Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
hleb

Computador lentão (análise de LOG)

Recommended Posts

Já tem algum tempo que não uso o Clube do Hardware (desde 2008 pra ser específico), mas meu notebook tá bem vagaroso ultimamente, parece que tá sobrecarregado o sistema.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.4.1

Run by Renan at 22:43:00 on 2013-06-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.3831.2220 [GMT -3:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\PostgreSQL\9.2\bin\postgres.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\PostgreSQL\9.2\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\PostgreSQL\9.2\bin\postgres.exe

C:\Program Files\PostgreSQL\9.2\bin\postgres.exe

C:\Program Files\PostgreSQL\9.2\bin\postgres.exe

C:\Program Files\PostgreSQL\9.2\bin\postgres.exe

C:\Program Files\PostgreSQL\9.2\bin\postgres.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\System32\vds.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Renan\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Renan\AppData\Roaming\WebCake\WebCakeDesktop.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

mWinlogon: Userinit = userinit.exe

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120629010751.dll

BHO: Auxiliar de Conexão de Conta da Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: DealPly Shopping: {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

uRun: [Facebook Update] "C:\Users\Renan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Google Update] "C:\Users\Renan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleChromeAutoLaunch_5A0AC7C947D61B7CEF1719C1CD276FF1] "C:\Users\Renan\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [WebCake Desktop] "C:\Users\Renan\AppData\Roaming\WebCake\WebCakeDesktop.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - C:\Users\Renan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - ms-its:C:\Program Files (x86)\The Tournament Director 2\TD.lib::/comdlg32.cab

TCP: NameServer = 192.168.25.1

TCP: Interfaces\{178DE7DB-B493-40A2-A435-46111AA2285C} : NameServer = 200.175.5.139,200.175.182.139

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129} : NameServer = 200.175.5.139,200.175.89.139

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129} : DHCPNameServer = 192.168.25.1

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129}\1405021333 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129}\25F63796 : DHCPNameServer = 192.168.1.1 200.221.11.100

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129}\36164657A7562716 : DHCPNameServer = 192.168.1.1 10.0.0.1

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129}\746545D223442333 : DHCPNameServer = 192.168.25.1

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129}\779666965554D4 : DHCPNameServer = 186.233.154.1 186.233.154.3

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129}\A41636B656023516C6C65637 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D51EAFC2-DB61-4B7A-94C4-8657ADD048CD} : NameServer = 200.175.5.139,200.175.182.139

TCP: Interfaces\{D51EAFC2-DB61-4B7A-94C4-8657ADD048CD} : DHCPNameServer = 192.168.2.254

TCP: Interfaces\{DE90E781-1980-43DC-B51D-242A2E8145C9} : NameServer = 200.175.5.139,200.175.182.139

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120629010751.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3

x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\5sg4liwh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Renan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Renan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\5sg4liwh.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\plugins\npgbfnc_bb.dll

FF - plugin: C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\5sg4liwh.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\plugins\npgbfnc_cef.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - ExtSQL: 2013-06-08 18:32; {87F8774F-B485-47E2-A755-A40A8A5E886D}; C:\Users\Renan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.webcake.installId - eec1ffc8-5d15-4c16-ac81-e93ff75dfed2

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

.

============= SERVICES / DRIVERS ===============

.

R?2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-4 201304]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 771536]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 340216]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-17 30056]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-14 55856]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2010-12-13 21616]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-14 98208]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-6-8 414536]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-4 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-4 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-12-14 241456]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-12-14 218760]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-12-14 182752]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2010-12-14 27760]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 70112]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-14 175168]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-14 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-14 158976]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-12-14 168536]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 309840]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 515968]

R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-12-14 29288]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S2 dealplylive;Serviço do DealPly Live (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-6-11 148000]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

S3 dealplylivem;Serviço do DealPly Live (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-6-11 148000]

S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2009-8-10 119680]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-4 196440]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 106552]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-27 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-4 201304]

.

=============== Created Last 30 ================

.

2013-06-12 01:32:59 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-06-12 00:44:37 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{782774C2-8D30-4113-B671-8ABF4CD63A0C}\offreg.dll

2013-06-12 00:41:23 -------- d-----w- C:\Users\Renan\AppData\Roaming\WebCake

2013-06-12 00:41:22 -------- d-----w- C:\Program Files (x86)\WebCake

2013-06-12 00:41:16 -------- d-----w- C:\Users\Renan\AppData\Local\DealPlyLive

2013-06-12 00:41:16 -------- d-----w- C:\ProgramData\DealPlyLive

2013-06-12 00:41:16 -------- d-----w- C:\Program Files (x86)\DealPlyLive

2013-06-12 00:41:11 -------- d-----w- C:\Users\Renan\AppData\Roaming\Dealply

2013-06-12 00:41:10 -------- d-----w- C:\Program Files (x86)\DealPly

2013-06-12 00:41:08 -------- d-----w- C:\ProgramData\Tarma Installer

2013-06-12 00:37:39 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 00:37:39 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-06-12 00:37:38 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 00:37:10 -------- d-----w- C:\Users\Renan\AppData\Local\WinZip

2013-06-12 00:34:18 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 00:34:18 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-06-12 00:26:42 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{782774C2-8D30-4113-B671-8ABF4CD63A0C}\mpengine.dll

2013-06-11 02:09:30 -------- d-----w- C:\Users\Renan\AppData\Local\Chromium

2013-06-11 02:07:11 -------- d-----w- C:\Users\Renan\AppData\Roaming\Sports Interactive

2013-06-11 02:07:11 -------- d-----w- C:\Users\Renan\AppData\Local\Sports Interactive

2013-06-11 02:07:01 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll

2013-06-11 02:07:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_41.dll

2013-06-11 02:07:01 2430312 ----a-w- C:\Windows\System32\D3DCompiler_41.dll

2013-06-11 02:07:01 1846632 ----a-w- C:\Windows\SysWow64\D3DCompiler_41.dll

2013-06-11 02:05:59 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll

2013-06-11 01:30:52 -------- d-----w- C:\Program Files (x86)\dumps

2013-06-11 01:30:08 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-06-11 01:30:06 -------- d-----w- C:\Program Files (x86)\Steam

2013-06-11 00:47:55 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf

2013-06-11 00:47:54 -------- d-----w- C:\Program Files (x86)\Overwolf

2013-06-11 00:29:35 -------- d-----w- C:\Users\Renan\AppData\Local\Overwolf

2013-06-10 03:28:09 720594 ----a-w- C:\Users\Renan\AppData\Roaming\unins000.exe

2013-06-08 21:36:21 -------- d-----w- C:\ProgramData\boost_interprocess

2013-06-08 21:32:45 -------- d-----w- C:\Users\Renan\AppData\Local\GAS Tecnologia

2013-06-08 21:32:45 -------- d-----w- C:\ProgramData\GAS Tecnologia

2013-06-08 21:32:35 -------- d-----w- C:\Users\Renan\AppData\Local\Programs

.

==================== Find3M ====================

.

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-15 03:24:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 03:24:30 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-02 05:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 08:36:01 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-04-04 08:35:52 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 22:45:23,81 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/01/2011 19:16:33

System Uptime: 11/06/2013 22:40:09 (0 hours ago)

.

Motherboard: Dell Inc. | | 0MDPK8

Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU 1 | 2528/532mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 351,322 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador de Miniporta WiFi Virtual da Microsoft

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&81C7E18&0&02

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter #2

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&81C7E18&0&02

Service: vwifimp

.

==== System Restore Points ===================

.

RP222: 24/05/2013 23:25:32 - Windows Update

RP223: 28/05/2013 17:32:01 - Windows Update

RP224: 03/06/2013 17:26:34 - Windows Update

RP225: 07/06/2013 18:30:19 - Windows Update

RP226: 08/06/2013 18:39:19 - Removed Java 7 Update 21

RP227: 08/06/2013 18:39:54 - Removed Java 7 Update 21

RP228: 10/06/2013 22:29:39 - Installed Steam

RP229: 10/06/2013 23:04:33 - DirectX instalado

RP230: 11/06/2013 21:23:46 - Windows Update

RP231: 11/06/2013 22:31:42 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.21beta

AccelerometerP11

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) - Português

Advanced Audio FX Engine

Apple Mobile Device Support

Apple Software Update

Arquivo do WinRAR

µTorrent

Atualizações da NVIDIA 1.11.3

Bet Angel - Professional

Bing Bar

Bonjour

CDisplay 1.8

CyberScript v3.2

D3DX10

Dealply

DealPly (remove only)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Webcam Central

Facebook Video Calling 1.2.0.287

FairBot

Football Manager 2013

Free YouTube to MP3 Converter version 3.11.35.1031

Full Tilt Poker

Galeria de Fotos

GCAP2010

Google Chrome

Google Earth

Google Update Helper

GoToAssist 8.0.0.514

Holdem Manager 2

iCloud

ICM Trainer Light

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

iTunes

Java Auto Updater

Java 6 Update 21 (64-bit)

Java 6 Update 29

JavaFX 2.1.0

JMicron Flash Media Controller Driver

K-Lite Codec Pack 7.2.0 (Full)

Logitech Gaming Software 64

Módulo Adicional de Segurança CAIXA

McAfee Security Scan Plus

McAfee SecurityCenter

Media Player Classic - Home Cinema v1.4.2499.0

Messenger Plus! Live

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5 PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

mIRC

Monitor da tecnologia Intel® Turbo Boost

Movie Maker

Mozilla Firefox 16.0.2 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

MSVCRT110_amd64

Nelogica ProfitChart Diário

NVIDIA Display Control Panel

NVIDIA Driver de gráficos 310.70

NVIDIA Driver de áudio HD 1.3.18.0

NVIDIA Driver do 3D Vision 310.70

NVIDIA Install Application

NVIDIA Optimus 1.11.3

NVIDIA PhysX

NVIDIA Software do sistema PhysX 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

NVIDIA Updatus

Overwolf

Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil)

Painel de controle da NVIDIA 310.70

PartyPoker

Photo Common

Photo Gallery

Picasa 3

PokerRoom Home Game Organizer

PokerStars

PokerTracker 4 (remove only)

PostgreSQL 8.3

PostgreSQL 9.2

PowerISO

Quickset64

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Burn

SAD-Micro v6.10

Security Update for Microsoft .NET Framework 4.5 (KB2729460)

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2804582)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shared C Run-time for x64

Show do Milhão 2006

SitNGo Wizard

Skype Click to Call

Skype™ 6.1

Software Intel® PROSet/Wireless WiFi

Sorte Certa Evolution 2.4.7

Steam

Super HUD

Suporte para Aplicativos Apple

Synaptics Pointing Device Driver

System Requirements Lab CYRI

TeamSpeak 3 Client

TeamViewer 8

The Tournament Director 2

TuneUp Utilities Language Pack (pt-BR)

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

WebCake 3.00

Winamp

Winamp Detectar Aplicação

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Winner Poker

WinZip 17.5

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-06-12 01:19:09

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00 465,76GB

Running: gmer.exe; Driver: C:\Users\Renan\AppData\Local\Temp\pglorpow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800039ee000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800039ee02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[660] C:\Windows\syswow64\kernel32.dll!FreeLibrary 00000000760534a8 5 bytes JMP 000000013b6a7c76

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[660] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 000000007606d56a 5 bytes JMP 000000013b6a7bee

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[660] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000077492c91 4 bytes CALL 71af0000

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[660] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[660] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]

.text ... * 2

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]

.text ... * 2

.text C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]

.text C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]

.text ... * 2

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[3100] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077596f80 5 bytes JMP 0000000170fcb440

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[3100] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077597070 5 bytes JMP 0000000170fcb320

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076061429 7 bytes JMP 000000016e8412a8

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007607b223 5 bytes JMP 000000016e8415b9

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760f88f4 7 bytes JMP 000000016e841352

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000760f8979 5 bytes JMP 000000016e8416db

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760f8ccf 5 bytes JMP 000000016e841023

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077491d1b 5 bytes JMP 000000016e8411ea

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077491dc9 5 bytes JMP 000000016e84101e

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077492aa4 5 bytes JMP 000000016e841569

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077492d0a 5 bytes JMP 000000016e84128f

.text C:\Program Files (x86)\Steam\Steam.exe[5756] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007749549c 5 bytes JMP 0000000100100800

.text C:\Users\Renan\AppData\Roaming\WebCake\WebCakeDesktop.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]

.text C:\Users\Renan\AppData\Roaming\WebCake\WebCakeDesktop.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]

.text ... * 2

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771e1465 2 bytes [1E, 77]

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771e14bb 2 bytes [1E, 77]

.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2004] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f49b9f0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

---- Files - GMER 2.1 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00DF3.log 1048576 bytes

---- EOF - GMER 2.1 ----

Editado por renangraia

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro renangraia

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Renan on 13/06/2013 at 1:05:00,49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Renan\AppData\Roaming\dealply"

Successfully deleted: [Folder] "C:\Users\Renan\AppData\Roaming\dvdvideosoftiehelpers"

Successfully deleted: [Folder] "C:\Users\Renan\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Program Files (x86)\dealply"

~~~ FireFox

Successfully deleted: [File] C:\Users\Renan\AppData\Roaming\mozilla\firefox\profiles\5sg4liwh.default\user.js

Successfully deleted: [File] C:\Users\Renan\AppData\Roaming\mozilla\firefox\profiles\5sg4liwh.default\searchplugins\sweetim.xml

Successfully deleted: [Folder] C:\Users\Renan\AppData\Roaming\mozilla\firefox\profiles\5sg4liwh.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}

Successfully deleted the following from C:\Users\Renan\AppData\Roaming\mozilla\firefox\profiles\5sg4liwh.default\prefs.js

user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");

user_pref("sweetim.toolbar.dialogs.0.enable", "true");

user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");

user_pref("sweetim.toolbar.dialogs.0.height", "335");

user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html");

user_pref("sweetim.toolbar.dialogs.0.width", "761");

user_pref("sweetim.toolbar.dialogs.1.enable", "true");

user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");

user_pref("sweetim.toolbar.dialogs.1.height", "300");

user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");

user_pref("sweetim.toolbar.dialogs.1.width", "500");

user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube

user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.mode.debug", "false");

user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");

user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");

user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

user_pref("sweetim.toolbar.scripts.0.enable", "true");

user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");

user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");

user_pref("sweetim.toolbar.scripts.1.callback", "");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");

user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");

user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");

user_pref("sweetim.toolbar.scripts.1.enable", "true");

user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");

user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");

user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear

user_pref("sweetim.toolbar.search.history.capacity", "10");

user_pref("sweetim.toolbar.searchguard.enable", "true");

user_pref("sweetim.toolbar.simapp_id", "{5757BB50-8774-42D0-876B-F28238895450}");

user_pref("sweetim.toolbar.version", "1.5.0.2");

Emptied folder: C:\Users\Renan\AppData\Roaming\mozilla\firefox\profiles\5sg4liwh.default\minidumps [17 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 13/06/2013 at 1:11:17,23

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.303 - Relatório criado em 13/06/2013 às 01:16:48

# Atualizado em 08/06/2013 por Xplode

# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuário : Renan - RENAN-PC

# Modo de Boot : Normal

# Executado de : C:\Users\Renan\Downloads\AdwCleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Pasta Removido : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Pasta Removido : C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\5sg4liwh.default\SweetPacksToolbarData

***** [Registro] *****

Chave Removida : HKCU\Software\InstallCore

Chave Removida : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

Chave Removida : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Chave Removida : HKLM\SOFTWARE\Tarma Installer

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registro está limpo.

-\\ Mozilla Firefox v16.0.2 (pt-BR)

Arquivo : C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\5sg4liwh.default\prefs.js

Removida : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

Removida : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

-\\ Google Chrome v27.0.1453.110

Arquivo : C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[R1].txt - [2007 octets] - [13/06/2013 01:16:20]

AdwCleaner[s1].txt - [1914 octets] - [13/06/2013 01:16:48]

########## EOF - C:\AdwCleaner[s1].txt - [1974 octets] ##########

ComboFix 13-06-12.02 - Renan 13/06/2013 1:25.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.3831.1631 [GMT -3:00]

Executando de: c:\users\Renan\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\BHK

c:\program files (x86)\BHK\SAD-Micro610\e01p02.fdd

c:\program files (x86)\BHK\SAD-Micro610\exemplo.PAKM

c:\program files (x86)\BHK\SAD-Micro610\GISADMICRO610.exe

c:\program files (x86)\BHK\SAD-Micro610\JogoGIMicro.bin

c:\program files (x86)\BHK\SAD-Micro610\P04E01 (1).PAKM

c:\program files (x86)\BHK\SAD-Micro610\Uninstal.exe

c:\users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8B70FA06-86ED-4E10-B4BC-F5A1ABFAB41B}.xps

c:\users\Renan\AppData\Roaming\Roaming

c:\users\Renan\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml

c:\users\Renan\AppData\Roaming\unins000.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-05-13 to 2013-06-13 ))))))))))))))))))))))))))))

.

.

2013-06-13 04:42 . 2013-06-13 04:42 -------- d-----w- c:\users\postgres\AppData\Local\temp

2013-06-13 04:42 . 2013-06-13 04:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-13 04:42 . 2013-06-13 04:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-13 04:32 . 2013-06-13 04:32 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{782774C2-8D30-4113-B671-8ABF4CD63A0C}\offreg.dll

2013-06-13 04:04 . 2013-06-13 04:04 -------- d-----w- c:\windows\ERUNT

2013-06-13 04:04 . 2013-06-13 04:04 -------- d-----w- C:\JRT

2013-06-12 01:32 . 2013-05-17 03:30 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2013-06-12 00:41 . 2013-06-12 00:41 -------- d-----w- c:\program files (x86)\7-Zip

2013-06-12 00:41 . 2013-06-12 04:46 -------- d-----w- c:\program files (x86)\DealPlyLive

2013-06-12 00:41 . 2013-06-12 00:41 -------- d-----w- c:\users\Renan\AppData\Local\DealPlyLive

2013-06-12 00:41 . 2013-06-12 00:41 -------- d-----w- c:\programdata\DealPlyLive

2013-06-12 00:37 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-06-12 00:37 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-06-12 00:37 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-12 00:37 . 2013-06-12 00:37 -------- d-----w- c:\users\Renan\AppData\Local\WinZip

2013-06-12 00:36 . 2013-06-12 00:36 -------- d-----w- c:\programdata\WinZip

2013-06-12 00:36 . 2013-06-12 00:36 -------- d-----w- c:\program files\WinZip

2013-06-12 00:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-06-12 00:34 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-06-12 00:26 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{782774C2-8D30-4113-B671-8ABF4CD63A0C}\mpengine.dll

2013-06-11 02:09 . 2013-06-11 02:09 -------- d-----w- c:\users\Renan\AppData\Local\Chromium

2013-06-11 02:07 . 2013-06-11 02:07 -------- d-----w- c:\users\Renan\AppData\Roaming\Sports Interactive

2013-06-11 02:07 . 2013-06-11 02:07 -------- d-----w- c:\users\Renan\AppData\Local\Sports Interactive

2013-06-11 02:07 . 2009-03-09 18:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll

2013-06-11 02:07 . 2009-03-09 18:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll

2013-06-11 02:07 . 2009-03-09 18:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2013-06-11 02:07 . 2009-03-09 18:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll

2013-06-11 02:05 . 2006-09-28 19:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll

2013-06-11 01:30 . 2013-06-11 01:30 -------- d-----w- c:\program files (x86)\dumps

2013-06-11 01:30 . 2013-06-11 01:30 -------- d-----w- c:\program files (x86)\Common Files\Steam

2013-06-11 01:30 . 2013-06-13 04:19 -------- d-----w- c:\program files (x86)\Steam

2013-06-11 00:47 . 2013-06-11 00:47 -------- d-----w- c:\program files (x86)\Common Files\Overwolf

2013-06-11 00:47 . 2013-06-11 00:48 -------- d-----w- c:\program files (x86)\Overwolf

2013-06-11 00:29 . 2013-06-11 00:52 -------- d-----w- c:\users\Renan\AppData\Local\Overwolf

2013-06-08 21:32 . 2013-06-12 21:07 -------- d-----w- c:\programdata\GAS Tecnologia

2013-06-08 21:32 . 2013-06-08 21:32 -------- d-----w- c:\users\Renan\AppData\Local\GAS Tecnologia

2013-06-08 21:32 . 2013-06-08 21:32 -------- d-----w- c:\users\Renan\AppData\Local\Programs

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 21:24 . 2012-04-04 01:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-12 21:24 . 2011-05-17 02:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 01:33 . 2011-01-14 07:20 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-05-02 05:06 . 2012-05-30 23:28 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-30 04:16 . 2013-04-30 04:16 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-04-30 04:16 . 2013-04-30 04:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-30 04:16 . 2013-04-30 04:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-30 04:16 . 2013-04-30 04:16 81408 ----a-w- c:\windows\system32\icardie.dll

2013-04-30 04:16 . 2013-04-30 04:16 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-04-30 04:16 . 2013-04-30 04:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-04-30 04:16 . 2013-04-30 04:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-30 04:16 . 2013-04-30 04:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-04-30 04:16 . 2013-04-30 04:16 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-04-30 04:16 . 2013-04-30 04:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-04-30 04:16 . 2013-04-30 04:16 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-04-30 04:16 . 2013-04-30 04:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-04-30 04:16 . 2013-04-30 04:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-04-30 04:16 . 2013-04-30 04:16 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-04-30 04:16 . 2013-04-30 04:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-04-30 04:16 . 2013-04-30 04:16 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-30 04:16 . 2013-04-30 04:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-04-30 04:16 . 2013-04-30 04:16 441856 ----a-w- c:\windows\system32\html.iec

2013-04-30 04:16 . 2013-04-30 04:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-04-30 04:16 . 2013-04-30 04:16 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-04-30 04:16 . 2013-04-30 04:16 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-04-30 04:16 . 2013-04-30 04:16 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-30 04:16 . 2013-04-30 04:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-04-30 04:16 . 2013-04-30 04:16 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-04-30 04:16 . 2013-04-30 04:16 235008 ----a-w- c:\windows\system32\url.dll

2013-04-30 04:16 . 2013-04-30 04:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-04-30 04:16 . 2013-04-30 04:16 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-04-30 04:16 . 2013-04-30 04:16 216064 ----a-w- c:\windows\system32\msls31.dll

2013-04-30 04:16 . 2013-04-30 04:16 197120 ----a-w- c:\windows\system32\msrating.dll

2013-04-30 04:16 . 2013-04-30 04:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-04-30 04:16 . 2013-04-30 04:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-30 04:16 . 2013-04-30 04:16 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-04-30 04:16 . 2013-04-30 04:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-04-30 04:16 . 2013-04-30 04:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-30 04:16 . 2013-04-30 04:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-04-30 04:16 . 2013-04-30 04:16 149504 ----a-w- c:\windows\system32\occache.dll

2013-04-30 04:16 . 2013-04-30 04:16 144896 ----a-w- c:\windows\system32\wextract.exe

2013-04-30 04:16 . 2013-04-30 04:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-04-30 04:16 . 2013-04-30 04:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-04-30 04:16 . 2013-04-30 04:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-04-30 04:16 . 2013-04-30 04:16 13824 ----a-w- c:\windows\system32\mshta.exe

2013-04-30 04:16 . 2013-04-30 04:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-04-30 04:16 . 2013-04-30 04:16 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-04-30 04:16 . 2013-04-30 04:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-30 04:16 . 2013-04-30 04:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-04-30 04:16 . 2013-04-30 04:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-04-30 04:16 . 2013-04-30 04:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-04-30 04:16 . 2013-04-30 04:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-30 04:16 . 2013-04-30 04:16 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-13 05:49 . 2013-05-15 02:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 02:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 02:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 02:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 02:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 02:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 23:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 08:36 . 2012-05-22 00:42 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-04-04 08:35 . 2010-12-14 03:40 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 06:04 . 2013-04-10 02:02 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 02:02 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 02:02 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 02:02 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 02:02 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 02:02 112640 ----a-w- c:\windows\system32\smss.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Renan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"GoogleChromeAutoLaunch_5A0AC7C947D61B7CEF1719C1CD276FF1"="c:\users\Renan\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-05-29 825808]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-01-12 274608]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2013-05-09 18:57 1363272 ------w- c:\program files (x86)\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 30f1

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys;c:\windows\SYSNATIVE\Drivers\GemCCID.sys [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]

S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [x]

S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*Deregistered* - mfeavfk01

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:24]

.

2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2754302728-3684466347-1861712972-1001Core.job

- c:\users\Renan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 22:10]

.

2013-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2754302728-3684466347-1861712972-1001UA.job

- c:\users\Renan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 22:10]

.

2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 06:31]

.

2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 06:31]

.

2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754302728-3684466347-1861712972-1001Core.job

- c:\users\Renan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 00:08]

.

2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754302728-3684466347-1861712972-1001UA.job

- c:\users\Renan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 00:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-07-29 6470760]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Enviar para o OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Renan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: caixa.gov.br\imagem

Trusted Zone: caixa.gov.br\internetbanking

Trusted Zone: caixa.gov.br\internetbankingpf

Trusted Zone: caixa.gov.br\www

TCP: DhcpNameServer = 192.168.25.1

TCP: Interfaces\{178DE7DB-B493-40A2-A435-46111AA2285C}: NameServer = 200.175.5.139,200.175.182.139

TCP: Interfaces\{2B94F030-75F2-4E7A-99CC-30C53FA60129}: NameServer = 200.175.5.139,200.175.89.139

TCP: Interfaces\{D51EAFC2-DB61-4B7A-94C4-8657ADD048CD}: NameServer = 200.175.5.139,200.175.182.139

TCP: Interfaces\{DE90E781-1980-43DC-B51D-242A2E8145C9}: NameServer = 200.175.5.139,200.175.182.139

FF - ProfilePath - c:\users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\5sg4liwh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

FF - ExtSQL: 2013-06-08 18:32; {87F8774F-B485-47E2-A755-A40A8A5E886D}; c:\users\Renan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Renan\AppData\Roaming\unins000.exe

AddRemove-SAD-Micro v6.10 - c:\program files (x86)\BHK\SAD-Micro610\Uninstal.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]

"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]

"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-06-13 02:02:15

ComboFix-quarantined-files.txt 2013-06-13 05:02

.

Pré-execução: 393.512.849.408 bytes disponíveis

Pós execução: 395.021.983.744 bytes disponíveis

.

- - End Of File - - DD87AA0B204B962EDC595E86F601A806

D41D8CD98F00B204E9800998ECF8427E

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro renangraia

# Etapa nº 1 #

Delete as pastas:

c:\program files (x86)\DealPlyLive

c:\users\Renan\AppData\Local\DealPlyLive

c:\programdata\DealPlyLive

# Etapa nº 2 #

Desinstale o seguinte programa caso ainda esteja instalado: WebCake 3.00

# Etapa nº 3 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Deletei as pastas, e o webcake já tinha sido desinstalado. Segue log do Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.06.14.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16614

Renan :: RENAN-PC [administrador]

Proteção: Permitir

14/06/2013 18:09:10

mbam-log-2013-06-14 (18-09-10).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 280836

Tempo decorrido: 12 minuto(s), 33 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1

C:\Users\Renan\Downloads\windows-movie-maker-2-creativity-fun-pack-baixaki-32-bits-18102012185338.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro renangraia

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×