15
[2013/07/13 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/07/13 17:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/07/13 17:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/07/13 17:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013/07/13 17:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/07/13 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/07/13 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/07/13 17:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/07/13 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/07/13 17:55:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/07/13 17:01:35 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Skype
[2013/07/13 17:01:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/07/13 17:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/13 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/13 17:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/07/13 16:33:34 | 000,000,000 | ---D | C] -- C:\Users\manoel\Tracing
[2013/07/13 16:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/07/13 16:25:58 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Windows Live
[2013/07/13 16:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/07/13 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/07/13 16:13:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013/07/13 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/07/13 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/07/13 16:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/13 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/13 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/07/13 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/07/13 13:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\KMSAuto
[2013/07/12 22:15:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/07/12 21:31:27 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Microsoft Toolkit
[2013/07/12 21:15:47 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Microsoft Help
[2013/07/12 21:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/07/12 21:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/07/12 21:11:18 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/07/12 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\DAEMON Tools Lite
[2013/07/12 21:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/07/12 21:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013/07/10 01:32:38 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/07/09 20:51:50 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\AVG2013
[2013/07/09 20:50:53 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\TuneUp Software
[2013/07/09 20:50:32 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/07/09 20:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/07/09 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/07/09 19:53:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/09 19:53:40 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\MFAData
[2013/07/09 19:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/07/09 19:53:40 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Avg2013
[2013/07/09 01:28:50 | 000,248,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgwfpa.sys
[2013/07/07 14:00:23 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\NVIDIA
[2013/07/07 13:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/07/07 13:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/07/07 13:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/07/07 13:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/07/07 13:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/07/07 13:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/07/07 13:53:39 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/07/06 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\WinRAR
[2013/07/06 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/07/06 18:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/07/06 18:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\Sistema
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas Músicas
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas Imagens
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus Vídeos
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de Aplicativos
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas
[2013/07/06 15:24:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Arquivos Comuns
[2013/07/06 15:22:41 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/07/06 15:19:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/06 15:18:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/07/06 13:21:06 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Macromedia
[2013/07/06 13:15:15 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\SecondLife
[2013/07/06 13:15:13 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\SecondLife
[2013/07/06 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2013/07/06 13:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
[2013/07/06 12:52:57 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Mozilla
[2013/07/06 12:52:57 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Mozilla
[2013/07/06 12:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/07/06 12:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 12:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/06 12:50:07 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2013/07/06 12:50:07 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2013/07/06 12:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/07/06 12:50:07 | 000,000,000 | ---D | C] -- C:\Intel
[2013/07/06 12:37:37 | 000,106,496 | ---- | C] (windowsforum.kr) -- C:\Windows\SysNative\SLCHook.dll
[2013/07/06 12:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/06 12:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/06 12:33:55 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Google
[2013/07/06 12:31:42 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Macromedia
[2013/07/06 12:27:45 | 000,000,000 | R--D | C] -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/06 12:27:45 | 000,000,000 | R--D | C] -- C:\Users\manoel\Searches
[2013/07/06 12:27:45 | 000,000,000 | R--D | C] -- C:\Users\manoel\Contacts
[2013/07/06 12:27:45 | 000,000,000 | R--D | C] -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/06 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Adobe
[2013/07/06 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\VirtualStore
[2013/07/06 12:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2013/07/06 12:27:18 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Packages
[2013/07/06 12:27:15 | 000,000,000 | --SD | C] -- C:\Users\manoel\AppData\Roaming\Microsoft
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Videos
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Saved Games
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Pictures
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Music
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Links
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Favorites
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Downloads
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Documents
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\Desktop
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/06 12:27:15 | 000,000,000 | R--D | C] -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\AppData\Local\Temporary Internet Files
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\SendTo
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Recent
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Modelos
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Documents\Minhas Músicas
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Documents\Minhas Imagens
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Documents\Meus Vídeos
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Meus Documentos
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Menu Iniciar
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\AppData\Local\Histórico
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Dados de Aplicativos
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\AppData\Local\Dados de Aplicativos
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Cookies
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Configurações Locais
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Ambiente de Rede
[2013/07/06 12:27:15 | 000,000,000 | -HSD | C] -- C:\Users\manoel\Ambiente de Impressão
[2013/07/06 12:27:15 | 000,000,000 | -H-D | C] -- C:\Users\manoel\AppData
[2013/07/06 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Temp
[2013/07/06 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\Microsoft
[2013/07/06 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/06 12:27:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/07/06 12:26:38 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2013/07/01 01:45:28 | 000,116,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
 
========== Files - Modified Within 90 Days ==========
 
[2013/08/01 17:43:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/01 17:22:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 15:10:18 | 001,765,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/01 15:10:18 | 000,762,618 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/08/01 15:10:18 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/01 15:10:18 | 000,154,410 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/08/01 15:10:18 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/01 15:06:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/01 15:04:40 | 000,001,914 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-chromeinstaller.job
[2013/08/01 15:04:40 | 000,001,838 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-firefoxinstaller.job
[2013/08/01 15:04:40 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-updater.job
[2013/08/01 15:04:40 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/01 15:04:39 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-codedownloader.job
[2013/08/01 15:04:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-enabler.job
[2013/08/01 15:04:14 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
[2013/08/01 15:04:14 | 000,010,266 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
[2013/08/01 15:04:14 | 000,003,641 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
[2013/08/01 15:04:14 | 000,001,814 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
[2013/08/01 15:04:14 | 000,001,402 | ---- | M] () -- C:\Windows\SysWow64\drivers\gas.cer
[2013/08/01 15:04:09 | 821,985,277 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/01 15:04:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/08/01 14:55:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/01 08:44:37 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/31 12:50:22 | 000,001,317 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2013/07/31 08:35:24 | 000,001,228 | ---- | M] () -- C:\Users\manoel\Desktop\Create Amazing Presentations.lnk
[2013/07/30 20:12:15 | 005,045,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/30 20:09:31 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/28 18:04:09 | 145,394,418 | ---- | M] () -- C:\Users\manoel\AppData\Local\ACCCx189.zip.aamdownload
[2013/07/28 18:04:09 | 000,001,811 | ---- | M] () -- C:\Users\manoel\AppData\Local\ACCCx189.zip.aamdownload.aamd
[2013/07/28 17:55:22 | 000,001,007 | ---- | M] () -- C:\Users\manoel\Desktop\DownLite.lnk
[2013/07/28 17:26:23 | 000,001,693 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/27 13:20:46 | 000,000,993 | ---- | M] () -- C:\Users\manoel\Desktop\PDF Architect.lnk
[2013/07/27 13:20:36 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/07/27 13:17:46 | 017,464,864 | ---- | M] (pdfforge GbR) -- C:\Users\manoel\Desktop\PDFCreator-1_6_2_setup.exe
[2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/07/17 23:00:56 | 001,528,690 | ---- | M] () -- C:\Users\manoel\Documents\mmrede.zip
[2013/07/17 18:39:19 | 000,012,902 | ---- | M] () -- C:\Users\manoel\AppData\Roaming\unins000.dat
[2013/07/17 18:39:17 | 000,720,082 | ---- | M] () -- C:\Users\manoel\AppData\Roaming\unins000.exe
[2013/07/13 17:01:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/13 15:20:03 | 000,000,023 | ---- | M] () -- C:\Users\manoel\Documents\tianalima31@hotmail.com
[2013/07/12 21:11:26 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/07/12 21:11:18 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/07/09 01:28:50 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgwfpa.sys
[2013/07/07 13:55:22 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013/07/06 15:23:36 | 000,044,043 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/07/06 15:23:36 | 000,044,043 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/07/06 13:15:10 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2013/07/06 12:52:54 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/06 12:36:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2013/06/21 09:06:36 | 000,021,578 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/06/06 17:41:04 | 000,489,392 | ---- | M] (Ask Partner Network) -- C:\Users\manoel\Documents\APNSetup.exe
[2013/05/19 21:08:47 | 000,386,642 | ---- | M] () -- C:\Windows\SysNative\ApnDatabase.xml
 
========== Files Created - No Company Name ==========
 
[2013/08/01 14:55:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/31 12:50:22 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2013/07/31 08:36:18 | 000,001,202 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.5-updater.job
[2013/07/31 08:36:13 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.5-enabler.job
[2013/07/31 08:36:11 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.5-codedownloader.job
[2013/07/31 08:35:46 | 000,001,838 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.5-firefoxinstaller.job
[2013/07/31 08:35:42 | 000,001,914 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.5-chromeinstaller.job
[2013/07/31 08:35:24 | 000,001,228 | ---- | C] () -- C:\Users\manoel\Desktop\Create Amazing Presentations.lnk
[2013/07/31 08:35:24 | 000,001,228 | ---- | C] () -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/07/28 19:29:45 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Fireworks CS6.lnk
[2013/07/28 18:04:03 | 145,394,418 | ---- | C] () -- C:\Users\manoel\AppData\Local\ACCCx189.zip.aamdownload
[2013/07/28 18:04:03 | 000,001,811 | ---- | C] () -- C:\Users\manoel\AppData\Local\ACCCx189.zip.aamdownload.aamd
[2013/07/28 17:55:22 | 000,001,007 | ---- | C] () -- C:\Users\manoel\Desktop\DownLite.lnk
[2013/07/28 17:16:35 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2013/07/28 17:15:38 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/07/28 17:15:35 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013/07/28 17:15:06 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2013/07/27 13:20:46 | 000,000,993 | ---- | C] () -- C:\Users\manoel\Desktop\PDF Architect.lnk
[2013/07/27 13:20:36 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/07/27 12:26:40 | 000,087,152 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2013/07/22 19:52:01 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/17 23:00:48 | 001,528,690 | ---- | C] () -- C:\Users\manoel\Documents\mmrede.zip
[2013/07/17 18:40:49 | 005,045,696 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 18:39:43 | 000,010,266 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
[2013/07/17 18:39:43 | 000,003,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
[2013/07/17 18:39:43 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
[2013/07/17 18:39:43 | 000,001,402 | ---- | C] () -- C:\Windows\SysWow64\drivers\gas.cer
[2013/07/17 18:39:18 | 000,720,082 | ---- | C] () -- C:\Users\manoel\AppData\Roaming\unins000.exe
[2013/07/17 18:39:18 | 000,012,902 | ---- | C] () -- C:\Users\manoel\AppData\Roaming\unins000.dat
[2013/07/14 10:56:26 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/07/13 17:01:34 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/13 15:20:03 | 000,000,023 | ---- | C] () -- C:\Users\manoel\Documents\tianalima31@hotmail.com
[2013/07/12 21:11:26 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/07/10 23:48:28 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013/07/10 23:48:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/09 20:50:53 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/07 13:55:22 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013/07/07 13:54:19 | 000,021,578 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/07/06 15:23:59 | 821,985,277 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/06 15:22:19 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/07/06 13:20:45 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/06 13:15:10 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2013/07/06 12:52:54 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/06 12:52:54 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/06 12:36:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/07/06 12:34:33 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/06 12:33:59 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/06 12:33:59 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/06 12:27:42 | 000,001,406 | ---- | C] () -- C:\Users\manoel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/07/26 05:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 05:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 04:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 22:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 17:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 17:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 11:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013/07/27 13:16:19 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 03:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 02:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 00:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 00:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 00:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/09 20:51:50 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\AVG2013
[2013/07/27 13:17:12 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\Baidu Security
[2013/07/12 21:13:05 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\DAEMON Tools Lite
[2013/07/31 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\Firestorm
[2013/08/01 17:57:50 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\Free Download Manager
[2013/07/14 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\GlobalSCAPE
[2013/07/27 13:34:13 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\PDF Architect
[2013/07/31 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\SecondLife
[2013/07/09 20:50:53 | 000,000,000 | ---D | M] -- C:\Users\manoel\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/08/01 14:41:53 | 000,011,752 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/07/26 00:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/02 11:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2013/07/06 13:15:52 | 000,000,000 | ---- | M] () -- C:\conversation.log
[2013/08/01 15:04:09 | 821,985,277 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/01 15:04:09 | 2415,919,104 | -HS- | M] () -- C:\pagefile.sys
[2013/08/01 15:04:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/08/01 15:04:14 | 000,001,402 | ---- | M] () -- C:\Windows\system32\drivers\gas.cer
[2013/08/01 15:04:14 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\system32\drivers\gbpndisrd.sys
[2013/08/01 15:04:14 | 000,010,266 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.cat
[2013/08/01 15:04:14 | 000,003,641 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.inf
[2013/08/01 15:04:14 | 000,001,814 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd_m.inf
 
< %PROGRAMFILES%(x86)\*.* >
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/08/01 09:05:50 | 000,113,000 | ---- | M] () -- C:\Users\manoel\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2013/07/06 12:27:15 | 000,000,020 | -HS- | M] () -- C:\Users\manoel\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/08/01 15:03:25 | 007,602,176 | -HS- | M] () -- C:\Users\manoel\NTUSER.DAT
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2012/07/26 05:11:41 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2013/07/13 14:35:58 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2013/07/13 14:35:58 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2013/07/13 14:35:58 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2013/07/13 14:35:58 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
 
< %appdata%\*.* >
[2013/07/17 18:39:19 | 000,012,902 | ---- | M] () -- C:\Users\manoel\AppData\Roaming\unins000.dat
[2013/07/17 18:39:17 | 000,720,082 | ---- | M] () -- C:\Users\manoel\AppData\Roaming\unins000.exe
 
< %programdata%\*.* >
 
< %programdata%\*.exe /s >
[2013/07/13 13:23:54 | 000,277,504 | ---- | M] () -- C:\ProgramData\KMSAuto\KMSES.exe
[2013/07/09 19:54:35 | 007,626,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe
[2013/02/18 23:01:18 | 000,628,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe
[2013/02/18 23:01:42 | 000,016,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\ProgramData\MFAData\SelfUpd\avgrdtesta.exe
[2013/02/18 23:01:42 | 000,015,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\ProgramData\MFAData\SelfUpd\avgrdtestx.exe
[2013/02/18 23:01:42 | 000,278,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe
[2013/07/30 13:03:04 | 000,174,168 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\ApplicationOntology\OAWrapper.exe
[2013/07/07 13:56:11 | 000,289,616 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00003a6e\drsupdate.15912677_RUNASUSER.exe
[2013/07/07 13:56:15 | 001,949,376 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00004049\dao.16397623.exe
[2013/07/10 19:52:02 | 001,948,504 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00004134\dao.16430842.exe
[2013/07/11 19:53:38 | 001,948,520 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00004139\dao.16438418.exe
[2013/07/13 16:17:32 | 001,948,376 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\000041d0\dao.16449855.exe
[2013/07/16 20:02:31 | 001,948,672 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\000041da\dao.16473425.exe
[2013/07/23 20:36:48 | 001,984,640 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00004318\dao.16512755.exe
[2013/07/25 20:38:22 | 001,985,208 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00004326\dao.16530916.exe
[2013/07/30 20:04:35 | 002,004,104 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00004447\dao.16557018.exe
[2013/07/27 11:25:52 | 003,348,336 | ---- | M] (Caixa Econômica Federal                                     ) -- C:\ProgramData\Temp\gbpcefdefault.exe
[2013/07/17 18:39:28 | 004,897,016 | ---- | M] (                                                            ) -- C:\ProgramData\Temp\gbplugin_ie_bb_setup.exe
[2013/07/17 18:39:17 | 002,790,968 | ---- | M] (GAS Tecnologia                                              ) -- C:\ProgramData\Temp\sf.exe
 
< %programdata%\*.dll /s >
[2013/03/17 21:39:14 | 000,499,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll
[2013/02/18 21:05:06 | 000,939,008 | ---- | M] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\ProgramData\MFAData\SelfUpd\htmlayout.dll
[2012/07/26 05:11:35 | 000,020,248 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll
[2013/07/06 12:27:22 | 000,022,240 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
[2013/06/12 00:08:52 | 009,552,976 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBC36455-2DB8-44B3-8AAB-3D14CD9E52A1}\mpengine.dll
[2013/06/12 00:08:52 | 009,552,976 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
[2013/07/30 13:02:40 | 000,818,264 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\ApplicationOntology\Ontology.dll
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2012/07/26 00:20:46 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2012/07/26 00:18:34 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
[2012/10/08 22:08:48 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
[2012/07/26 00:18:36 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2012/07/26 00:20:47 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2012/07/26 00:20:47 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2013/02/21 07:29:37 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2013/06/11 20:42:58 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2013/02/21 08:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/07/26 00:18:47 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2013/04/28 19:30:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2012/07/26 00:18:47 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2012/07/26 00:18:47 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2012/06/21 16:03:37 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2012/07/26 00:19:24 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
[2012/06/21 16:03:37 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2012/06/21 16:03:37 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
[2012/07/26 00:19:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
 
< C:\windows\system32\Tasks\*.* /64 >
[2013/07/12 21:26:39 | 000,003,190 | ---- | M] () -- C:\Windows\SysNative\Tasks\0
[2013/07/12 21:26:40 | 000,003,288 | ---- | M] () -- C:\Windows\SysNative\Tasks\4817
[2013/07/14 10:19:01 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Adobe Flash Player Updater
[2013/07/13 10:38:33 | 000,003,810 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore
[2013/07/13 10:38:34 | 000,004,046 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA
[2013/08/01 15:15:43 | 000,004,982 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft Office 15 Sync Maintenance for MM-manoel MM
[2013/08/01 18:04:11 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-237971141-3245003879-1109622991-1001
[2013/07/31 08:35:44 | 000,004,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Plus-HD-2.5-chromeinstaller
[2013/07/31 08:36:12 | 000,004,210 | ---- | M] () -- C:\Windows\SysNative\Tasks\Plus-HD-2.5-codedownloader
[2013/07/31 08:36:16 | 000,004,110 | ---- | M] () -- C:\Windows\SysNative\Tasks\Plus-HD-2.5-enabler
[2013/07/31 08:35:47 | 000,004,842 | ---- | M] () -- C:\Windows\SysNative\Tasks\Plus-HD-2.5-firefoxinstaller
[2013/07/31 08:36:22 | 000,004,206 | ---- | M] () -- C:\Windows\SysNative\Tasks\Plus-HD-2.5-updater
[2012/07/26 04:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/07/06 12:33:59 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/07/06 12:33:59 | 000,001,074 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/07/06 13:20:45 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/07/31 08:35:42 | 000,001,914 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.5-chromeinstaller.job
[2013/07/31 08:35:46 | 000,001,838 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.5-firefoxinstaller.job
[2013/07/31 08:36:11 | 000,001,206 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.5-codedownloader.job
[2013/07/31 08:36:13 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.5-enabler.job
[2013/07/31 08:36:18 | 000,001,202 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.5-updater.job
 
< %windir%\tasks\*.* /s >
[2013/08/01 17:22:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 15:04:40 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/01 17:43:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/01 15:04:40 | 000,001,914 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-chromeinstaller.job
[2013/08/01 15:04:39 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-codedownloader.job
[2013/08/01 15:04:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-enabler.job
[2013/08/01 15:04:40 | 000,001,838 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-firefoxinstaller.job
[2013/08/01 15:04:40 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-updater.job
[2013/08/01 15:04:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
"SavedLegacySettings" = 46 00 00 00 EE 01 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< Net User /c >
Contas de usu rio para \\MM
-------------------------------------------------------------------------------
Administrador            Convidado                manoel                   
UpdatusUser              
Comando conclu¡do com ˆxito.
 
< MD5 for: SERVICES  >
[2013/07/13 17:51:13 | 000,093,503 | ---- | M] () MD5=4FC0D2C666D557BC6A163489A1EB4895 -- C:\Users\manoel\AppData\Roaming\Microsoft\MMC\services
[2012/07/26 02:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.DAT  >
[2013/07/29 04:23:09 | 000,002,235 | ---- | M] () MD5=3F56F15AB110188F78E3DCE876FC707E -- C:\Users\manoel\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2012/09/20 03:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/07/26 02:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012/09/20 03:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012/09/20 03:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012/07/26 07:32:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=A6B8EA653402C5797EE78C3AF4AE619E -- C:\Windows\SysNative\pt-BR\services.exe.mui
[2012/07/26 07:32:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=A6B8EA653402C5797EE78C3AF4AE619E -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_pt-br_c46325001c6d6157\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/07/07 15:14:10 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.300_x64__8wekyb3d8bbwe\common\js\services.js
[2013/07/07 15:07:29 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.273_x64__8wekyb3d8bbwe\common\js\services.js
[2013/07/07 15:18:02 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\common\js\services.js
[2013/07/07 15:02:12 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.274_x64__8wekyb3d8bbwe\common\js\services.js
[2013/07/07 15:16:04 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.288_x64__8wekyb3d8bbwe\common\js\services.js
[2012/07/26 07:39:54 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 07:39:38 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 07:39:34 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 07:40:39 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 07:39:44 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2012/07/25 17:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 17:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 17:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 17:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012/06/02 11:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/02 11:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012/06/02 11:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/06/02 11:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/06/02 11:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 11:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 07:33:03 | 000,092,751 | ---- | M] () MD5=AE2E9FF8D876FC369E4FAC4EEF60F433 -- C:\Windows\SysNative\pt-BR\services.msc
[2012/07/26 07:33:03 | 000,092,751 | ---- | M] () MD5=AE2E9FF8D876FC369E4FAC4EEF60F433 -- C:\Windows\SysWOW64\pt-BR\services.msc
[2012/07/26 07:33:03 | 000,092,751 | ---- | M] () MD5=AE2E9FF8D876FC369E4FAC4EEF60F433 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_pt-br_fea4f4ebf2d6fb4a\services.msc
[2012/07/26 07:33:03 | 000,092,751 | ---- | M] () MD5=AE2E9FF8D876FC369E4FAC4EEF60F433 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_pt-br_a28659683a798a14\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012/07/25 17:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/25 17:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
 
< End of report >

Arquivo(s) anexado(s)



#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.447 posts

Ok,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{75D20CB5-6EE7-4A68-9CD7-2B994E102F7B}: "URL" = http://www.google.co...search?hl=en&q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "webwebweb"
[2013/07/31 08:35:54 | 000,000,000 | ---D | M] ("Plus-HD-2.5") -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com
CHR - Extension: Plus-HD-2.5 = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\crossrider
CHR - Extension: Plus-HD-2.5 = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\
[2013/07/31 08:36:28 | 000,000,000 | ---D | M] ("FoodBuzz") -- C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}
CHR - Extension: FoodBuzz = C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fliacamcdcfemghfnaekoojeliaifleg\9.0_0\
O2:64bit: - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader64.dll ()
O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll ()
O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
O32 - AutoRun File - [2011/12/13 18:04:47 | 000,000,175 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell - "" = AutoRun
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell\AutoRun\command - "" = K:\SETUP.EXE -- [2012/10/01 21:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell\configure\command - "" = K:\setup.exe -- [2012/10/01 21:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\Shell\install\command - "" = K:\setup.exe -- [2012/10/01 21:25:32 | 000,214,664 | R--- | M] (Microsoft Corporation)
[2013/07/31 08:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.5
[2013/07/31 08:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoodBuzz
[2013/07/31 08:35:24 | 000,000,000 | ---D | C] -- C:\Users\manoel\AppData\Local\emaze
[2013/07/28 17:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownLite
[2013/07/27 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/07/27 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
[2013/07/27 13:23:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security
[2013/08/01 15:04:40 | 000,001,914 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-chromeinstaller.job
[2013/08/01 15:04:40 | 000,001,838 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-firefoxinstaller.job
[2013/08/01 15:04:40 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-updater.job
[2013/08/01 15:04:39 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-codedownloader.job
[2013/08/01 15:04:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.5-enabler.job
[2013/07/12 21:26:39 | 000,003,190 | ---- | M] () -- C:\Windows\SysNative\Tasks\0
[2013/07/12 21:26:40 | 000,003,288 | ---- | M] () -- C:\Windows\SysNative\Tasks\4817

:files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.



#9
studiopontocom

studiopontocom

    Novato

  • Membro
  • Pip
  • 42 posts

Boa noite!

 

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75D20CB5-6EE7-4A68-9CD7-2B994E102F7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75D20CB5-6EE7-4A68-9CD7-2B994E102F7B}\ not found.
Prefs.js: "webwebweb" removed from browser.search.selectedEngine
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\skin folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\locale\en-US folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\locale folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\defaults\preferences folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\defaults folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\chrome\content\extensionCode folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\chrome\content\core folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\chrome\content\api folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\chrome\content folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\chrome folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com folder moved successfully.
File C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\crossrider not found.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\js\lib\popupResource folder moved successfully.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\js\lib folder moved successfully.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\js\app folder moved successfully.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\js\api folder moved successfully.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\js folder moved successfully.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\icons\actions folder moved successfully.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0\icons folder moved successfully.
C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.23.16_0 folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}\skin folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}\locale\en-US folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}\locale folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}\defaults\preferences folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}\defaults folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}\chrome\content folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}\chrome folder moved successfully.
C:\Users\manoel\AppData\Roaming\mozilla\Firefox\Profiles\m4pds8ar.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25} folder moved successfully.
File C:\Users\manoel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fliacamcdcfemghfnaekoojeliaifleg\9.0_0 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195}\ deleted successfully.
C:\Program Files (x86)\FoodBuzz\Extension\adxloader64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195}\ deleted successfully.
C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FoodBuzzUpdate deleted successfully.
C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe moved successfully.
File move failed. K:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ not found.
File move failed. K:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ not found.
File move failed. K:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d587640f-e9c2-11e2-be6e-d43d7ec20e3c}\ not found.
File move failed. K:\setup.exe scheduled to be moved on reboot.
C:\Program Files (x86)\Plus-HD-2.5 folder moved successfully.
C:\Program Files (x86)\FoodBuzz\Update folder moved successfully.
C:\Program Files (x86)\FoodBuzz\Extension folder moved successfully.
C:\Program Files (x86)\FoodBuzz folder moved successfully.
C:\Users\manoel\AppData\Local\emaze folder moved successfully.
C:\Program Files (x86)\DownLite folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.6.0.35848\sysopt folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.6.0.35848\Run\Disable folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.6.0.35848\Run folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.6.0.35848\Plugins\Plugin.LeakRepair\Hotfix folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.6.0.35848\Plugins\Plugin.LeakRepair folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.6.0.35848\Plugins folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster\3.6.0.35848 folder moved successfully.
C:\ProgramData\Baidu Security\PC Faster folder moved successfully.
C:\ProgramData\Baidu Security folder moved successfully.
C:\Program Files (x86)\Baidu Security\PC Faster\3.6.0.35848 folder moved successfully.
C:\Program Files (x86)\Baidu Security\PC Faster folder moved successfully.
C:\Program Files (x86)\Baidu Security\Cloud Security folder moved successfully.
C:\Program Files (x86)\Baidu Security folder moved successfully.
C:\Users\Public\Documents\Baidu Security\PC Faster\3.6.0.35848\log folder moved successfully.
C:\Users\Public\Documents\Baidu Security\PC Faster\3.6.0.35848 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\PC Faster folder moved successfully.
C:\Users\Public\Documents\Baidu Security folder moved successfully.
C:\Windows\Tasks\Plus-HD-2.5-chromeinstaller.job moved successfully.
C:\Windows\Tasks\Plus-HD-2.5-firefoxinstaller.job moved successfully.
C:\Windows\Tasks\Plus-HD-2.5-updater.job moved successfully.
C:\Windows\Tasks\Plus-HD-2.5-codedownloader.job moved successfully.
C:\Windows\Tasks\Plus-HD-2.5-enabler.job moved successfully.
C:\Windows\SysNative\Tasks\0 moved successfully.
C:\Windows\SysNative\Tasks\4817 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Downloads\Software\cmd.bat deleted successfully.
C:\Downloads\Software\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: manoel
->Temp folder emptied: 456422441 bytes
->Temporary Internet Files folder emptied: 29296580 bytes
->Java cache emptied: 3464 bytes
->FireFox cache emptied: 234183335 bytes
->Google Chrome cache emptied: 63053312 bytes
->Flash cache emptied: 45238 bytes
 
User: Public
 
User: Todos os Usuários
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41156552 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1411635549 bytes
 
Total Files Cleaned = 2.132,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08032013_175241
 
Files\Folders moved on Reboot...
File\Folder K:\autorun.inf not found!
File\Folder K:\setup.exe not found!
C:\Users\manoel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 

Logfile of HijackThis v1.99.1
Scan saved at 17:59:59, on 03/08/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Downloads\Software\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmrede.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMS Server Service (KMSEmulator) - Unknown owner - C:\ProgramData\KMSAuto\KMSES.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 
Obrigado!


#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.447 posts

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#11
studiopontocom

studiopontocom

    Novato

  • Membro
  • Pip
  • 42 posts

Boa tarde!

 

C:\Users\All Users\KMSAuto\KMSES.exe a variant of Win32/HackTool.KMSAuto.A application
C:\Users\Todos os Usuários\KMSAuto\KMSES.exe a variant of Win32/HackTool.KMSAuto.A application
C:\Downloads\ADOBE_FIREWORKS_CS6_[thethingy].exe multiple threats cleaned by deleting - quarantined
C:\Downloads\Software\SaveAs.brazil.exe a variant of Win32/4Shared.F application cleaned by deleting - quarantined
C:\Program Files (x86)\hosts\Uninstall.exe a variant of Win32/Packed.VMDetector.A application cleaned by deleting - quarantined
C:\ProgramData\KMSAuto\KMSES.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting (after the next restart) - quarantined
C:\Users\manoel\Desktop\PDFCreator-1_6_2_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\manoel\Downloads\45-DTLite4471-0335.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\manoel\Downloads\ATIV.2 OFC2013 By Adornelas.rar Win32/HackTool.KMSAuto.A application deleted - quarantined
C:\Users\manoel\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\manoel\Downloads\ATIV.2 OFC2013 By Adornelas\ATIV.2 OFC2013 By Adornelas\ARQUIVOS\KMSAuto.exe Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined
C:\Users\manoel\Downloads\KMSv6.1downlaodsfull.rar (1)\KMSv6.1downlaodsfull.rar (1).exe Win32/InstalleRex.J application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08032013_175241\C_Program Files (x86)\Plus-HD-2.5\utils.exe a variant of Win32/Packed.VMDetector.A application cleaned by deleting - quarantined
F:\Imagens\hd_rec\desktop\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
F:\Novo volume\Downloads\msn-messenger-2012-1643505912-baixaki-32-bits.exe a variant of Win32/InstallCore.BC application cleaned by deleting - quarantined
F:\Novo volume\Downloads\PDFCreatorSetup (1).exe a variant of Win32/InstallCore.BB application cleaned by deleting - quarantined
F:\Novo volume\Downloads\PDFCreatorSetup.exe a variant of Win32/InstallCore.BB application cleaned by deleting - quarantined
F:\Novo volume\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.BQ application cleaned by deleting - quarantined
F:\Novo volume\Downloads\SoftonicDownloader_para_doro-pdf-writer.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
F:\Novo volume\Downloads17-07-13\Software\spybot--search-&-destroy-162-superdownloads-32-bits.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
F:\Novo volume\Downloads17-07-13\Software\varicad-viewer-2013103-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
F:\Programas\Adobe\Adobe Dreamweaver cs5 + Crack\Dreamweaver CS5 Crack\patch.bat BAT/HostsChanger.A application cleaned by deleting - quarantined
F:\Programas\conversor audio amr m4a\MediaCoder2011-x64-R9-5196\MediaCoder2011-x64-R9-5196.exe Win32/OpenCandy application cleaned by deleting - quarantined
F:\Programas\Fake Webcam 6.1.3\Fake Webcam 6.1.3\Fake Webcam 6.1.3.rar a variant of Win32/Keygen.EM application deleted - quarantined
F:\Programas\Fake Webcam 6.1.3\Fake Webcam 6.1.3\Fake Webcam 6.1.3\Keygen.rar a variant of Win32/Keygen.EM application deleted - quarantined
F:\Programas\hyperSnap\01\Hyperionics.Hypersnap.v6.70.Patch-Bahman.rar Win32/HackTool.Patcher.A application deleted - quarantined
F:\Programas\hyperSnap\01\HyperSnap 6 patch-Admin.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
F:\Programas\imprimirPdf\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\Programas\Magic Camera 7.1.0\MCSetup.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
F:\Programas\Office_2010_64\Active Office 2010\Active Office 2010.rar a variant of MSIL/HackKMS.A application deleted - quarantined
F:\Programas\Office_2010_64\Active Office 2010\Active Office 2010\Active Office 2010.exe a variant of MSIL/HackKMS.A application cleaned by deleting - quarantined
F:\Programas\Windows.7.ULTIMATE.x86.x64\Windows.7.Loader.eXtreme.Edition.v3.503-NAPALUM.zip Win32/HackTool.WinActivator.J application deleted - quarantined
F:\Sites 2013\anjosdoorkut.com.br.rar PHP/WebShell.NAL trojan deleted - quarantined
F:\Sites 2013\anjosdoorkut.com.br.zip PHP/WebShell.NAL trojan deleted - quarantined
F:\Sites 2013\lourivalreis.com.br.zip PHP/C99Shell.NAG trojan deleted - quarantined
F:\Sites 2013\sonhosecoresfestas.com.br.zip PHP/Kryptik.AB trojan deleted - quarantined
F:\Sites 2013\anjosdoorkut.com.br\amor\psimass.php PHP/WebShell.NAL trojan cleaned by deleting - quarantined
F:\Sites 2013\lourivalreis.com.br\cs4.php PHP/C99Shell.NAG trojan cleaned by deleting - quarantined
F:\Sites 2013\sonhosecoresfestas.com.br\wp-content\plugins\gallery-plugin-pro\thumb.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
F:\Tutoriais\curso cantasia\Codecs\DIVX\DivXPro5GAINBundle.exe Win32/Adware.Gator.Trickler application cleaned by deleting - quarantined
F:\Tutoriais\Script\site.zip JS/Kryptik.AMG trojan deleted - quarantined
 
 
 
Logfile of HijackThis v1.99.1
Scan saved at 14:52:27, on 04/08/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Downloads\Software\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmrede.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMS Server Service (KMSEmulator) - Unknown owner - C:\ProgramData\KMSAuto\KMSES.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 
 
Obrigado!


#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.447 posts

Ok,

 

Os logs estão limpos. :)

 

Para finalizar:

  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u25.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.25 MB jre-7u25-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u25-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:



#13
studiopontocom

studiopontocom

    Novato

  • Membro
  • Pip
  • 42 posts

Boa noite, obrigado pela ajuda, sua atenção dispensada foi muito importante para o sucesso da minha demanda.



#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.447 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.