Ir para conteúdo

Foto

Notebook acusando memória insuficiente


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
17 respostas neste tópico

#1
dcg

dcg

    Membro

  • Membro
  • PipPip
  • 99 posts

Srs.,

Solicito sua ajuda para identificar e corrigir problemas que estejam afetando o funcionamento de meu notebook, que de uma hora para outra começou a apresentar mensagens de memória insuficiente e ficar muito lento, sendo que utilizo-o sempre para os mesmos processos. Já que trabalho com sites e diagramação de jornais, costumo ter vários aplicativos abertos junto com o navegador google chrome (Indesign, photofiltre, etc,), mas nunca tive problemas.
Costumo utilizar o Malwarebytes  Anti-Malware pelo menos uma vez por semana, e nada de anormal foi detectado. Além disso, frequentemente utilizo o CCleaner.

Configuração do equipamento: Notebook Asus Intel Core I3-2330 CPU 2.20 GHz - Memória de 4GB - Sist. Operacional Windows 7 Ultimate 64Bits

Agradeço desde já a ajuda.

Obrigada.

PS. Anexo arquivos solicitados no ítem "Criando um Tópico" deste fórum

 

Arquivo(s) anexado(s)



#2
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.677 posts
Faça o download do AdwCleaner e salve no desktop.
 
Clique no ícone 1IXHd.png para baixar o arquivo.
 
Execute o adwcleaner
 
OBS: Usuários do Windows Vista, 7 e 8 clique com o botão direito do mouse sobre o arquivo adwcleaner, depois clique em AgZ3P.png
 
OBS: Para usuários do Windows 8, caso haja bloqueio pelo Smart Screen, clique em Mais Opções e em Executar assim mesmo.
 
Clique em Examinar e quando terminar, clique em Limpar e nas próximas janelas, clique em Ok. 
 
Quando o computador for reiniciado será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 

- Faça o download do Malwarebytes Anti-Malware
  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
  • - Poste novo log do HijackThis.


    #3
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo,

    Obrigada pelo rápido retorno.

    Abaixo os logs solicitados.
    Fico no aguardo.

     

    # AdwCleaner v3.005 - Relatório criado 23/09/2013 às 05:49:36
    # Atualizado 22/09/2013 por Xplode
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Usuário : Usuario - DENISE-NB
    # Executando de : C:\Users\Usuario\Desktop\adwcleaner\adwcleaner.exe
    # Opção : Limpar
     
    ***** [ Serviços ] *****
     
     
    ***** [ Arquivos / Pastas ] *****
     
    Pasta Deletada : C:\ProgramData\boost_interprocess
    Arquivo Deletada : C:\Windows\Tasks\Dealply.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
    Arquivo Deletada : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
    Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
    Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyUpdate
     
    ***** [ Atalhos ] *****
     
     
    ***** [ Registro ] *****
     
    Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
     
    ***** [ Navegadores ] *****
     
    -\\ Internet Explorer v10.0.9200.16686
     
     
    -\\ Google Chrome v29.0.1547.76
     
    [ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    [ Arquivo : C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     

    ___________________________________________________________________________________

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Versão da Base de Dados:  v2013.09.23.08
     
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16686
    Usuario :: DENISE-NB [administrador]
     
    23/09/2013 12:37:32
    mbam-log-2013-09-23 (12-37-32).txt
     
    Tipo de Verificação:  Verificação Completa  (C:\|D:\|)
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados:  413924
    Tempo decorrido: 1 hora(s), 6 minuto(s), 18 segundo(s)
     
    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Chaves de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Arquivos Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    (fim)
     
     

    ___________________________________________________________________________________



    Logfile of HijackThis v1.99.1
    Scan saved at 14:42:01, on 23/09/2013
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v10.0 (10.00.9200.16686)
     
    Running processes:
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Usuario\Desktop\HijackThis\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix: 
    O15 - Trusted Zone: imagem.caixa.gov.br
    O15 - Trusted Zone: internetbanking.caixa.gov.br
    O15 - Trusted Zone: internetbankingpf.caixa.gov.br
    O15 - Trusted Zone: www.caixa.gov.br
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
    O20 - Winlogon Notify: WgaLogon - C:\Windows\
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
     


    #4
    JoseMelo

    JoseMelo

      Assistente Profissional

    • Assistente Profissional
    • 128.677 posts
    Faça o download do Kaspersky Virus Removal Tool:
     
    Salve-o em sua área de trabalho.
     
    - Duplo clique no arquivo "setup" e aguarde a instalação;
    - Na próxima tela marque I accept the licence agreement e clique em Start
    - Clique no botão f4uZX.png e marque:
    • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)
  • - Clique em Actions e desmarque os dois quadros:
    Zqewdl.jpg
    - Clique na aba Automatic Scan e aguarde o término da verificação.
     
    - Clique  no botão zNEXl.jpg, em Detected threats e no botão "Save".
    - Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.


    #5
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo,

    Foram detectados trojans, mas não tomei nenhuma atitude, apenas gravei o log, conforme suas orientações.

    No aguardo

    Obrigada.

     

    PS. Como demorou demais, tive que continuar meu trabalho enquanto rodava o software... Espero não ter atrapalhado nada.

     

    Kaspersky

     

    Status: Detected   (events: 19)
    23/09/2013 18:28:28 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\ppctrl.dat High
    23/09/2013 18:28:31 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\All Users\pckt.tmp High
    23/09/2013 18:48:12 Detected Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\Todos os Usuários\ppctrl.dat High
    23/09/2013 18:48:15 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Todos os Usuários\pckt.tmp High
    23/09/2013 18:53:05 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Usuario\AppData\Roaming\windows.vbs High
    23/09/2013 19:45:23 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Usuario\Dados de aplicativos\windows.vbs High
    23/09/2013 19:52:04 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 19:53:57 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Meus documentos\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 20:09:43 Detected Trojan program HEUR:Trojan.Script.Generic C:\ProgramData\ppctrl.dat High
    23/09/2013 20:09:46 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\ProgramData\pckt.tmp High
    23/09/2013 20:11:32 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\All Users\ppctrl.dat High
    23/09/2013 20:11:36 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\All Users\pckt.tmp High
    23/09/2013 20:32:04 Detected Trojan program HEUR:Trojan.Script.Generic C:\Users\Todos os Usuários\ppctrl.dat High
    23/09/2013 20:32:07 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\Todos os Usuários\pckt.tmp High
    23/09/2013 20:37:56 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\Usuario\AppData\Roaming\windows.vbs High
    23/09/2013 20:42:04 Detected Trojan program Trojan-Banker.VBS.Proxy.b C:\Users\Usuario\Dados de aplicativos\windows.vbs High
    23/09/2013 20:44:37 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 20:46:26 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Usuario\Meus documentos\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    23/09/2013 21:45:08 Detected Trojan program Trojan-Banker.VBS.Proxy.b c:\Users\Usuario\AppData\Roaming\windows.vbs High


    #6
    JoseMelo

    JoseMelo

      Assistente Profissional

    • Assistente Profissional
    • 128.677 posts

    Rode novamente o Kaspersky e clique em "Disinfect All" quando algo for detectado. Salve o log e poste aqui, juntamente com um novo log do HijackThis.



    #7
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo,

    Eu mantive o Kaspersky aberto... Posso apenas clicar em Disinfect All e gravar o log ou devo fechá-lo e executá-lo novamente?

    Se tiver que rodá-lo novamente, antes tenho uma dúvida: Em Actions/Select Actions, mantenho o Disinfect e o Delete desabilitados?
    No aguardo.

    Obrigada


    Editado por dcg, 25 setembro 2013 - 19:30.


    #8
    JoseMelo

    JoseMelo

      Assistente Profissional

    • Assistente Profissional
    • 128.677 posts
    Eu mantive o Kaspersky aberto... Posso apenas clicar em Disinfect All e gravar o log ou devo fechá-lo e executá-lo novamente?

    Sim.



    #9
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo,

    Desculpe-me... não entendi! Sim para qual das perguntas???? Clicar em Disinfect All e gravar o log ou fechá-lo e executá-lo novamente???
    Faço esta pergunta pq realmente demorou demais para rodar o Kaspersky e o note está cada vez mais lento, mas preciso continuar meu trabalho.

    Muito obrigada.



    #10
    JoseMelo

    JoseMelo

      Assistente Profissional

    • Assistente Profissional
    • 128.677 posts
    Se tiver que rodá-lo novamente, antes tenho uma dúvida: Em Actions/Select Actions, mantenho o Disinfect e o Delete desabilitados?

    Habilite ambos.



    #11
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo,

    Seguem os logs.

    Aguardo novas instruções.

    Obrigada.

     

    Status: Quarantined   (events: 3)
    26/09/2013 19:25:12 Quarantined Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\ppctrl.dat High
    26/09/2013 20:50:07 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe High
    26/09/2013 20:50:07 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Usuario\Documents\Backup PCs\Ricardo\Pictures\Rap.exe//UPX High
    Status: Deleted   (events: 2)
    26/09/2013 19:24:56 Deleted Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\All Users\pckt.tmp High

    26/09/2013 19:55:12 Deleted Trojan program Trojan-Banker.VBS.Proxy.b C:\Documents and Settings\Usuario\AppData\Roaming\windows.vbs High

     
     
     
    Logfile of HijackThis v1.99.1
    Scan saved at 01:37:02, on 27/09/2013
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v10.0 (10.00.9200.16686)
     
    Running processes:
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Usuario\Desktop\HijackThis\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - Startup: _uninst_43446583.lnk = Usuario\AppData\Local\Temp\_uninst_43446583.bat
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix: 
    O15 - Trusted Zone: imagem.caixa.gov.br
    O15 - Trusted Zone: internetbanking.caixa.gov.br
    O15 - Trusted Zone: internetbankingpf.caixa.gov.br
    O15 - Trusted Zone: www.caixa.gov.br
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
    O20 - Winlogon Notify: WgaLogon - C:\Windows\
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


    #12
    JoseMelo

    JoseMelo

      Assistente Profissional

    • Assistente Profissional
    • 128.677 posts
    - Faça o download do OTL de OldTimer e salve-o no desktop:
  • Feche todas as janelas e execute a ferramenta.
  • Marque as opções Verificar Lop e Verificar Purity
  • - Selecione estas linhas abaixo, clique com o direito sobre a seleção, e escolha a opção copiar:
    netsvcs
    msconfig
    drivers32
    %systemroot%\system32\drivers\*.* /90
    %userprofile%\*.*
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %ALLUSERSPROFILE%\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\Internet Explorer\*.*
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    
    - Volte ao programa, clique com o botão direito do mouse em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar;
    - Clique no botão Verificar;
    - Anexe o log do OTL.


    #13
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo

    O OTL criou dos logs (OTL.txt e Extras.txt), que segum abaixo.

    No aguardo.

    Obrigada.

     

    OTL logfile created on: 27/09/2013 22:18:13 - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Usuario\Desktop\OTL
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
     
    3,91 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 59,66% Memory free
    7,81 Gb Paging File | 6,25 Gb Available in Paging File | 80,01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195,21 Gb Total Space | 135,53 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
    Drive D: | 270,45 Gb Total Space | 230,46 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
     
    Computer Name: DENISE-NB | User Name: Usuario | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/09/27 22:15:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL\OTL.exe
    PRC - [2013/08/30 04:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/08/30 04:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/07/01 15:39:30 | 000,410,440 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
    PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
     
     
    ========== Modules (No Company Name) ==========
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2013/08/30 04:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/08/30 04:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/08/30 04:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/08/30 04:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/08/30 04:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/08/30 04:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/08/30 04:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/08/30 04:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 11:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/10 21:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/11/03 18:09:48 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/11/03 18:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/06/02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/06/02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/04/22 02:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 11:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2012/10/04 13:07:24 | 000,047,720 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
    DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/02/01 17:24:06 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 EF 8B 90 D5 E3 CD 01  [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    ========== FireFox ==========
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
     
     
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: 
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - Extension: YouTube = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Pesquisa do Google = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Skype Click to Call = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: GBBD Caixa Economica Federal = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.4.0_0\
    CHR - Extension: Gmail = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2013/06/10 07:36:58 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [AdobeBridge]  File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
    O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.128.63 189.4.128.68 201.6.4.116
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AD6F542-772F-417F-8A81-D86139863E62}: DhcpNameServer = 189.4.128.63 189.4.128.68 201.6.4.116
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC8B582-275F-4BB2-9A42-770D5DFDED1A}: DhcpNameServer = 189.4.128.61 189.4.128.66
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
    O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
     
    MsConfig:64bit - StartUpFolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk -  - File not found
    MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
    MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    MsConfig:64bit - StartUpReg: DoroServer - hkey= - key= - C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft)
    MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
    MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: OfficeSyncProcess - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
    MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
    MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig:64bit - StartUpReg: SonicMasterTray - hkey= - key= - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
    MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
    MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Arquivos de Programas\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
    MsConfig:64bit - State: "services" - Reg Error: Key error.
     
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/09/27 22:14:31 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\OTL
    [2013/09/27 22:14:16 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\Nova pasta
    [2013/09/23 18:21:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\Kaspersky
    [2013/09/23 17:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2013/09/23 05:47:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/23 05:47:01 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\adwcleaner
    [2013/09/18 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\Farbar Scanner
    [2013/09/18 19:27:09 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\MbrScan
    [2013/09/18 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\HijackThis
    [2013/09/15 21:05:45 | 000,031,088 | ---- | C] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
    [2013/09/13 03:14:22 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/09/13 03:14:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/09/13 03:14:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/09/13 03:14:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/09/13 03:14:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/09/13 03:14:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/09/13 03:14:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/09/13 03:14:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/09/13 03:14:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/09/13 03:14:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/09/13 03:14:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/09/13 03:14:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/09/13 03:14:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/09/13 03:14:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/09/13 03:14:10 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/09/12 15:38:46 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
    [2013/09/12 15:38:40 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/09/12 15:38:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/09/12 15:38:39 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/09/12 15:38:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/09/12 15:38:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/09/12 15:38:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/09/12 15:38:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/09/12 15:38:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/09/12 15:38:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
    [2013/09/12 15:38:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/09/12 15:38:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/09/12 15:38:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/09/12 15:38:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/09/12 15:38:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/09/12 15:38:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/09/12 15:38:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/09/12 15:38:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/09/12 15:38:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/09/12 15:38:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/09/12 15:38:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/09/12 15:38:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/09/12 15:38:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/09/12 15:38:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/09/12 15:38:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/09/12 15:38:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/09/12 15:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/09/12 15:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/09/12 15:38:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/09/12 15:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/09/12 15:38:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/09/12 15:38:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/09/12 15:38:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/09/12 15:38:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/09/12 15:38:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/09/12 15:38:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [2013/09/12 15:38:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
    [2013/09/12 15:38:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/09/12 15:38:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/09/12 15:38:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/09/12 15:38:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/09/12 15:38:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/09/12 15:38:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2013/09/06 17:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/09/15 21:05:45 | 000,010,266 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
    [2013/09/15 21:05:45 | 000,003,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
    [2013/09/15 21:05:45 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
    [2013/09/15 21:05:45 | 000,001,402 | ---- | C] () -- C:\Windows\SysWow64\drivers\gas.cer
    [2013/09/03 01:15:16 | 000,000,004 | ---- | C] () -- C:\ProgramData\99
    [2013/09/03 01:14:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\0
    [2013/07/04 17:30:27 | 000,717,827 | ---- | C] () -- C:\Users\Usuario\AppData\Roaming\unins000.exe
    [2013/07/04 17:30:27 | 000,011,488 | ---- | C] () -- C:\Users\Usuario\AppData\Roaming\unins000.dat
    [2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2012/10/26 12:36:02 | 001,509,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/10/23 10:49:12 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\~bwcrc32.dll
    [2012/10/19 14:51:53 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\TECBAR32.DLL
    [2012/10/19 14:50:01 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/10/19 01:56:39 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
    [2012/10/19 01:26:45 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2012/10/18 23:22:15 | 000,138,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/10/16 16:25:49 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2012/10/16 16:17:44 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
    [2012/10/16 16:17:42 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
    [2012/10/16 16:17:36 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe
    [2012/10/01 16:09:32 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
    [2012/10/01 15:59:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/10/01 15:59:31 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/10/01 15:59:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/10/01 15:59:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/10/01 15:59:27 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
     
    ========== ZeroAccess Check ==========
     
    [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 23:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012/10/19 01:30:50 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/10/18 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/10/19 01:26:45 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PACE Anti-Piracy
    [2012/10/18 13:42:25 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PhotoFiltre
    [2013/06/15 10:40:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Samsung
    [2012/10/19 01:30:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2013/08/19 14:38:24 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Wondershare
     
    ========== Purity Check ==========
     
     
     
    ========== Custom Scans ==========
     
    < %systemroot%\system32\drivers\*.* /90 >
    [2013/09/27 06:58:09 | 000,001,402 | ---- | M] () -- C:\Windows\system32\drivers\gas.cer
    [2013/09/27 06:58:09 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\system32\drivers\gbpndisrd.sys
    [2013/09/27 06:58:09 | 000,010,266 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.cat
    [2013/09/27 06:58:09 | 000,003,641 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.inf
    [2013/09/27 06:58:09 | 000,001,814 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd_m.inf
     
    < %userprofile%\*.* >
    [2013/09/27 22:22:35 | 004,456,448 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT
    [2013/09/27 22:22:34 | 000,262,144 | -HS- | M] () -- C:\Users\Usuario\ntuser.dat.LOG1
    [2012/10/01 14:43:13 | 000,000,000 | -HS- | M] () -- C:\Users\Usuario\ntuser.dat.LOG2
    [2012/10/01 15:40:11 | 000,065,536 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2012/10/01 15:40:11 | 000,524,288 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2012/10/01 15:40:11 | 000,524,288 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2012/10/01 14:43:13 | 000,000,020 | -HS- | M] () -- C:\Users\Usuario\ntuser.ini
     
    < %SYSTEMDRIVE%\*.* >
    [2013/06/05 20:34:26 | 000,000,000 | ---- | M] () -- C:\.mp3
    [2013/04/19 03:20:14 | 000,000,491 | ---- | M] () -- C:\Dados (D) - Atalho.lnk
    [2013/09/27 06:57:57 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/27 06:58:01 | 4194,439,168 | -HS- | M] () -- C:\pagefile.sys
    [2013/02/23 01:44:32 | 000,001,111 | ---- | M] () -- C:\Vídeos - Atalho.lnk
    [2013/06/24 23:56:54 | 000,000,000 | ---- | M] () -- C:\[1].mp3
     
    < %PROGRAMFILES%\*.* >
    [2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
     
    < %ALLUSERSPROFILE%\*.* >
    [2013/09/03 01:14:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\0
    [2013/09/03 01:15:16 | 000,000,004 | ---- | M] () -- C:\ProgramData\99
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
     
    < %APPDATA%\Microsoft\*.* >
     
    < %PROGRAMFILES%\*.* >
    [2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
     
    < %PROGRAMFILES%\Internet Explorer\*.* >
    [2013/04/05 03:05:44 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
    [2013/04/05 03:05:44 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
    [2013/04/05 03:05:44 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    [2013/04/05 03:05:44 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
    [2013/04/05 03:05:44 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    [2013/08/10 00:58:05 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    [2013/08/10 00:58:06 | 000,236,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    [2013/08/10 01:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2013/04/05 03:05:44 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    [2013/08/10 00:58:09 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
    [2013/04/05 03:05:44 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
    [2013/04/05 03:05:44 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
    [2013/04/05 03:05:44 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
    [2013/04/05 03:05:44 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
    [2013/04/05 03:05:44 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
    [2013/04/05 03:05:44 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
    [2013/08/10 00:58:55 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
     
    < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings >
    "IE5_UA_Backup_Flag" = 5.0
    "User Agent" = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    "EmailName" = User@
    "PrivDiscUiShown" = 1
    "EnableHttp1_1" = 1
    "WarnOnIntranet" = 1
    "MimeExclusionListForCache" = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
    "AutoConfigProxy" = wininet.dll -- [2013/08/10 00:59:10 | 001,767,936 | ---- | M] (Microsoft Corporation)
    "UseSchannelDirectly" = 01 00 00 00  [binary data]
    "WarnOnPost" = 01 00 00 00  [binary data]
    "UrlEncoding" = 0
    "SecureProtocols" = 160
    "PrivacyAdvanced" = 0
    "ZonesSecurityUpgrade" = 4C 2D 77 B3 E7 31 CE 01  [binary data]
    "DisableCachingOfSSLPages" = 0
    "WarnonZoneCrossing" = 0
    "CertificateRevocation" = 1
    "EnableNegotiate" = 1
    "MigrateProxy" = 1
    "ProxyEnable" = 0
    "ProxyHttp1.1" = 1
    "EnablePunycode" = 1
    "DisableIDNPrompt" = 0
    "ShowPunycode" = 0
    "WarnonBadCertRecving" = 1
    "WarnOnPostRedirect" = 1
    "GlobalUserOffline" = 0
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
     
    < \Connections >
    [2009/07/14 02:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2009/07/14 02:08:49 | 000,024,494 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/10/01 16:09:32 | 000,000,204 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
    [2012/10/16 16:18:09 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
    [2012/10/17 09:20:07 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/17 09:20:08 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 973 bytes -> C:\Program Files\Common Files\System:VOtcqS822XfxAQESN
    @Alternate Data Stream - 971 bytes -> C:\Users\Usuario\AppData\Local\PrgALpCCTNBZJ8m:mhcPL4e8AgffVULgiLno0f6
    @Alternate Data Stream - 969 bytes -> C:\Users\Usuario\AppData\Local\ncsGDdT5Ng:AZTSI3NSKCWn4xQzVtdPqpy
    @Alternate Data Stream - 915 bytes -> C:\ProgramData\Microsoft:oJgSu1m7BTTNNpIeu9KlYx
    @Alternate Data Stream - 1166 bytes -> C:\ProgramData\Microsoft:WtQ7wIh0ZEU8WWVWU7p2h
    @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:3qJy0ZawQlDkk4twzaHgxh
     
    < End of report >
     
    ________________________________________________________________________________________
     
     

    OTL Extras logfile created on: 27/09/2013 22:18:13 - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Usuario\Desktop\OTL
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
     
    3,91 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 59,66% Memory free
    7,81 Gb Paging File | 6,25 Gb Available in Paging File | 80,01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 195,21 Gb Total Space | 135,53 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
    Drive D: | 270,45 Gb Total Space | 230,46 Gb Free Space | 85,22% Space Free | Partition Type: NTFS
     
    Computer Name: DENISE-NB | User Name: Usuario | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0DAE3018-BDB1-4633-AA04-686C61A119C9}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{0E85D853-F7E7-4528-BF6F-2DA186F672C5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
    "{1747C8C6-0375-4835-B1A6-A60C115C82B4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{252CA68D-A22D-45AA-9F5B-AF6CCE7FD4EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{2BFE566B-F58D-4A3C-96A7-62E606E24863}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{2D471381-8B1A-48CA-B557-FB33610AE1F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{66B2095B-07D9-42D3-8B44-475527D49730}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{697B08B0-9270-4AB1-88A0-7098D20DB299}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{7852F687-63FA-4F93-96C2-7B8533816127}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{7BE1F0FA-75B5-4F0B-98C7-73B515D09A70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{7D1BFFD1-F0A4-4F15-92BE-C10A6AAB73CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{7E2D3C8B-D8C7-4ACB-9E6C-F530CF0810F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{807A8E23-1B14-4013-AB57-C4985396F0CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{868FF939-2252-4B3C-9814-9C2A3DA18791}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{9617460E-9AA8-4CFD-9706-B27B6CC780D5}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{A154CAF0-3CB4-424B-83B1-7AD4111A55ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BE80D67A-3F67-4FC9-A825-DFF4FC65C712}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{C248C864-CF22-412E-8E80-0790C52C2965}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{C62C94D8-AF72-4F09-ABD5-BEC3600ECD1D}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{D3ACAC5B-B99E-469E-BB01-CCA1F8DE8A7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{E093D334-B9FF-430A-90BD-97183CA768F3}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{E241EB66-A8EB-409E-9A91-3BA6A7B2850D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{EC1A2850-5391-4F3B-A802-2771BF238D24}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{EFC5F482-BC95-4D9C-B408-DF2B7929F31A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0663A97F-D63A-4E01-83BC-ADA51255A459}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{06B4FB3F-E642-46EE-AD58-3AE06BB2DB23}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
    "{1993C28C-DBA9-4C52-A97D-9AE5F82CEC80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{2232B6B3-88E6-4C71-80C7-A0FC1076E7B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{2E0B27EE-4313-44F2-B1EA-0DE798EA92A8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{302B6963-B4D1-479C-80DA-6466C9BBFE6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{332FC589-1518-4FD9-A5E3-2906C12C5B7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{3494AE22-5EA0-47EE-BCD3-6163B07A855A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{3A65B9C8-9CB9-4EE8-A894-45D91D6F8D51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{47993958-C2EF-41D6-8A6A-CB5F80CDF260}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{4B881D08-922D-471D-A993-285600655777}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{52562954-3C1B-4DB9-8160-9A234201C01F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{5951A989-9B0C-48B7-A10E-F21FBAC0D0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{6CB9394D-9B2A-4E06-82C0-AA51061328A5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{73210EAF-C2BF-4554-A314-1BCB937D09C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{79423684-007C-4B4E-9564-6712CE522BD7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{7CBFA93B-13DD-4BD4-B545-366CCF1E43D8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{8CF47DFF-0392-49B5-8F63-A07030DE7CBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{9D3FD1BE-7D97-4CE5-B2B1-FBE97D292E13}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{A28076C8-163A-4147-9901-1C73DA615DF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{AD5895AD-18CB-4736-A34B-9B0922D18D7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C305A9B5-E367-4664-AFD8-E86C5F671904}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{CF63F7D0-3848-4FA1-AC60-A605D7881E61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{D6D96207-46A1-491A-9AD8-DF146FC3B4D8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{DF929347-AEBF-4E21-9161-590A4AC2308C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{E8A710BF-25F9-4105-830E-CE91C605B906}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
    "{ECC82D15-A192-4198-981F-A60B5E6381D8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{EE134021-6DC9-42DE-AFDE-E05B9E71D794}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{F4001D9F-479C-4E85-97A2-FB4F23EB2C03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{F81CBA9A-8F0D-41C2-899D-DC29B8C85F49}" = protocol=6 | dir=out | app=system | 
    "{FCE9668A-D1A6-4323-8BB4-5628ABC99F1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "TCP Query User{B0680B24-307D-490D-8EED-4F27A7CDD3EE}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "UDP Query User{C8C6A5FD-62F6-41F1-8155-ACB50F58A02C}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86416045FF}" = Java™ 6 Update 45 (64-bit)
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.20 (64-bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java™ 6 Update 45
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1" = Módulo Adicional de Segurança CAIXA
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Suporte para Aplicativos Apple
    "{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1" = Wondershare Application Center 1.0.0.58
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
    "{90140000-0015-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
    "{90140000-0016-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
    "{90140000-0018-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
    "{90140000-0019-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
    "{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
    "{90140000-001B-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
    "{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0416-1000-0000000FF1CE}_Office14.PROPLUSR_{FE39121C-B405-4AAA-806C-A99042BE9219}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
    "{90140000-002C-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{13291F79-D997-49AD-9F31-5FAEE1F0FCF5}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
    "{90140000-0044-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
    "{90140000-006E-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{2134F8C8-2AD8-44EE-B86B-1B577FBD8D0E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
    "{90140000-00A1-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
    "{90140000-00BA-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 4.0.1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1046}" = Nero 7 Ultra Edition
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "aTube Catcher" = aTube Catcher
    "avast" = avast! Free Antivirus
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "Cobrança CAIXA" = Cobrança CAIXA
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Doro_is1" = Doro 1.62
    "Fotosizer" = Fotosizer 1.37
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 1.99.1
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MyFreeCodec" = MyFreeCodec
    "PhotoFiltre" = PhotoFiltre
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 18/09/2013 13:20:36 | Computer Name = Denise-NB | Source = Application Error | ID = 1000
    Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo
     de hora: 0x4f72c3ee  Nome do módulo de falhas: Public.dll, versão: 8.0.0.370, carimbo
     de hora: 0x4f72c345  Código de exceção: 0xc0000005  Deslocamento com falha: 0x0006ab31
    Identificação
     do processo com falha: 0xc58  Hora de início do aplicativo com falha: 0x01ceb4931349c0ab
    Caminho
     do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
    FCaminho
     do módulo de falhas: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Public.dll
    Identificação
     do Relatório: a106d432-2086-11e3-8257-5404a6a772c2
     
    Error - 18/09/2013 17:42:31 | Computer Name = Denise-NB | Source = Application Error | ID = 1000
    Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo
     de hora: 0x4f72c3ee  Nome do módulo de falhas: Public.dll, versão: 8.0.0.370, carimbo
     de hora: 0x4f72c345  Código de exceção: 0xc0000005  Deslocamento com falha: 0x0004db8e
    Identificação
     do processo com falha: 0x14ec  Hora de início do aplicativo com falha: 0x01ceb4b7d5df7459
    Caminho
     do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
    FCaminho
     do módulo de falhas: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Public.dll
    Identificação
     do Relatório: 385df387-20ab-11e3-8257-5404a6a772c2
     
    Error - 18/09/2013 19:47:17 | Computer Name = Denise-NB | Source = Application Error | ID = 1000
    Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo
     de hora: 0x4f72c3ee  Nome do módulo de falhas: Public.dll, versão: 8.0.0.370, carimbo
     de hora: 0x4f72c345  Código de exceção: 0xc0000005  Deslocamento com falha: 0x0006ab31
    Identificação
     do processo com falha: 0xb00  Hora de início do aplicativo com falha: 0x01ceb4c9611401d1
    Caminho
     do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
    FCaminho
     do módulo de falhas: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Public.dll
    Identificação
     do Relatório: a64645ef-20bc-11e3-b4ef-5404a6a772c2
     
    Error - 20/09/2013 12:18:07 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
    Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
     Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
     verifique o histórico de problemas no painel de controle da Central de Ações.    ID
     de Processo: 1630    Hora de Início: 01ceb61cd1b16374    Hora de Término: 6    Caminho do Aplicativo:
     C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
     
    Error - 23/09/2013 01:23:03 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
    Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
     Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
     verifique o histórico de problemas no painel de controle da Central de Ações.    ID
     de Processo: 13a4    Hora de Início: 01ceb80c8f34f9fd    Hora de Término: 5    Caminho do Aplicativo:
     C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
     
    Error - 24/09/2013 02:35:46 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
    Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
     Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
     verifique o histórico de problemas no painel de controle da Central de Ações.    ID
     de Processo: 11ac    Hora de Início: 01ceb8e20889307b    Hora de Término: 172    Caminho do
     Aplicativo: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório: 
      
     
    Error - 24/09/2013 12:18:17 | Computer Name = Denise-NB | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity()
     no Objeto de Gravador do Sistema..  Details: AddLegacyDriverFiles: Unable to back 
    up image of binary 3262350drv.  System Error: O sistema não pode encontrar o arquivo
     especificado.  .
     
    Error - 24/09/2013 12:18:17 | Computer Name = Denise-NB | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity()
     no Objeto de Gravador do Sistema..  Details: AddLegacyDriverFiles: Unable to back 
    up image of binary 29466069.  System Error: O sistema não pode encontrar o arquivo 
    especificado.  .
     
    Error - 26/09/2013 02:32:43 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
    Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
     Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
     verifique o histórico de problemas no painel de controle da Central de Ações.    ID
     de Processo: 1248    Hora de Início: 01ceba808215bd77    Hora de Término: 50    Caminho do 
    Aplicativo: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
     
    Error - 26/09/2013 16:45:34 | Computer Name = Denise-NB | Source = Application Hang | ID = 1002
    Description = O programa PhotoFiltre.exe versão 6.5.3.0 parou de interagir com o
     Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
     verifique o histórico de problemas no painel de controle da Central de Ações.    ID
     de Processo: 914    Hora de Início: 01cebaf4c85e04e0    Hora de Término: 318    Caminho do 
    Aplicativo: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe    Id do Relatório:   
     
    [ System Events ]
    Error - 10/05/2013 18:38:13 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 10/05/2013 21:24:19 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 11/05/2013 12:58:15 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 11/05/2013 19:16:13 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 11/05/2013 23:44:32 | Computer Name = Denise-NB | Source = EventLog | ID = 6008
    Description = O desligamento anterior do sistema em 00:14:03 às ?12/?05/?2013 não
     era esperado.
     
    Error - 12/05/2013 16:26:51 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 12/05/2013 20:11:12 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 13/05/2013 01:10:42 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 13/05/2013 07:24:12 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
    Error - 13/05/2013 11:56:38 | Computer Name = Denise-NB | Source = BROWSER | ID = 8032
    Description = 
     
     
    < End of report >
     


    #14
    JoseMelo

    JoseMelo

      Assistente Profissional

    • Assistente Profissional
    • 128.677 posts
    - Ok, os logs estão limpos :)
     
    - Faça o download do CCleaner:
    • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
  • - Desative e ative novamente a Restauração do Sistema
     
    - Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;
     
    - Se não tiver mais problema, clique no botão LuQlZ.png e diga que o seu caso foi resolvido.


    #15
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo

    Muito obrigada. Parece que agora está tudo OK.

    Antes de finalizar gostaria de fazer 2 perguntas:

    1. Notei que somente o Kaspersky foi o único que conseguiu detectar trojans. você recomenda que eu o mantenha instalado e o rode de tempos em tempos?

    2. O Malwarebytes e o Cleaner eu já os tinha instalados em meu nb e os rodo pelo menos uma vez por semana (sempre atualizados), mas em relação aos demais aplicativos que utilizei para este diagnóstico (Adwcleaner / OTL / HijackThis / Farbar Scanner / MbrScan) posso deletá-los?

    Mais uma vez, obrigada por sua ajuda.



    #16
    JoseMelo

    JoseMelo

      Assistente Profissional

    • Assistente Profissional
    • 128.677 posts
    1. Notei que somente o Kaspersky foi o único que conseguiu detectar trojans. você recomenda que eu o mantenha instalado e o rode de tempos em tempos?

    Não. Essa ferramenta não tem atualização online. Quando precisar rodá-la, baixe a última versão atualizada.

     

    ...mas em relação aos demais aplicativos que utilizei para este diagnóstico (Adwcleaner / OTL / HijackThis / Farbar Scanner / MbrScan) posso deletá-los?

    Sim.



    #17
    dcg

    dcg

      Membro

    • Membro
    • PipPip
    • 99 posts

    JoseMelo,

    Ok. Entendi. Vou deletar todos os aplicativos utilizados nestes posts e de tempos em tempos, quando precisar rodar o Kaspersky eu instalo a nova versão.

    Muito obrigada por sua ajuda.

    Estou encerrando este tópico como resolvido.



    #18
    Felipe-rj

    Felipe-rj

      Moderador

    • Moderador
    • 837 posts
    PROBLEMA RESOLVIDO
     
    Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

    Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.