Sign in to follow this  
Followers 0
dcg

Notebook acusando memória insuficiente

18 posts in this topic

Srs.,

Solicito sua ajuda para identificar e corrigir problemas que estejam afetando o funcionamento de meu notebook, que de uma hora para outra começou a apresentar mensagens de memória insuficiente e ficar muito lento, sendo que utilizo-o sempre para os mesmos processos. Já que trabalho com sites e diagramação de jornais, costumo ter vários aplicativos abertos junto com o navegador google chrome (Indesign, photofiltre, etc,), mas nunca tive problemas.
Costumo utilizar o Malwarebytes  Anti-Malware pelo menos uma vez por semana, e nada de anormal foi detectado. Além disso, frequentemente utilizo o CCleaner.

Configuração do equipamento: Notebook Asus Intel Core I3-2330 CPU 2.20 GHz - Memória de 4GB - Sist. Operacional Windows 7 Ultimate 64Bits

Agradeço desde já a ajuda.

Obrigada.

PS. Anexo arquivos solicitados no ítem "Criando um Tópico" deste fórum

 

hijackthis.log

MbrScan.log

FSS.txt

Share this post


Link to post
Share on other sites
Faça o download do AdwCleaner e salve no desktop.


 

Clique no ícone 1IXHd.png para baixar o arquivo.

 

Execute o adwcleaner

 

OBS: Usuários do Windows Vista, 7 e 8 clique com o botão direito do mouse sobre o arquivo adwcleaner, depois clique em AgZ3P.png

 

OBS: Para usuários do Windows 8, caso haja bloqueio pelo Smart Screen, clique em Mais Opções e em Executar assim mesmo.

 

Clique em Examinar e quando terminar, clique em Limpar e nas próximas janelas, clique em Ok. 

 

Quando o computador for reiniciado será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

 


- Faça o download do Malwarebytes Anti-Malware


  • Desative o antivírus;

  • Faça a instalação dando um duplo clique em "mbam-setup.exe";

  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

  • Marque "Verificação Completa" e depois clique em Verificar;

  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";

  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

  • Copie e cole o conteúdo desse log na sua próxima resposta.

  • - Poste novo log do HijackThis.

    Share this post


    Link to post
    Share on other sites

    JoseMelo,

    Obrigada pelo rápido retorno.

    Abaixo os logs solicitados.
    Fico no aguardo.

     

    # AdwCleaner v3.005 - Relatório criado 23/09/2013 às 05:49:36
    # Atualizado 22/09/2013 por Xplode
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Usuário : Usuario - DENISE-NB
    # Executando de : C:\Users\Usuario\Desktop\adwcleaner\adwcleaner.exe
    # Opção : Limpar
     
    ***** [ Serviços ] *****
     
     
    ***** [ Arquivos / Pastas ] *****
     
    Pasta Deletada : C:\ProgramData\boost_interprocess
    Arquivo Deletada : C:\Windows\Tasks\Dealply.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
    Arquivo Deletada : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
    Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
    Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyUpdate
     
    ***** [ Atalhos ] *****
     
     
    ***** [ Registro ] *****
     
    Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
     
    ***** [ Navegadores ] *****
     
    -\\ Internet Explorer v10.0.9200.16686
     
     
    -\\ Google Chrome v29.0.1547.76
     
    [ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    [ Arquivo : C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     

    ___________________________________________________________________________________

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Versão da Base de Dados:  v2013.09.23.08
     
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16686
    Usuario :: DENISE-NB [administrador]
     
    23/09/2013 12:37:32
    mbam-log-2013-09-23 (12-37-32).txt
     
    Tipo de Verificação:  Verificação Completa  (C:\|D:\|)
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados:  413924
    Tempo decorrido: 1 hora(s), 6 minuto(s), 18 segundo(s)
     
    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Chaves de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Arquivos Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    (fim)
     
     

    ___________________________________________________________________________________



    Logfile of HijackThis v1.99.1
    Scan saved at 14:42:01, on 23/09/2013
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v10.0 (10.00.9200.16686)
     
    Running processes:
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Usuario\Desktop\HijackThis\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O11 - Options group: [iNTERNATIONAL] International
    O13 - Gopher Prefix: 
    O15 - Trusted Zone: imagem.caixa.gov.br
    O15 - Trusted Zone: internetbanking.caixa.gov.br
    O15 - Trusted Zone: internetbankingpf.caixa.gov.br
    O15 - Trusted Zone: www.caixa.gov.br
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
    O20 - Winlogon Notify: WgaLogon - C:\Windows\
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
     

    Share this post


    Link to post
    Share on other sites
    Faça o download do Kaspersky Virus Removal Tool:


     

    Salve-o em sua área de trabalho.

     

    - Duplo clique no arquivo "setup" e aguarde a instalação;

    - Na próxima tela marque I accept the licence agreement e clique em Start

    - Clique no botão f4uZX.png e marque:

    • Meu computador

  • Disco local (C:) (a letra do disco local pode variar)

  • - Clique em Actions e desmarque os dois quadros:

    Zqewdl.jpg

    - Clique na aba Automatic Scan e aguarde o término da verificação.

     

    - Clique  no botão zNEXl.jpg, em Detected threats e no botão "Save".

    - Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

    Share this post


    Link to post
    Share on other sites

    JoseMelo,

    Foram detectados trojans, mas não tomei nenhuma atitude, apenas gravei o log, conforme suas orientações.

    No aguardo

    Obrigada.

     

    PS. Como demorou demais, tive que continuar meu trabalho enquanto rodava o software... Espero não ter atrapalhado nada.

     

    Kaspersky

     

    Status: Detected   (events: 19)
    23/09/2013 18:28:28 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\ppctrl.dat High
    23/09/2013 18:28:31 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\All Users\pckt.tmp High
    23/09/2013 18:48:12 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\Todos os Usuários\ppctrl.dat High
    23/09/2013 18:48:15 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Todos os Usuários\pckt.tmp High
    23/09/2013 18:53:05 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Usuario\AppData\Roaming\windows.vbs High
    23/09/2013 19:45:23 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Usuario\Dados de aplicativos\windows.vbs High
    23/09/2013 19:52:04 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 19:53:57 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Meus documentos\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 20:09:43 Detected Trojan program HEUR:Trojan.Script.Generic C:\ProgramData\ppctrl.dat High
    23/09/2013 20:09:46 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\ProgramData\pckt.tmp High
    23/09/2013 20:11:32 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\All Users\ppctrl.dat High
    23/09/2013 20:11:36 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\All Users\pckt.tmp High
    23/09/2013 20:32:04 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\Todos os Usuários\ppctrl.dat High
    23/09/2013 20:32:07 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\Todos os Usuários\pckt.tmp High
    23/09/2013 20:37:56 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\Usuario\AppData\Roaming\windows.vbs High
    23/09/2013 20:42:04 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\Usuario\Dados de aplicativos\windows.vbs High
    23/09/2013 20:44:37 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 20:46:26 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Usuario\Meus documentos\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 21:45:08 Detected Trojan program Trojan-Banker.VBS.Proxy.b c:\Users\Usuario\AppData\Roaming\windows.vbs High

    Share this post


    Link to post
    Share on other sites

    Rode novamente o Kaspersky e clique em "Disinfect All" quando algo for detectado. Salve o log e poste aqui, juntamente com um novo log do HijackThis.

    Share this post


    Link to post
    Share on other sites

    JoseMelo,

    Eu mantive o Kaspersky aberto... Posso apenas clicar em Disinfect All e gravar o log ou devo fechá-lo e executá-lo novamente?

    Se tiver que rodá-lo novamente, antes tenho uma dúvida: Em Actions/Select Actions, mantenho o Disinfect e o Delete desabilitados?
    No aguardo.

    Obrigada

    Edited by dcg

    Share this post


    Link to post
    Share on other sites
    Eu mantive o Kaspersky aberto... Posso apenas clicar em Disinfect All e gravar o log ou devo fechá-lo e executá-lo novamente?

    Sim.

    Share this post


    Link to post
    Share on other sites

    JoseMelo,

    Desculpe-me... não entendi! Sim para qual das perguntas???? Clicar em Disinfect All e gravar o log ou fechá-lo e executá-lo novamente???
    Faço esta pergunta pq realmente demorou demais para rodar o Kaspersky e o note está cada vez mais lento, mas preciso continuar meu trabalho.

    Muito obrigada.

    Share this post


    Link to post
    Share on other sites
    Se tiver que rodá-lo novamente, antes tenho uma dúvida: Em Actions/Select Actions, mantenho o Disinfect e o Delete desabilitados?

    Habilite ambos.

    Share this post


    Link to post
    Share on other sites

    JoseMelo,

    Seguem os logs.

    Aguardo novas instruções.

    Obrigada.

     

    Status: Quarantined   (events: 3)
    26/09/2013 19:25:12 Quarantined Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\ppctrl.dat High
    26/09/2013 20:50:07 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe High
    26/09/2013 20:50:07 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    Status: Deleted   (events: 2)
    26/09/2013 19:24:56 Deleted Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\All Users\pckt.tmp High

    26/09/2013 19:55:12 Deleted Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Usuario\AppData\Roaming\windows.vbs High

     
     
     
    Logfile of HijackThis v1.99.1
    Scan saved at 01:37:02, on 27/09/2013
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v10.0 (10.00.9200.16686)
     
    Running processes:
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Usuario\Desktop\HijackThis\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - Startup: _uninst_43446583.lnk = Usuario\AppData\Local\Temp\_uninst_43446583.bat
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O11 - Options group: [iNTERNATIONAL] International
    O13 - Gopher Prefix: 
    O15 - Trusted Zone: imagem.caixa.gov.br
    O15 - Trusted Zone: internetbanking.caixa.gov.br
    O15 - Trusted Zone: internetbankingpf.caixa.gov.br
    O15 - Trusted Zone: www.caixa.gov.br
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
    O20 - Winlogon Notify: WgaLogon - C:\Windows\
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

    Share this post


    Link to post
    Share on other sites
    - Faça o download do OTL de OldTimer e salve-o no desktop:



    • Feche todas as janelas e execute a ferramenta.

    • Marque as opções Verificar Lop e Verificar Purity
    • - Selecione estas linhas abaixo, clique com o direito sobre a seleção, e escolha a opção copiar:

      netsvcs
      msconfig
      drivers32
      %systemroot%\system32\drivers\*.* /90
      %userprofile%\*.*
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.*
      %ALLUSERSPROFILE%\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %PROGRAMFILES%\Internet Explorer\*.*
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

      - Volte ao programa, clique com o botão direito do mouse em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar;

      - Clique no botão Verificar;

      - Anexe o log do OTL.

      Share this post


      Link to post
      Share on other sites

      JoseMelo

      O OTL criou dos logs (OTL.txt e Extras.txt), que segum abaixo.

      No aguardo.

      Obrigada.

       

      OTL logfile created on: 27/09/2013 22:18:13 - Run 1
      OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Usuario\Desktop\OTL
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.10.9200.16686)
      Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
       
      3,91 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 59,66% Memory free
      7,81 Gb Paging File | 6,25 Gb Available in Paging File | 80,01% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 195,21 Gb Total Space | 135,53 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
      Drive D: | 270,45 Gb Total Space | 230,46 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
       
      Computer Name: DENISE-NB | User Name: Usuario | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
       
      ========== Processes (SafeList) ==========
       
      PRC - [2013/09/27 22:15:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL\OTL.exe
      PRC - [2013/08/30 04:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
      PRC - [2013/08/30 04:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
      PRC - [2013/07/01 15:39:30 | 000,410,440 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
      PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
       
       
      ========== Modules (No Company Name) ==========
       
       
      ========== Driver Services (SafeList) ==========
       
      DRV:64bit: - [2013/08/30 04:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
      DRV:64bit: - [2013/08/30 04:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
      DRV:64bit: - [2013/08/30 04:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
      DRV:64bit: - [2013/08/30 04:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
      DRV:64bit: - [2013/08/30 04:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
      DRV:64bit: - [2013/08/30 04:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
      DRV:64bit: - [2013/08/30 04:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
      DRV:64bit: - [2013/08/30 04:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
      DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
      DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
      DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
      DRV:64bit: - [2012/08/23 11:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
      DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
      DRV:64bit: - [2012/01/10 21:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
      DRV:64bit: - [2011/11/03 18:09:48 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
      DRV:64bit: - [2011/11/03 18:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
      DRV:64bit: - [2011/06/02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
      DRV:64bit: - [2011/06/02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
      DRV:64bit: - [2011/04/22 02:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
      DRV:64bit: - [2011/03/15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
      DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
      DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
      DRV:64bit: - [2011/03/04 11:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
      DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
      DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
      DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
      DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
      DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
      DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
      DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
      DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
      DRV - [2012/10/04 13:07:24 | 000,047,720 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
      DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
      DRV - [2008/02/01 17:24:06 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
       
       
      ========== Standard Registry (SafeList) ==========
       
       
      ========== Internet Explorer ==========
       
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = 
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
       
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 EF 8B 90 D5 E3 CD 01  [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
       
       
      ========== FireFox ==========
       
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
       
       
       
      ========== Chrome  ==========
       
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
      CHR - homepage: 
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
      CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
      CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
      CHR - Extension: YouTube = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
      CHR - Extension: Pesquisa do Google = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
      CHR - Extension: Skype Click to Call = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
      CHR - Extension: Chrome In-App Payments service = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
      CHR - Extension: GBBD Caixa Economica Federal = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.4.0_0\
      CHR - Extension: Gmail = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
       
      O1 HOSTS File: ([2013/06/10 07:36:58 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
      O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
      O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKCU..\Run: [AdobeBridge]  File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
      O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
      O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
      O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2)
      O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
      O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.25.2)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.128.63 189.4.128.68 201.6.4.116
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AD6F542-772F-417F-8A81-D86139863E62}: DhcpNameServer = 189.4.128.63 189.4.128.68 201.6.4.116
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC8B582-275F-4BB2-9A42-770D5DFDED1A}: DhcpNameServer = 189.4.128.61 189.4.128.66
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
      O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
      O32 - HKLM CDRom: AutoRun - 1
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
       
      NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
       
      MsConfig:64bit - StartUpFolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk -  - File not found
      MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
      MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
      MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
      MsConfig:64bit - StartUpReg: DoroServer - hkey= - key= - C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft)
      MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
      MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
      MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
      MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
      MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
      MsConfig:64bit - StartUpReg: OfficeSyncProcess - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
      MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
      MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
      MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
      MsConfig:64bit - StartUpReg: SonicMasterTray - hkey= - key= - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
      MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
      MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Arquivos de Programas\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
      MsConfig:64bit - State: "startup" - Reg Error: Key error.
      MsConfig:64bit - State: "services" - Reg Error: Key error.
       
      Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
      Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
      Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
      Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
       
      ========== Files/Folders - Created Within 30 Days ==========
       
      [2013/09/27 22:14:31 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\OTL
      [2013/09/27 22:14:16 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\Nova pasta
      [2013/09/23 18:21:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\Kaspersky
      [2013/09/23 17:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
      [2013/09/23 05:47:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
      [2013/09/23 05:47:01 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\adwcleaner
      [2013/09/18 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\Farbar Scanner
      [2013/09/18 19:27:09 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\MbrScan
      [2013/09/18 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\HijackThis
      [2013/09/15 21:05:45 | 000,031,088 | ---- | C] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
      [2013/09/13 03:14:22 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
      [2013/09/13 03:14:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
      [2013/09/13 03:14:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
      [2013/09/13 03:14:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
      [2013/09/13 03:14:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
      [2013/09/13 03:14:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
      [2013/09/13 03:14:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
      [2013/09/13 03:14:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
      [2013/09/13 03:14:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
      [2013/09/13 03:14:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
      [2013/09/13 03:14:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
      [2013/09/13 03:14:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
      [2013/09/13 03:14:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
      [2013/09/13 03:14:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
      [2013/09/13 03:14:10 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
      [2013/09/12 15:38:46 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
      [2013/09/12 15:38:40 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
      [2013/09/12 15:38:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
      [2013/09/12 15:38:39 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
      [2013/09/12 15:38:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
      [2013/09/12 15:38:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
      [2013/09/12 15:38:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
      [2013/09/12 15:38:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
      [2013/09/12 15:38:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
      [2013/09/12 15:38:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
      [2013/09/12 15:38:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
      [2013/09/12 15:38:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
      [2013/09/12 15:38:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
      [2013/09/12 15:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
      [2013/09/12 15:38:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
      [2013/09/12 15:38:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
      [2013/09/12 15:38:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
      [2013/09/12 15:38:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
      [2013/09/12 15:38:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
      [2013/09/12 15:38:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
      [2013/09/12 15:38:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
      [2013/09/12 15:38:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
      [2013/09/12 15:38:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
      [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
      [2013/09/12 15:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
      [2013/09/12 15:38:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
      [2013/09/12 15:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
      [2013/09/12 15:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
      [2013/09/12 15:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
      [2013/09/12 15:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
      [2013/09/12 15:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
      [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
      [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
      [2013/09/12 15:38:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
      [2013/09/12 15:38:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
      [2013/09/12 15:38:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
      [2013/09/12 15:38:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
      [2013/09/12 15:38:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
      [2013/09/12 15:38:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
      [2013/09/12 15:38:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
      [2013/09/12 15:38:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
      [2013/09/12 15:38:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
      [2013/09/12 15:38:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
      [2013/09/06 17:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
      [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
       
      ========== Files Created - No Company Name ==========
       
      [2013/09/15 21:05:45 | 000,010,266 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
      [2013/09/15 21:05:45 | 000,003,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
      [2013/09/15 21:05:45 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
      [2013/09/15 21:05:45 | 000,001,402 | ---- | C] () -- C:\Windows\SysWow64\drivers\gas.cer
      [2013/09/03 01:15:16 | 000,000,004 | ---- | C] () -- C:\ProgramData\99
      [2013/09/03 01:14:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\0
      [2013/07/04 17:30:27 | 000,717,827 | ---- | C] () -- C:\Users\Usuario\AppData\Roaming\unins000.exe
      [2013/07/04 17:30:27 | 000,011,488 | ---- | C] () -- C:\Users\Usuario\AppData\Roaming\unins000.dat
      [2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
      [2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
      [2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
      [2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
      [2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
      [2012/10/26 12:36:02 | 001,509,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2012/10/23 10:49:12 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\~bwcrc32.dll
      [2012/10/19 14:51:53 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\TECBAR32.DLL
      [2012/10/19 14:50:01 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI
      [2012/10/19 01:56:39 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
      [2012/10/19 01:26:45 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
      [2012/10/18 23:22:15 | 000,138,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
      [2012/10/16 16:25:49 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
      [2012/10/16 16:17:44 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
      [2012/10/16 16:17:42 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
      [2012/10/16 16:17:36 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe
      [2012/10/01 16:09:32 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
      [2012/10/01 15:59:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
      [2012/10/01 15:59:31 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
      [2012/10/01 15:59:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
      [2012/10/01 15:59:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
      [2012/10/01 15:59:27 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
       
      ========== ZeroAccess Check ==========
       
      [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 23:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== LOP Check ==========
       
      [2012/10/19 01:30:50 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
      [2012/10/18 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      [2012/10/19 01:26:45 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PACE Anti-Piracy
      [2012/10/18 13:42:25 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PhotoFiltre
      [2013/06/15 10:40:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Samsung
      [2012/10/19 01:30:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
      [2013/08/19 14:38:24 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Wondershare
       
      ========== Purity Check ==========
       
       
       
      ========== Custom Scans ==========
       
      < %systemroot%\system32\drivers\*.* /90 >
      [2013/09/27 06:58:09 | 000,001,402 | ---- | M] () -- C:\Windows\system32\drivers\gas.cer
      [2013/09/27 06:58:09 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\system32\drivers\gbpndisrd.sys
      [2013/09/27 06:58:09 | 000,010,266 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.cat
      [2013/09/27 06:58:09 | 000,003,641 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.inf
      [2013/09/27 06:58:09 | 000,001,814 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd_m.inf
       
      < %userprofile%\*.* >
      [2013/09/27 22:22:35 | 004,456,448 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT
      [2013/09/27 22:22:34 | 000,262,144 | -HS- | M] () -- C:\Users\Usuario\ntuser.dat.LOG1
      [2012/10/01 14:43:13 | 000,000,000 | -HS- | M] () -- C:\Users\Usuario\ntuser.dat.LOG2
      [2012/10/01 15:40:11 | 000,065,536 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
      [2012/10/01 15:40:11 | 000,524,288 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
      [2012/10/01 15:40:11 | 000,524,288 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
      [2012/10/01 14:43:13 | 000,000,020 | -HS- | M] () -- C:\Users\Usuario\ntuser.ini
       
      < %SYSTEMDRIVE%\*.* >
      [2013/06/05 20:34:26 | 000,000,000 | ---- | M] () -- C:\.mp3
      [2013/04/19 03:20:14 | 000,000,491 | ---- | M] () -- C:\Dados (D) - Atalho.lnk
      [2013/09/27 06:57:57 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
      [2013/09/27 06:58:01 | 4194,439,168 | -HS- | M] () -- C:\pagefile.sys
      [2013/02/23 01:44:32 | 000,001,111 | ---- | M] () -- C:\Vídeos - Atalho.lnk
      [2013/06/24 23:56:54 | 000,000,000 | ---- | M] () -- C:\[1].mp3
       
      < %PROGRAMFILES%\*.* >
      [2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
       
      < %ALLUSERSPROFILE%\*.* >
      [2013/09/03 01:14:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\0
      [2013/09/03 01:15:16 | 000,000,004 | ---- | M] () -- C:\ProgramData\99
      [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
       
      < %APPDATA%\Microsoft\*.* >
       
      < %PROGRAMFILES%\*.* >
      [2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
       
      < %PROGRAMFILES%\Internet Explorer\*.* >
      [2013/04/05 03:05:44 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
      [2013/04/05 03:05:44 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
      [2013/04/05 03:05:44 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
      [2013/04/05 03:05:44 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
      [2013/04/05 03:05:44 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      [2013/08/10 00:58:05 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
      [2013/08/10 00:58:06 | 000,236,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
      [2013/08/10 01:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
      [2013/04/05 03:05:44 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
      [2013/08/10 00:58:09 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
      [2013/04/05 03:05:44 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
      [2013/04/05 03:05:44 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
      [2013/04/05 03:05:44 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
      [2013/04/05 03:05:44 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
      [2013/04/05 03:05:44 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
      [2013/04/05 03:05:44 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
      [2013/08/10 00:58:55 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings >
      "IE5_UA_Backup_Flag" = 5.0
      "User Agent" = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
      "EmailName" = User@
      "PrivDiscUiShown" = 1
      "EnableHttp1_1" = 1
      "WarnOnIntranet" = 1
      "MimeExclusionListForCache" = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
      "AutoConfigProxy" = wininet.dll -- [2013/08/10 00:59:10 | 001,767,936 | ---- | M] (Microsoft Corporation)
      "UseSchannelDirectly" = 01 00 00 00  [binary data]
      "WarnOnPost" = 01 00 00 00  [binary data]
      "UrlEncoding" = 0
      "SecureProtocols" = 160
      "PrivacyAdvanced" = 0
      "ZonesSecurityUpgrade" = 4C 2D 77 B3 E7 31 CE 01  [binary data]
      "DisableCachingOfSSLPages" = 0
      "WarnonZoneCrossing" = 0
      "CertificateRevocation" = 1
      "EnableNegotiate" = 1
      "MigrateProxy" = 1
      "ProxyEnable" = 0
      "ProxyHttp1.1" = 1
      "EnablePunycode" = 1
      "DisableIDNPrompt" = 0
      "ShowPunycode" = 0
      "WarnonBadCertRecving" = 1
      "WarnOnPostRedirect" = 1
      "GlobalUserOffline" = 0
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < \Connections >
      [2009/07/14 02:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
      [2009/07/14 02:08:49 | 000,024,494 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
      [2012/10/01 16:09:32 | 000,000,204 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
      [2012/10/16 16:18:09 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
      [2012/10/17 09:20:07 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      [2012/10/17 09:20:08 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 973 bytes -> C:\Program Files\Common Files\System:VOtcqS822XfxAQESN
      @Alternate Data Stream - 971 bytes -> C:\Users\Usuario\AppData\Local\PrgALpCCTNBZJ8m:mhcPL4e8AgffVULgiLno0f6
      @Alternate Data Stream - 969 bytes -> C:\Users\Usuario\AppData\Local\ncsGDdT5Ng:AZTSI3NSKCWn4xQzVtdPqpy
      @Alternate Data Stream - 915 bytes -> C:\ProgramData\Microsoft:oJgSu1m7BTTNNpIeu9KlYx
      @Alternate Data Stream - 1166 bytes -> C:\ProgramData\Microsoft:WtQ7wIh0ZEU8WWVWU7p2h
      @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:3qJy0ZawQlDkk4twzaHgxh
       
      < End of report >
       
      ________________________________________________________________________________________
       
       
      OTL Extras logfile created on: 27/09/2013 22:18:13 - Run 1
      OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Usuario\Desktop\OTL
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.10.9200.16686)
      Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
       
      3,91 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 59,66% Memory free
      7,81 Gb Paging File | 6,25 Gb Available in Paging File | 80,01% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 195,21 Gb Total Space | 135,53 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
      Drive D: | 270,45 Gb Total Space | 230,46 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
       
      Computer Name: DENISE-NB | User Name: Usuario | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
       
      ========== Extra Registry (SafeList) ==========
       
       
      ========== File Associations ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
      .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
      .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
       
      [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
      .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
       
      ========== Shell Spawning ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      exefile [open] -- "%1" %*
      helpfile [open] -- Reg Error: Key error.
      htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
      InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [explore] -- Reg Error: Value error.
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
      exefile [open] -- "%1" %*
      helpfile [open] -- Reg Error: Key error.
      htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [explore] -- Reg Error: Value error.
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
       
      ========== Security Center Settings ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "cval" = 1
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
      "AntiVirusOverride" = 0
      "AntiSpywareOverride" = 0
      "FirewallOverride" = 0
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
       
      ========== Firewall Settings ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1
       
      ========== Authorized Applications List ==========
       
       
      ========== Vista Active Open Ports Exception List ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{0DAE3018-BDB1-4633-AA04-686C61A119C9}" = lport=445 | protocol=6 | dir=in | app=system | 
      "{0E85D853-F7E7-4528-BF6F-2DA186F672C5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
      "{1747C8C6-0375-4835-B1A6-A60C115C82B4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
      "{252CA68D-A22D-45AA-9F5B-AF6CCE7FD4EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
      "{2BFE566B-F58D-4A3C-96A7-62E606E24863}" = rport=445 | protocol=6 | dir=out | app=system | 
      "{2D471381-8B1A-48CA-B557-FB33610AE1F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
      "{66B2095B-07D9-42D3-8B44-475527D49730}" = lport=10243 | protocol=6 | dir=in | app=system | 
      "{697B08B0-9270-4AB1-88A0-7098D20DB299}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
      "{7852F687-63FA-4F93-96C2-7B8533816127}" = lport=138 | protocol=17 | dir=in | app=system | 
      "{7BE1F0FA-75B5-4F0B-98C7-73B515D09A70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
      "{7D1BFFD1-F0A4-4F15-92BE-C10A6AAB73CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
      "{7E2D3C8B-D8C7-4ACB-9E6C-F530CF0810F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
      "{807A8E23-1B14-4013-AB57-C4985396F0CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
      "{868FF939-2252-4B3C-9814-9C2A3DA18791}" = rport=10243 | protocol=6 | dir=out | app=system | 
      "{9617460E-9AA8-4CFD-9706-B27B6CC780D5}" = rport=139 | protocol=6 | dir=out | app=system | 
      "{A154CAF0-3CB4-424B-83B1-7AD4111A55ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
      "{BE80D67A-3F67-4FC9-A825-DFF4FC65C712}" = rport=138 | protocol=17 | dir=out | app=system | 
      "{C248C864-CF22-412E-8E80-0790C52C2965}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
      "{C62C94D8-AF72-4F09-ABD5-BEC3600ECD1D}" = lport=139 | protocol=6 | dir=in | app=system | 
      "{D3ACAC5B-B99E-469E-BB01-CCA1F8DE8A7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
      "{E093D334-B9FF-430A-90BD-97183CA768F3}" = lport=137 | protocol=17 | dir=in | app=system | 
      "{E241EB66-A8EB-409E-9A91-3BA6A7B2850D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
      "{EC1A2850-5391-4F3B-A802-2771BF238D24}" = rport=137 | protocol=17 | dir=out | app=system | 
      "{EFC5F482-BC95-4D9C-B408-DF2B7929F31A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
       
      ========== Vista Active Application Exception List ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{0663A97F-D63A-4E01-83BC-ADA51255A459}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
      "{06B4FB3F-E642-46EE-AD58-3AE06BB2DB23}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
      "{1993C28C-DBA9-4C52-A97D-9AE5F82CEC80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
      "{2232B6B3-88E6-4C71-80C7-A0FC1076E7B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
      "{2E0B27EE-4313-44F2-B1EA-0DE798EA92A8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
      "{302B6963-B4D1-479C-80DA-6466C9BBFE6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
      "{332FC589-1518-4FD9-A5E3-2906C12C5B7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
      "{3494AE22-5EA0-47EE-BCD3-6163B07A855A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
      "{3A65B9C8-9CB9-4EE8-A894-45D91D6F8D51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
      "{47993958-C2EF-41D6-8A6A-CB5F80CDF260}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
      "{4B881D08-922D-471D-A993-285600655777}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
      "{52562954-3C1B-4DB9-8160-9A234201C01F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
      "{5951A989-9B0C-48B7-A10E-F21FBAC0D0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
      "{6CB9394D-9B2A-4E06-82C0-AA51061328A5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
      "{73210EAF-C2BF-4554-A314-1BCB937D09C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
      "{79423684-007C-4B4E-9564-6712CE522BD7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
      "{7CBFA93B-13DD-4BD4-B545-366CCF1E43D8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
      "{8CF47DFF-0392-49B5-8F63-A07030DE7CBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
      "{9D3FD1BE-7D97-4CE5-B2B1-FBE97D292E13}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
      "{A28076C8-163A-4147-9901-1C73DA615DF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
      "{AD5895AD-18CB-4736-A34B-9B0922D18D7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
      "{C305A9B5-E367-4664-AFD8-E86C5F671904}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
      "{CF63F7D0-3848-4FA1-AC60-A605D7881E61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
      "{D6D96207-46A1-491A-9AD8-DF146FC3B4D8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
      "{DF929347-AEBF-4E21-9161-590A4AC2308C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
      "{E8A710BF-25F9-4105-830E-CE91C605B906}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
      "{ECC82D15-A192-4198-981F-A60B5E6381D8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
      "{EE134021-6DC9-42DE-AFDE-E05B9E71D794}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
      "{F4001D9F-479C-4E85-97A2-FB4F23EB2C03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
      "{F81CBA9A-8F0D-41C2-899D-DC29B8C85F49}" = protocol=6 | dir=out | app=system | 
      "{FCE9668A-D1A6-4323-8BB4-5628ABC99F1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
      "TCP Query User{B0680B24-307D-490D-8EED-4F27A7CDD3EE}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
      "UDP Query User{C8C6A5FD-62F6-41F1-8155-ACB50F58A02C}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
       
      ========== HKEY_LOCAL_MACHINE Uninstall List ==========
       
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
      "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
      "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
      "{26A24AE4-039D-4CA4-87B4-2F86416045FF}" = Java 6 Update 45 (64-bit)
      "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
      "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
      "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
      "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
      "{90140000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
      "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
      "{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
      "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
      "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
      "CCleaner" = CCleaner
      "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
      "Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
      "SynTPDeinstKey" = Synaptics Pointing Device Driver
      "WinRAR archiver" = WinRAR 4.20 (64-bit)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
      "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
      "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
      "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
      "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
      "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
      "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
      "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java 6 Update 45
      "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
      "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
      "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
      "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
      "{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1" = Módulo Adicional de Segurança CAIXA
      "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Suporte para Aplicativos Apple
      "{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
      "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
      "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
      "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
      "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
      "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
      "{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1" = Wondershare Application Center 1.0.0.58
      "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
      "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
      "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
      "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
      "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
      "{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
      "{90140000-0015-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
      "{90140000-0016-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
      "{90140000-0018-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
      "{90140000-0019-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
      "{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
      "{90140000-001B-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
      "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
      "{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
      "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-002A-0416-1000-0000000FF1CE}_Office14.PROPLUSR_{FE39121C-B405-4AAA-806C-A99042BE9219}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
      "{90140000-002C-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{13291F79-D997-49AD-9F31-5FAEE1F0FCF5}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
      "{90140000-0044-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
      "{90140000-006E-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{2134F8C8-2AD8-44EE-B86B-1B577FBD8D0E}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
      "{90140000-00A1-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
      "{90140000-00BA-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 4.0.1)
      "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
      "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
      "{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
      "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
      "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
      "{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
      "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
      "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
      "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
      "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
      "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
      "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
      "{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
      "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
      "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
      "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
      "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
      "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
      "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
      "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
      "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
      "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1046}" = Nero 7 Ultra Edition
      "Adobe AIR" = Adobe AIR
      "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
      "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
      "aTube Catcher" = aTube Catcher
      "avast" = avast! Free Antivirus
      "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
      "Cobrança CAIXA" = Cobrança CAIXA
      "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
      "Doro_is1" = Doro 1.62
      "Fotosizer" = Fotosizer 1.37
      "Google Chrome" = Google Chrome
      "HijackThis" = HijackThis 1.99.1
      "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
      "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
      "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
      "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
      "WinLiveSuite" = Windows Live Essentials
       
      ========== HKEY_CURRENT_USER Uninstall List ==========
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "MyFreeCodec" = MyFreeCodec
      "PhotoFiltre" = PhotoFiltre
       
      ========== Last 20 Event Log Errors ==========
       
      [ Application Events ]
      Error - 18/09/2013 13:20:36 | Computer Name = Denise-NB | Source = Application Error | ID = 1000
      Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo
       de hora: 0x4f72c3ee  Nome do módulo de falhas: Public.dll, versão: 8.0.0.370, carimbo
       de hora: 0x4f72c345  Código de exceção: 0xc0000005  Deslocamento com falha: 0x0006ab31
      Identificação
       do processo com falha: 0xc58  Hora de início do aplicativo com falha: 0x01ceb4931349c0ab
      Caminho
       do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
      FCaminho
       do módulo de falhas: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Public.dll
      Identificação
       do Relatório: a106d432-2086-11e3-8257-5404a6a772c2
       
      Error - 18/09/2013 17:42:31 | Computer Name = Denise-NB | Source = Application Error | ID = 1000
      Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo
       de hora: 0x4f72c3ee  Nome do módulo de falhas: Public.dll, versão: 8.0.0.370, carimbo
       de hora: 0x4f72c345  Código de exceção: 0xc0000005  Deslocamento com falha: 0x0004db8e
      Identificação
       do processo com falha: 0x14ec  Hora de início do aplicativo com falha: 0x01ceb4b7d5df7459
      Caminho
       do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
      FCaminho
       do módulo de falhas: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Public.dll
      Identificação
       do Relatório: 385df387-20ab-11e3-8257-5404a6a772c2
       
      Error - 18/09/2013 19:47:17 | Computer Name = Denise-NB | Source = Application Error | ID = 1000
      Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo
       de hora: 0x4f72c3ee  Nome do módulo de falhas: Public.dll, versão: 8.0.0.370, carimbo
       de hora: 0x4f72c345  Código de exceção: 0xc0000005  Deslocamento com falha: 0x0006ab31
      Identificação
       do processo com falha: 0xb00  Hora de início do aplicativo com falha: 0x01ceb4c9611401d1
      Caminho
       do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
      FCaminho
       do módulo de falhas: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Public.dll
      Identificação
       do Relatório: a64645ef-20bc-11e3-b4ef-5404a6a772c2
       
      Error - 20/09/2013 12:18:07 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
      Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
       Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
       verifique o histórico de problemas no painel de controle da Central de Ações.    ID
       de Processo: 1630    Hora de Início: 01ceb61cd1b16374    Hora de Término: 6    Caminho do Aplicativo:
       C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
       
      Error - 23/09/2013 01:23:03 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
      Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
       Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
       verifique o histórico de problemas no painel de controle da Central de Ações.    ID
       de Processo: 13a4    Hora de Início: 01ceb80c8f34f9fd    Hora de Término: 5    Caminho do Aplicativo:
       C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
       
      Error - 24/09/2013 02:35:46 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
      Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
       Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
       verifique o histórico de problemas no painel de controle da Central de Ações.    ID
       de Processo: 11ac    Hora de Início: 01ceb8e20889307b    Hora de Término: 172    Caminho do
       Aplicativo: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório: 
        
       
      Error - 24/09/2013 12:18:17 | Computer Name = Denise-NB | Source = Microsoft-Windows-CAPI2 | ID = 513
      Description = Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity()
       no Objeto de Gravador do Sistema..  Details: AddLegacyDriverFiles: Unable to back 
      up image of binary 3262350drv.  System Error: O sistema não pode encontrar o arquivo
       especificado.  .
       
      Error - 24/09/2013 12:18:17 | Computer Name = Denise-NB | Source = Microsoft-Windows-CAPI2 | ID = 513
      Description = Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity()
       no Objeto de Gravador do Sistema..  Details: AddLegacyDriverFiles: Unable to back 
      up image of binary 29466069.  System Error: O sistema não pode encontrar o arquivo 
      especificado.  .
       
      Error - 26/09/2013 02:32:43 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
      Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
       Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
       verifique o histórico de problemas no painel de controle da Central de Ações.    ID
       de Processo: 1248    Hora de Início: 01ceba808215bd77    Hora de Término: 50    Caminho do 
      Aplicativo: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
       
      Error - 26/09/2013 16:45:34 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
      Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
       Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
       verifique o histórico de problemas no painel de controle da Central de Ações.    ID
       de Processo: 914    Hora de Início: 01cebaf4c85e04e0    Hora de Término: 318    Caminho do 
      Aplicativo: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
       
      [ System Events ]
      Error - 10/05/2013 18:38:13 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 10/05/2013 21:24:19 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 11/05/2013 12:58:15 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 11/05/2013 19:16:13 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 11/05/2013 23:44:32 | Computer Name = Denise-NB | Source = EventLog | ID = 6008
      Description = O desligamento anterior do sistema em 00:14:03 às ?12/?05/?2013 não
       era esperado.
       
      Error - 12/05/2013 16:26:51 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 12/05/2013 20:11:12 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 13/05/2013 01:10:42 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 13/05/2013 07:24:12 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
      Error - 13/05/2013 11:56:38 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
      Description = 
       
       
      < End of report >
       

      Share this post


      Link to post
      Share on other sites
      - Ok, os logs estão limpos :)

       

      - Faça o download do CCleaner:

      • Clique em Salvar e quando terminado o download, faça a instalação;

    • Abra o programa e clique em Executar Limpeza;

    • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

    • - Desative e ative novamente a Restauração do Sistema

       

      - Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

       

      - Se não tiver mais problema, clique no botão LuQlZ.png e diga que o seu caso foi resolvido.

      Share this post


      Link to post
      Share on other sites

      JoseMelo

      Muito obrigada. Parece que agora está tudo OK.

      Antes de finalizar gostaria de fazer 2 perguntas:

      1. Notei que somente o Kaspersky foi o único que conseguiu detectar trojans. você recomenda que eu o mantenha instalado e o rode de tempos em tempos?

      2. O Malwarebytes e o Cleaner eu já os tinha instalados em meu nb e os rodo pelo menos uma vez por semana (sempre atualizados), mas em relação aos demais aplicativos que utilizei para este diagnóstico (Adwcleaner / OTL / HijackThis / Farbar Scanner / MbrScan) posso deletá-los?

      Mais uma vez, obrigada por sua ajuda.

      Share this post


      Link to post
      Share on other sites
      1. Notei que somente o Kaspersky foi o único que conseguiu detectar trojans. você recomenda que eu o mantenha instalado e o rode de tempos em tempos?

      Não. Essa ferramenta não tem atualização online. Quando precisar rodá-la, baixe a última versão atualizada.

       

      ...mas em relação aos demais aplicativos que utilizei para este diagnóstico (Adwcleaner / OTL / HijackThis / Farbar Scanner / MbrScan) posso deletá-los?

      Sim.

      Share this post


      Link to post
      Share on other sites

      JoseMelo,

      Ok. Entendi. Vou deletar todos os aplicativos utilizados nestes posts e de tempos em tempos, quando precisar rodar o Kaspersky eu instalo a nova versão.

      Muito obrigada por sua ajuda.

      Estou encerrando este tópico como resolvido.

      Share this post


      Link to post
      Share on other sites

      PROBLEMA RESOLVIDO


      Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

      Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  
      Followers 0

      • Recently Browsing   0 members

        No registered users viewing this page.