Ir para conteúdo

Foto

Não consigo excluir página portal do sites


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
16 respostas neste tópico

#1
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts
Boa tarde a todos!
Ontem tentei instalar um programinha chamado "Folders Colorized". Como ele funcionava por 30 segundos e travava, tentei instalar de outros lugares. Instalei pelo Baixaki, pelo Cnet e pelo Softronic, sempre desinstalando o anterior antes.
Bem, não em que momento foi mas toda a minha configuração dos navegadores foi alterada. 
- Página inicial agora é http://www.portaldos...9&ts=1379251697
- o mecanismo de busca do yahoo, 
- e a nova guia de uma extensão (Chrome) "Lightning Newtab". 
 
Embora eu consiga deletar a extensão e restaurar o motor de busca, não consigo reverter a página inicial. Até consigo mudar nas configurações do Chrome mas na prática ela continua aparecendo.
 
Desde já agradeço a ajuda.
 
Seguem os logs do Malwarebytes Anti-Malware e do Hijackthis. 

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts

Olá cintialeme,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
    http://www.linhadefe...egras-do-forum/
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Se em algum momento da análise ficar constatado que trata-se de um PC de empresa, o tópico será sumariamente fechado e sem possibilidade de reabertura.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Peço que leia as instruções para usar a área Remoção de Vírus:
http://www.linhadefe...mocao-de-virus/

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta colocando o log do HijackThis, MbrScan e FSS de acordo com as instruções presentes na página que lhe passei acima.

 

Qualquer dúvida é só perguntar.



#3
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts

ok, seguem os logs solicitados:

Arquivo(s) anexado(s)



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts

Ok,

 

Execute os procedimentos abaixo:
 

1)

 

Baixe o Shortcut Cleaner e salve no desktop.
http://www.bleepingc...ortcut-cleaner/

Execute o arquivo sc-cleaner.exe
*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo sc-cleaner.exe, depois clique em execadmin.png.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

 

2)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

3)

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.



#5
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts

Ok, aqui vai:

 

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 
Windows Version: Windows 7 Ultimate Service Pack 1
Program started at: 09/15/2013 05:27:06 PM.
 
Scanning for registry hijacks:
 
 * No issues found in the Registry.
 
Searching for Hijacked Shortcuts:
 
Searching C:\Users\Cintia\AppData\Roaming\Microsoft\Windows\Start Menu\
 
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
 
Searching C:\Users\Cintia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 
Searching C:\Users\Public\Desktop\
 
Searching C:\Users\Cintia\Desktop
 
 
0 bad shortcuts found.
 
Program finished at: 09/15/2013 05:27:07 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
 
 
 
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 17:13:42
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Cintia - CINTIA-PC
# Executando de : C:\Users\Cintia\Downloads\Programas\Segurança\adwcleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
[#] Serviço Deletado : DPService
 
***** [ Arquivos / Pastas ] *****
 
[!] Pasta Deletado : C:\Users\Cintia\AppData\Local\DProtect
 
***** [ Atalhos ] *****
 
Atalho Desinfectada : C:\Users\Cintia\Desktop\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Cintia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Cintia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Cintia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Cintia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Cintia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Cintia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Cintia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registro ] *****
 
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0038094.BHO
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0038094.BHO.1
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0038094.Sandbox
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0038094.Sandbox.1
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311801194}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322802294}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355805594}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366806694}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344804494}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311801194}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311801194}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deleteda : HKCU\Software\InstalledBrowserExtensions
Chave Deleteda : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deleteda : HKLM\Software\portaldositesSoftware
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v
 
[ Arquivo : C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleteda : homepage
Deleteda : search_url
Deleteda : keyword
Deleteda : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [9335 octets] - [15/09/2013 00:11:18]
AdwCleaner[R1].txt - [5977 octets] - [15/09/2013 12:45:25]
AdwCleaner[R2].txt - [5982 octets] - [15/09/2013 17:13:03]
AdwCleaner[S0].txt - [7981 octets] - [15/09/2013 00:14:10]
AdwCleaner[S1].txt - [3981 octets] - [15/09/2013 13:25:07]
AdwCleaner[S2].txt - [3850 octets] - [15/09/2013 17:13:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3910 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Ultimate x86
Ran by Cintia on 15/09/2013 at 17:19:19,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/09/2013 at 17:21:22,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
  • Usar SafeList em Exame Extra do Registro

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%appdata%\*.*
%windir%\tasks\*.* /s
%systemroot%\system32\tasks\*.*
%PROGRAMFILES%\Internet Explorer\*.*

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
Net User /c
/md5start
services.*
/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#7
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts

Aqui estão os logs:

 

OTL logfile created on: 15/09/2013 18:22:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cintia\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,99 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 50,02% Memory free
5,98 Gb Paging File | 4,05 Gb Available in Paging File | 67,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,22 Gb Total Space | 116,61 Gb Free Space | 50,65% Space Free | Partition Type: NTFS
 
Computer Name: CINTIA-PC | User Name: Cintia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/15 18:19:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cintia\Desktop\OTL.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/12 19:55:10 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/01 15:39:30 | 000,410,440 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 02:40:57 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgcfgex.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2006/01/24 23:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/02 17:35:56 | 000,410,576 | ---- | M] () -- C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
MOD - [2013/09/02 17:35:55 | 013,599,184 | ---- | M] () -- C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 17:35:54 | 004,053,456 | ---- | M] () -- C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 17:35:04 | 000,709,584 | ---- | M] () -- C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 17:35:03 | 000,099,792 | ---- | M] () -- C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 17:35:01 | 001,604,560 | ---- | M] () -- C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2011/10/21 16:31:08 | 000,110,592 | ---- | M] () -- C:\Arquivos de Programas\Folder Colorizer\FolderColorShlExt.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013/09/13 23:58:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/07/01 15:39:30 | 000,410,440 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/27 23:52:59 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2013/01/18 23:32:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013/09/15 17:15:28 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2013/09/15 17:15:28 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 15:40:10 | 000,047,688 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/09 03:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/11/20 09:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 09:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 09:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 06:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 06:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 19:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 19:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/02/23 01:30:00 | 000,391,300 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 12 66 C0 FC F4 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{90D92A17-FA21-42E0-B204-1CEB2E51D61F}: "URL" = http://www.google.co...search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cintia\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cintia\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/abn: C:\Users\Cintia\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cintia\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Banco Santander (Brasil) S.A. (Disabled) = C:\Users\Cintia\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - Extension: Google Translate = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: GBBD Banco Santander (Brasil) S.A. = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface\3.2.0_0\
CHR - Extension: Google Docs = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ultra Downloads Notifier = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbdnpbkbcnlgddopkdpjignbjhiobhk\1.24.43_0\crossrider
CHR - Extension: Ultra Downloads Notifier = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbdnpbkbcnlgddopkdpjignbjhiobhk\1.24.43_0\
CHR - Extension: Pesquisa do Google = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0\
CHR - Extension: Superinteressante = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\degpihaammlmlmgcddhlnfebfcjlbjnk\1.3.1_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Lightning Newtab = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.5.2_0\
CHR - Extension: Desprotetor de Links = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\2.0.0_0\
CHR - Extension: Shareaholic for Pinterest = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc\2.0.2_0\
CHR - Extension: Translator (All Languages) = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkohkdahffmjhcehilamblbpnjpmlo\5.7_0\
CHR - Extension: Crackle Brazil = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lflobbippdgfecmbdgjdejahlimggpef\1.0.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/01/20 12:10:22 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A9E8369-45E9-4F7D-BD90-C7708A6C932A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Users\Cintia\AppData\Local\DProtect\eBP.dll) -  File not found
O20 - AppInit_DLLs: (C:\Users\Cintia\AppData\Local\DProtect\eBPSD.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\Shell - "" = AutoRun
O33 - MountPoints2\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/09/15 18:19:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cintia\Desktop\OTL.exe
[2013/09/15 17:30:14 | 000,000,000 | ---D | C] -- C:\Users\Cintia\Desktop\Atalhos
[2013/09/15 17:19:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/15 17:17:37 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\Cintia\Desktop\JRT.exe
[2013/09/15 17:11:46 | 000,406,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Cintia\Desktop\sc-cleaner.exe
[2013/09/15 16:36:01 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\Cintia\Desktop\FSS.exe
[2013/09/15 16:34:06 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\Cintia\Desktop\MbrScan.exe
[2013/09/15 16:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Downloads Notifier
[2013/09/15 13:55:00 | 000,000,000 | ---D | C] -- C:\HijackThis
[2013/09/15 10:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security
[2013/09/15 10:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Marcos Velasco Security
[2013/09/15 10:24:26 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Local\DProtect
[2013/09/15 00:11:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/14 23:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Colorizer
[2013/09/14 23:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Folder Colorizer
[2013/09/14 23:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Horizon
[2013/09/14 21:59:20 | 000,031,088 | ---- | C] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/09/14 21:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Roaming\FolderColorize
[2013/09/14 13:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Super Tela
[2013/09/13 09:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/12 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Cintia\Documents\Oliveira Shopping
[2013/09/12 14:46:01 | 000,000,000 | ---D | C] -- C:\Users\Cintia\Documents\Justiça
[2013/09/11 12:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/09/05 00:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013/09/05 00:56:04 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detectar Aplicação
[2013/09/05 00:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2013/09/05 00:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2013/09/05 00:55:37 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Roaming\Winamp
[2013/09/05 00:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013/09/04 09:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/08/19 18:38:32 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Local\Audiggle_LTD
[2013/08/19 18:35:45 | 000,000,000 | ---D | C] -- C:\Users\Cintia\Documents\Audiggle
[2013/08/19 18:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiggle
[2013/08/19 18:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Audiggle
[2013/08/09 11:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2013/08/09 11:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2013/08/09 11:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/08/02 12:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/31 03:54:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/19 16:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2013/07/19 16:35:59 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2013/07/19 16:11:10 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2013/07/19 16:11:10 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2013/07/19 16:11:10 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2013/07/19 16:11:10 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2013/07/19 16:11:10 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2013/07/19 16:11:10 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2013/07/19 16:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2013/07/19 16:09:50 | 000,000,000 | ---D | C] -- C:\Users\Cintia\Documents\Achou baixou - Downloads
[2013/07/19 16:09:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\ilib
[2013/07/15 21:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/15 21:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/15 20:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2013/07/15 19:07:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Cintia\AppData\Roaming\pcouffin.sys
[2013/07/15 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Roaming\Vso
[2013/07/15 19:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2013/07/04 20:29:11 | 000,049,152 | ---- | C] (Vimicro) -- C:\Windows\vmsnap3.exe
[2013/07/04 20:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4 TECH PC Camera H
[2013/07/04 20:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro
[2013/07/04 20:27:33 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Roaming\InstallShield
[2013/07/01 01:45:28 | 000,096,568 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2013/06/24 23:32:34 | 000,000,000 | ---D | C] -- C:\Users\Cintia\Documents\ibarevistas
[2013/06/24 23:32:22 | 000,000,000 | ---D | C] -- C:\Users\Cintia\Documents\FolioCache
[2013/06/24 23:32:17 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Roaming\br.com.iba.magazinesdesktop
[2013/06/24 23:32:08 | 000,000,000 | ---D | C] -- C:\Users\Cintia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iba
[2013/06/22 20:25:13 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/22 20:24:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/22 20:24:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/22 20:24:57 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/22 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 90 Days ==========
 
[2013/09/15 18:19:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cintia\Desktop\OTL.exe
[2013/09/15 18:00:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/15 17:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/15 17:27:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3659378681-4225748478-437829931-1000UA.job
[2013/09/15 17:23:18 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/15 17:23:18 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/15 17:17:39 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\Cintia\Desktop\JRT.exe
[2013/09/15 17:16:47 | 000,001,533 | ---- | M] () -- C:\Users\Cintia\Desktop\Google Chrome.lnk
[2013/09/15 17:15:36 | 000,001,376 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-updater.job
[2013/09/15 17:15:35 | 000,002,002 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-chromeinstaller.job
[2013/09/15 17:15:35 | 000,001,280 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-codedownloader.job
[2013/09/15 17:15:35 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/15 17:15:34 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-enabler.job
[2013/09/15 17:15:28 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/09/15 17:15:28 | 000,010,266 | ---- | M] () -- C:\Windows\System32\drivers\ndisrd.cat
[2013/09/15 17:15:28 | 000,003,641 | ---- | M] () -- C:\Windows\System32\drivers\ndisrd.inf
[2013/09/15 17:15:28 | 000,001,814 | ---- | M] () -- C:\Windows\System32\drivers\ndisrd_m.inf
[2013/09/15 17:15:28 | 000,001,402 | ---- | M] () -- C:\Windows\System32\drivers\gas.cer
[2013/09/15 17:15:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/15 17:15:09 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/15 17:11:47 | 000,406,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Cintia\Desktop\sc-cleaner.exe
[2013/09/15 16:36:02 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\Cintia\Desktop\FSS.exe
[2013/09/15 16:35:12 | 000,000,512 | ---- | M] () -- C:\Users\Cintia\Desktop\Dump_Hdd0_DR0.mbr
[2013/09/15 16:34:06 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\Cintia\Desktop\MbrScan.exe
[2013/09/15 01:27:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3659378681-4225748478-437829931-1000Core.job
[2013/09/13 23:57:55 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/13 23:57:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/13 23:42:55 | 000,088,794 | ---- | M] () -- C:\Users\Cintia\Desktop\acordo_Caixa2012.pdf
[2013/09/12 14:46:21 | 000,100,892 | ---- | M] () -- C:\Users\Cintia\Documents\Gmail - Confirmação do pedido_ #16642.pdf
[2013/09/12 10:09:12 | 000,408,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/08/21 23:06:54 | 000,154,108 | ---- | M] () -- C:\Users\Cintia\Documents\texto_163275999.pdf
[2013/08/20 17:19:26 | 000,351,580 | ---- | M] () -- C:\Users\Cintia\Documents\linha7-projetoME-Sousa.pdf
[2013/08/15 10:21:27 | 000,663,804 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/08/15 10:21:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 10:21:27 | 000,128,094 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/08/15 10:21:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/02 12:02:29 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\ Google Earth.lnk
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/19 21:16:28 | 000,045,873 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\unins000.dat
[2013/07/19 21:16:22 | 000,706,250 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\unins000.exe
[2013/07/19 16:36:05 | 000,087,608 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\inst.exe
[2013/07/19 16:36:05 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Cintia\AppData\Roaming\pcouffin.sys
[2013/07/19 16:36:05 | 000,007,887 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\pcouffin.cat
[2013/07/19 16:36:05 | 000,001,144 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\pcouffin.inf
[2013/07/19 16:28:23 | 000,001,057 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\vso_ts_preview.xml
[2013/07/01 15:40:10 | 000,047,688 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\gbpkm.sys
[2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2013/06/24 23:32:08 | 000,000,330 | ---- | M] () -- C:\Users\Cintia\Desktop\iba revistas.appref-ms
[2013/06/22 20:24:49 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/06/22 20:24:49 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/06/22 20:24:49 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/22 20:24:49 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/22 20:24:49 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/22 20:24:49 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
 
========== Files Created - No Company Name ==========
 
[2013/09/15 17:15:28 | 000,010,266 | ---- | C] () -- C:\Windows\System32\drivers\ndisrd.cat
[2013/09/15 17:15:28 | 000,003,641 | ---- | C] () -- C:\Windows\System32\drivers\ndisrd.inf
[2013/09/15 17:15:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\drivers\ndisrd_m.inf
[2013/09/15 17:15:28 | 000,001,402 | ---- | C] () -- C:\Windows\System32\drivers\gas.cer
[2013/09/15 16:34:23 | 000,000,512 | ---- | C] () -- C:\Users\Cintia\Desktop\Dump_Hdd0_DR0.mbr
[2013/09/15 16:11:22 | 000,001,376 | ---- | C] () -- C:\Windows\tasks\Ultra Downloads Notifier-updater.job
[2013/09/15 16:11:17 | 000,001,180 | ---- | C] () -- C:\Windows\tasks\Ultra Downloads Notifier-enabler.job
[2013/09/15 16:11:13 | 000,001,280 | ---- | C] () -- C:\Windows\tasks\Ultra Downloads Notifier-codedownloader.job
[2013/09/15 16:11:03 | 000,002,002 | ---- | C] () -- C:\Windows\tasks\Ultra Downloads Notifier-chromeinstaller.job
[2013/09/13 23:42:54 | 000,088,794 | ---- | C] () -- C:\Users\Cintia\Desktop\acordo_Caixa2012.pdf
[2013/09/12 14:46:21 | 000,100,892 | ---- | C] () -- C:\Users\Cintia\Documents\Gmail - Confirmação do pedido_ #16642.pdf
[2013/08/21 23:06:54 | 000,154,108 | ---- | C] () -- C:\Users\Cintia\Documents\texto_163275999.pdf
[2013/08/20 17:19:26 | 000,351,580 | ---- | C] () -- C:\Users\Cintia\Documents\linha7-projetoME-Sousa.pdf
[2013/08/02 12:02:29 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\ Google Earth.lnk
[2013/07/19 16:13:53 | 000,001,057 | ---- | C] () -- C:\Users\Cintia\AppData\Roaming\vso_ts_preview.xml
[2013/07/15 19:07:34 | 000,087,608 | ---- | C] () -- C:\Users\Cintia\AppData\Roaming\inst.exe
[2013/07/15 19:07:34 | 000,007,887 | ---- | C] () -- C:\Users\Cintia\AppData\Roaming\pcouffin.cat
[2013/07/15 19:07:34 | 000,001,144 | ---- | C] () -- C:\Users\Cintia\AppData\Roaming\pcouffin.inf
[2013/06/24 23:32:08 | 000,000,330 | ---- | C] () -- C:\Users\Cintia\Desktop\iba revistas.appref-ms
[2013/04/24 21:30:19 | 000,706,250 | ---- | C] () -- C:\Users\Cintia\AppData\Roaming\unins000.exe
[2013/04/24 21:30:19 | 000,045,873 | ---- | C] () -- C:\Users\Cintia\AppData\Roaming\unins000.dat
[2013/04/24 20:01:01 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2013/02/27 23:54:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2013/02/27 22:03:38 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013/01/20 08:50:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/01/20 08:49:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/01/18 20:11:04 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/01/18 20:11:04 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/01/18 20:11:03 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/01/18 20:11:03 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/01/18 20:11:01 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/01/17 18:37:24 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/17 22:15:19 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\AVG2013
[2013/06/24 23:32:28 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\br.com.iba.magazinesdesktop
[2013/03/05 00:42:27 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\Charles
[2013/03/22 21:53:31 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\DesktopCal
[2013/09/14 21:47:42 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\FolderColorize
[2013/04/11 05:11:01 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\PhotoScape
[2013/02/19 04:25:50 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\Sony
[2013/01/17 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\TuneUp Software
[2013/09/15 00:25:30 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\uTorrent
[2013/09/15 10:15:40 | 000,000,000 | ---D | M] -- C:\Users\Cintia\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/09/15 17:15:09 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/15 17:15:09 | 3210,784,768 | -HS- | M] () -- C:\pagefile.sys
 
< %systemdrive%\drivers\*.* /s >
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/08/04 22:56:47 | 000,133,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ataport.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgidshx.sys
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgidsshimx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgldx86.sys
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avglogx.sys
[2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgmfx86.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgrkx86.sys
[2013/09/15 17:15:28 | 000,001,402 | ---- | M] () -- C:\Windows\system32\drivers\gas.cer
[2013/07/01 15:40:10 | 000,047,688 | ---- | M] (GAS Tecnologia) -- C:\Windows\system32\drivers\gbpkm.sys
[2013/09/15 17:15:28 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\system32\drivers\GbpNdisrd.sys
[2013/09/15 17:15:28 | 000,010,266 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.cat
[2013/09/15 17:15:28 | 000,003,641 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.inf
[2013/09/15 17:15:28 | 000,001,814 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd_m.inf
[2013/07/19 16:24:34 | 000,047,360 | ---- | M] (VSO Software) -- C:\Windows\system32\drivers\pcouffin.sys
[2013/07/06 02:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/02/28 10:55:50 | 000,109,280 | ---- | M] () -- C:\Users\Cintia\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2013/01/17 18:13:11 | 000,000,020 | -HS- | M] () -- C:\Users\Cintia\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/09/15 18:27:05 | 007,602,176 | -HS- | M] () -- C:\Users\Cintia\ntuser.dat
 
< %appdata%\*.* >
[2013/07/19 16:36:05 | 000,087,608 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\inst.exe
[2013/07/19 16:36:05 | 000,007,887 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\pcouffin.cat
[2013/07/19 16:36:05 | 000,001,144 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\pcouffin.inf
[2013/07/19 16:36:05 | 000,000,055 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\pcouffin.log
[2013/07/19 16:36:05 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Cintia\AppData\Roaming\pcouffin.sys
[2013/07/19 21:16:28 | 000,045,873 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\unins000.dat
[2013/07/19 21:16:22 | 000,706,250 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\unins000.exe
[2013/07/19 16:28:23 | 000,001,057 | ---- | M] () -- C:\Users\Cintia\AppData\Roaming\vso_ts_preview.xml
 
< %windir%\tasks\*.* /s >
[2013/09/15 17:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/15 17:15:35 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/15 18:00:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/15 01:27:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3659378681-4225748478-437829931-1000Core.job
[2013/09/15 18:27:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3659378681-4225748478-437829931-1000UA.job
[2013/01/27 17:18:25 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/09/15 17:15:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/07/12 08:41:11 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2013/09/15 17:15:35 | 000,002,002 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-chromeinstaller.job
[2013/09/15 17:15:35 | 000,001,280 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-codedownloader.job
[2013/09/15 17:15:34 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-enabler.job
[2013/09/15 17:15:36 | 000,001,376 | ---- | M] () -- C:\Windows\tasks\Ultra Downloads Notifier-updater.job
 
< %systemroot%\system32\tasks\*.* >
[2013/09/13 23:58:03 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2013/07/15 21:27:24 | 000,002,774 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC
[2013/07/12 19:55:19 | 000,003,800 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2013/07/12 19:55:20 | 000,004,052 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2013/07/13 01:22:05 | 000,003,658 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3659378681-4225748478-437829931-1000Core
[2013/07/13 01:22:06 | 000,004,054 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3659378681-4225748478-437829931-1000UA
[2013/01/25 06:31:21 | 000,002,708 | ---- | M] () -- C:\Windows\system32\tasks\ROC_REG_JAN_DELETE
[2013/01/17 20:23:10 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\SidebarExecute
[2013/09/15 16:11:05 | 000,005,032 | ---- | M] () -- C:\Windows\system32\tasks\Ultra Downloads Notifier-chromeinstaller
[2013/09/15 16:11:14 | 000,004,310 | ---- | M] () -- C:\Windows\system32\tasks\Ultra Downloads Notifier-codedownloader
[2013/09/15 16:11:19 | 000,004,210 | ---- | M] () -- C:\Windows\system32\tasks\Ultra Downloads Notifier-enabler
[2013/09/15 16:11:24 | 000,004,406 | ---- | M] () -- C:\Windows\system32\tasks\Ultra Downloads Notifier-updater
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2013/03/22 02:41:30 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2013/03/22 02:41:32 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc
[2013/03/22 02:41:29 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe
[2013/03/22 02:41:31 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2013/03/22 02:41:29 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe
[2013/03/22 02:41:28 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
[2013/08/10 00:58:05 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2013/08/10 00:58:06 | 000,236,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
[2010/11/04 23:20:53 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb
[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll
[2013/08/10 01:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/03/22 02:41:30 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2013/08/10 00:58:09 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2013/03/22 02:41:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2013/03/22 02:41:30 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2013/03/22 02:41:31 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll
[2013/03/22 02:41:28 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll
[2013/03/22 02:41:31 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2013/03/22 02:41:31 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll
[2013/08/10 00:58:55 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 7F 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 24 01 80 E9 18 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 3C 31 3C B7 42 E2 AF 99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 90 05 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 24 01 80 E9 18 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 3C 31 3C B7 42 E2 AF 99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< Net User /c >
Contas de usu rio para \\CINTIA-PC
-------------------------------------------------------------------------------
Administrador            Cintia                   Convidado                
Comando conclu¡do com ˆxito.
 
< MD5 for: SERVICES  >
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.ASFX  >
[2013/09/05 11:04:22 | 000,002,586 | ---- | M] () MD5=F6CC4E1BC7DF8CA3D0EA34B84B83C1B0 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B744BA0000000010\11.0.0\services.cfg
[2013/09/05 11:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.CSS  >
[2013/06/28 22:17:14 | 000,003,086 | ---- | M] () MD5=8970BCFBBE53AD2B95D0C74C8F3253B2 -- C:\Users\Cintia\Pictures\AProtestos\Páginas\As multidões nas ruas  como interpretar    Leonardo Boff_files\services.css
 
< MD5 for: SERVICES.DAT  >
[2013/09/15 03:28:22 | 000,002,837 | ---- | M] () MD5=560BBD1ADC4B5BFB6375ACE3F2CAB927 -- C:\Users\Cintia\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 05:30:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui
[2009/07/14 05:30:36 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2013/05/10 23:11:14 | 000,001,183 | ---- | M] () MD5=5997EF058EE9F080CC0EFAFB2F46EA53 -- C:\Users\Cintia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DF7H3RVF\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 05:30:33 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2009/07/14 05:30:33 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 212 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:24C3EFAB_Cef.gbp
 
< End of report >
 

Arquivo(s) anexado(s)



#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts

cintialeme,

 

Faça o download do MiniRegTool e salve no seu desktop.
http://download.blee...MiniRegTool.zip

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo MiniRegTool.exe, depois clique em execadmin.png.

Entre na pasta MiniRegTool que foi criada e dê um duplo-clique no 2a4wmyh.png MiniRegTool.exe.

Marque a opção Search e deixe as checkboxes marcadas como na imagem:

352ixx3.png

Selecione e copie o texto em negrito:

portaldosites

 

Clique em qualquer lugar da caixa branca do MiniRegTool e em seguida clique em Colar.

Clique em a0vseh.png. Aguarde até abrir um bloco de notas com informações.

Este log é salvo na pasta MiniRegTool com o nome de Result.txt.

Selecione, copie e cole o seu conteúdo na sua próxima resposta.



#9
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts
MiniRegTool by Farbar Version:29-11-2012
Ran by Cintia (administrator) on 2013-09-15 at 18:57:48
 
==========================================
Search Result For: "portaldosites"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.7I3WW7W6U3EHTUN6LCFV4IM2YM\shell\open\command]
""=""C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe" http://www.portaldos...9&ts=1379272257"
[HKEY_LOCAL_MACHINE\SOFTWARE\DProtect]
"name"="portaldosites"
[HKEY_LOCAL_MACHINE\SOFTWARE\DProtect]
 
==== End of Search ====


#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts

Ok,
 
Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{90D92A17-FA21-42E0-B204-1CEB2E51D61F}: "URL" = http://www.google.co...search?hl=en&q={searchTerms}
O13 - gopher Prefix: missing
O33 - MountPoints2\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\Shell - "" = AutoRun
O33 - MountPoints2\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\Shell\AutoRun\command - "" = F:\Startme.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.7I3WW7W6U3EHTUN6LCFV4IM2YM\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.7I3WW7W6U3EHTUN6LCFV4IM2YM\shell\open\command]
""="C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\DProtect]

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log


Poste também um novo log do HijackThis



#11
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{90D92A17-FA21-42E0-B204-1CEB2E51D61F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D92A17-FA21-42E0-B204-1CEB2E51D61F}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63c3b2c8-7a53-11e2-bfe6-001f3ad6176a}\ not found.
File F:\Startme.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.7I3WW7W6U3EHTUN6LCFV4IM2YM\shell\open\command\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.7I3WW7W6U3EHTUN6LCFV4IM2YM\shell\open\command\\""|"C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DProtect\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Cintia
->Temp folder emptied: 2169341 bytes
->Temporary Internet Files folder emptied: 133 bytes
->Java cache emptied: 3440424 bytes
->Google Chrome cache emptied: 370520423 bytes
->Flash cache emptied: 511 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3088 bytes
RecycleBin emptied: 74517 bytes
 
Total Files Cleaned = 359,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09162013_125043
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
 
Logfile of HijackThis v1.99.1
Scan saved at 13:00:30, on 16/09/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\notepad.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (VC0303)
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Cintia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Users\Cintia\AppData\Local\DProtect\eBP.dll,C:\Users\Cintia\AppData\Local\DProtect\eBPSD.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 


#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#13
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts
C:\AdwCleaner\Quarantine\C\Users\Cintia\AppData\Local\Temp\eIntaller\04B8D22564BC46c794DC167056DAB10D\eXQ.exe.vir a variant of Win32/ELEX.D application cleaned by deleting - quarantined
C:\Program Files\Ultra Downloads Notifier\utils.exe Win32/Packed.ScrambleWrapper.C application cleaned by deleting - quarantined
C:\Users\Cintia\Desktop\Windows_Loader_v2.2.zip Win32/HackTool.WinActivator.I application deleted - quarantined
C:\Users\Cintia\Downloads\Programas\audiggle-3002-32-bits.exe a variant of Win32/InstallCore.CA.gen application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\cutepdf-writer-3003-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\desktopcal-1131951-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\k-lite-mega-codec-pack-970-baixaki-32-bits.exe a variant of Win32/InstallCore.BC application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\malwarebytes-anti-malware-17501300-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\MV-AntiSpy_40.exe a variant of Win32/UltraDownloads.B application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\MV-Internet-Optimizer_10.exe a variant of Win32/UltraDownloads.B application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\MV-RegClean_69.exe a variant of Win32/UltraDownloads.B application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\MyFolder-Free_10.exe a variant of Win32/UltraDownloads.B application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\PhotoScape_V3.6.3.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\SoftonicDownloader_para_easycleaner.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\SoftonicDownloader_para_folder-colorizer.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\SoftonicDownloader_para_myfolder.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\SoftonicDownloader_para_winamp.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\subtitle-workshop-251-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\supertela5_5_3_pt_br.exe probably a variant of Win32/Downloader.Agent.J application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\teste-de-qi-11-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Cintia\Downloads\Programas\winamp565_full_emusic-7plus_pt-br.exe Win32/OpenCandy application cleaned by deleting - quarantined
 
 
Carlos Turco, o Hijack tem dado uma mensagem antes do scam:
An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error
 
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
 
Windows version: Windows NT 6.01.3505
MSIE version: 9.10.9200.16686
HijackThis version: 1.99.1
 
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
-------------------------------------
 
 
 
Logfile of HijackThis v1.99.1
Scan saved at 19:25:16, on 16/09/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cintia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (VC0303)
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Cintia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Users\Cintia\AppData\Local\DProtect\eBP.dll,C:\Users\Cintia\AppData\Local\DProtect\eBPSD.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 
 
 


#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts
o Hijack tem dado uma mensagem antes do scam:

 

Devido não ter executado o programa como administrador.

 

Informe se o problema inicial continua.

 

 

 

 

 



#15
cintialeme

cintialeme

    Novato

  • Membro
  • Pip
  • 18 posts

Carlos Turco, parece que, finalmente, voltou ao normal.

 

Muito obrigada pela ajuda, eu não teria conseguido sozinha.



#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.895 posts

Ok,

 

Para finalizar:

  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • iconjava.png Atualize o Java. Versões antigas têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u40.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 27.69 MB jre-7u40-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u40-windows-i586.exe para instalar a mais nova versão.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.Para Windows Vista e 7: Panda USB Vaccine
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.
  • Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do fórum Linha Defensiva.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do fórum Linha Defensiva.

Abraço. :legal:



#17
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.