Ir ao conteúdo
  • Cadastre-se
danirruas

Arquivos virando corrompidos

Recommended Posts

Boa tarde,

Meu pc esteve lento durante algumas semanas e a 3 dias começou a corromper os arquivos que mexo. Exemplo: trabalho num jpg, e salvo. Quando vou abrir de novo diz que não é possível. Vou verificar e o arquivo está corrompido. O mesmo para outros de outras extensões e qualquer arquivo que salvo do e-mail, e etc. Não posso abrir nenhum q corrompem.

Gostaria da ajuda de vocês, penso que pode ser Malware, pois tenho antivírus McAfee completo.

Tenho 2 discos. Um particionado para arquivos. C e E com windows, mas costumo usar só win do C:

Achei semana passada um arquivo desconhecido por mim no E: fora das pastas, com extensão .x

Deletei ele pois o antivírus travava ao passar.

Seguem os logs.

Agradeço desde já,

Abç!!

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 04/09/2010 15:13:43

System Uptime: 02/07/2013 04:14:32 (1 hours ago)

.

Motherboard: Dell Inc. | | 033FF6

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 137,76 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 151 GiB total, 49,463 GiB free.

F: is FIXED (NTFS) - 314 GiB total, 162,443 GiB free.

G: is Removable

H: is Removable

I: is Removable

J: is Removable

L: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP225: 12/06/2013 23:55:45 - Windows Update

RP226: 14/06/2013 02:27:06 - Windows Update

RP227: 16/06/2013 14:49:53 - Windows Update

RP228: 24/06/2013 00:00:05 - Ponto de Verificação Agendado

RP229: 26/06/2013 07:44:00 - Windows Update

RP230: 29/06/2013 21:48:18 - Installed Java 7 Update 25

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Reader X (10.1.7) - Português

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Akamai NetSession Interface

Akamai NetSession Interface Service

AMCap

AMR Converter Pro

Analysis Bio

Analysis CST

Apple Software Update

Arquivo do WinRAR

Artlantis Studio 3.0

µTorrent

AutoCAD 2006 - English

AutoCAD 2011 - English

AutoCAD 2011 Language Pack - English

Autodesk Design Review 2011

Autodesk DWF Viewer

Autodesk Material Library 2011

Autodesk Material Library 2011 Base Image library

BitTorrent

BroadGun pdfMachine

BrOffice.org 3.2

Canon Inkjet Printer Driver Add-On Module

Connect

Corel Shell Extension - 64Bit

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang BR

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Software de Suporte)

Desinstalar impressora EPSON TX230 Series

DirectXInstallService

EMC 10 Content

EMCGadgets64

Epson Customer Participation

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

EPSON Scan

ESET Online Scanner v3

Evernote v. 4.6.6

FARO LS 1.1.406.58

Ferramenta de Carregamento do Windows Live

Google Chrome

Google Earth

Google SketchUp 6

Google SketchUp Pro 8

Google Update Helper

GoToAssist 8.0.0.514

HijackThis 2.0.2

IBA Reader

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

Java 7 Update 25

Java Auto Updater

Java 6 Update 20 (64-bit)

Java 6 Update 31

Junk Mail filter update

kuler

Malwarebytes' Anti-Malware versão 1.51.2.1300

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office com Clique para Executar 2010

Microsoft Office Starter 2010 - Português (Brasil)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 21.0 (x86 pt-BR)

Mozilla Maintenance Service

MP3 Skype Recorder

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetLimiter 1.30 (remove only)

NVIDIA Drivers

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

PDF Settings CS4

Photoshop Camera Raw

Photoshop Camera Raw_x64

PowerDVD DX

Presto! Mr. Photo

Programa DecaCAD e Catálogo Eletrônico v3.2 64 bits

QuickTime

Realtek High Definition Audio Driver

Receitanet

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio File Backup

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Shared C Run-time for x64

Skype Click to Call

Skype™ 6.5

Sonic CinePlayer Decoder Pack

Suite Shared Configuration CS4

Suporte para Aplicativos Apple

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

USB Scanner

VD64Inst

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

Visualizador do Microsoft PowerPoint

VLC media player 2.0.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2

Run by Daniele BR at 5:21:17 on 2013-07-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4055.2704 [GMT -3:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIHLL.EXE

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Windows\SysWOW64\WTClient.exe

C:\Windows\System32\spool\drivers\x64\3\bgsmsnd.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

C:\Users\Daniele BR\Downloads\-Remoção de vírus e malware\dds.com

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851643

uSearch Bar = Preserve

uProxyOverride = 127.0.0.1:9421;<local>

uURLSearchHooks: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - <orphaned>

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\MSK\mskapbho.dll

BHO: pdfMachine: {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120627091353.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: pdfMachine: {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll

TB: pdfMachine: {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AdobeBridge] <no file>

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [NWEReboot] <no file>

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\DANIEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\DANIEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Capturar esta página - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Capturar imagem - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Capturar seleção - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Capturar URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Nova nota - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{1D8BCDB5-6FF5-4198-9F06-1B32B319C8FB} : DHCPNameServer = 200.222.122.134 192.168.0.1

TCP: Interfaces\{3B6AE428-2091-442A-92C8-D366C74A1B80} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120627091353.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\

FF - prefs.js: browser.startup.homepage - hxxps://internetbanking.caixa.gov.br/siwin/adesao/dadosConta.do;jsessionid=1531af41e14bf01f1ae08b2200aca:m+kc?acao=cadDadosConta:http://worldarchitecture.org/wanews/mnfv/temple-university-march-apply-now.html|http://architecture.temple.edu/|http://www.mindmanager.com.br/1/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=a42241a8000000000000000021d7e123&q=

FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-05-13 23:39; clipconverter@clipconverter.cc; C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\extensions\clipconverter@clipconverter.cc.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack -

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - def

FF - user.js: extensions.BabylonToolbar_i.id - a42241a8000000000000000021d7e123

FF - user.js: extensions.BabylonToolbar_i.hardId - a42241a8000000000000000021d7e123

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15398

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:20:05

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babclient

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - std

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 771536]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 340216]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-30 55280]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-29 151648]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-3-17 552832]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-10-26 56776]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-30 241456]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-30 218760]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-30 182752]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-30 673088]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 70112]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-31 56344]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-31 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-8-31 321064]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 309840]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 515968]

R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2007-6-7 28672]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-7 1436424]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-23 196440]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-31 158976]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 106552]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]

S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2007-4-23 14336]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-5 1255736]

S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile="C:\Windows\SysWOW64\notepad.exe" "%1"

.

=============== Created Last 30 ================

.

2013-06-30 00:49:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-13 02:57:19 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 21:22:32 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 21:22:31 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 21:22:30 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-06-12 21:22:25 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-06-12 21:22:25 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-06-12 21:22:02 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-06-12 21:22:02 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-06-12 21:21:58 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-06-12 21:21:57 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-06-12 21:21:56 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-12 21:21:56 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-12 21:21:56 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-12 21:21:56 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-06-12 21:21:56 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-06-12 21:21:55 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-06-12 21:21:55 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-06-12 21:21:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-06-12 21:21:04 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 21:21:03 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-06-12 19:25:07 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-06-10 15:28:59 -------- d-----w- C:\Users\Daniele BR\AppData\Local\{07D616C9-0835-4BA5-92E2-52A388919351}

2013-06-10 15:28:23 -------- d-----w- C:\Users\Daniele BR\AppData\Local\{C9413F21-FAA7-4D73-B87F-BE97EC448EDD}

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2013-06-30 00:49:47 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-30 00:49:47 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-12 19:25:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 19:25:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-01 06:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2013-05-01 06:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-11 22:54:26 288688 ----a-r- C:\Windows\System32\drivers\360FltOEM.sys

2013-04-11 21:52:52 382976 ----a-r- C:\Windows\System32\PsClikS64.dll

2013-04-11 21:52:52 322560 ----a-r- C:\Windows\SysWow64\PsClikS.dll

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 5:22:14,54 ===============

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-02 11:39:19

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.02.03E02 298,09GB

Running: o4ixoith.exe; Driver: C:\Users\DANIEL~1\AppData\Local\Temp\uxrdypog.sys

---- Kernel code sections - GMER 2.1 ----

PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff88000e3f4a0 12 bytes {MOV RAX, 0xfffffa8003d8c2a0; JMP RAX}

.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88002f7bd64 12 bytes {MOV RAX, 0xfffffa800547f2a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]

.text C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]

.text ... * 2

.text C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]

.text C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]

.text ... * 2

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]

.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]

.text ... * 2

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88001084650] \SystemRoot\System32\Drivers\spvh.sys [unknown section]

IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010845dc] \SystemRoot\System32\Drivers\spvh.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800104f35c] \SystemRoot\System32\Drivers\spvh.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800104f224] \SystemRoot\System32\Drivers\spvh.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800104fa24] \SystemRoot\System32\Drivers\spvh.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800104fba0] \SystemRoot\System32\Drivers\spvh.sys [unknown section]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1788] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f25b9f0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 fffffa80049e12c0

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80049e12c0

Device \Driver\atapi \Device\Ide\IdePort0 fffffa80049e12c0

Device \Driver\atapi \Device\Ide\IdePort1 fffffa80049e12c0

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80049e12c0

Device \Driver\ax64c4sa \Device\Scsi\ax64c4sa1Port2Path0Target0Lun0 fffffa80054872c0

Device \Driver\ax64c4sa \Device\Scsi\ax64c4sa1 fffffa80054872c0

Device \FileSystem\Ntfs \Ntfs fffffa80049e52c0

Device \FileSystem\fastfat \Fat fffffa80062a32c0

Device \Driver\USBSTOR \Device\00000088 fffffa8005ac32c0

Device \Driver\usbehci \Device\USBPDO-1 fffffa80054812c0

Device \Driver\cdrom \Device\CdRom0 fffffa80051712c0

Device \Driver\cdrom \Device\CdRom1 fffffa80051712c0

Device \Driver\USBSTOR \Device\00000089 fffffa8005ac32c0

Device \Driver\usbehci \Device\USBFDO-0 fffffa80054812c0

Device \Driver\USBSTOR \Device\00000085 fffffa8005ac32c0

Device \Driver\usbehci \Device\USBFDO-1 fffffa80054812c0

Device \Driver\USBSTOR \Device\00000086 fffffa8005ac32c0

Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80049dd2c0

Device \Driver\volmgr \Device\FtControl fffffa80049dd2c0

Device \Driver\volmgr \Device\VolMgrControl fffffa80049dd2c0

Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80049dd2c0

Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80049dd2c0

Device \Driver\volmgr \Device\HarddiskVolume4 fffffa80049dd2c0

Device \Driver\volmgr \Device\HarddiskVolume5 fffffa80049dd2c0

Device \Driver\volmgr \Device\HarddiskVolume6 fffffa80049dd2c0

Device \Driver\volmgr \Device\HarddiskVolume7 fffffa80049dd2c0

Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800518a2c0

Device \Driver\volmgr \Device\HarddiskVolume8 fffffa80049dd2c0

Device \Driver\volmgr \Device\HarddiskVolume9 fffffa80049dd2c0

Device \Driver\atapi \Device\ScsiPort0 fffffa80049e12c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{3B6AE428-2091-442A-92C8-D366C74A1B80} fffffa800518a2c0

Device \Driver\USBSTOR \Device\00000087 fffffa8005ac32c0

Device \Driver\usbehci \Device\USBPDO-0 fffffa80054812c0

Device \Driver\atapi \Device\ScsiPort1 fffffa80049e12c0

Device \Driver\ax64c4sa \Device\ScsiPort2 fffffa80054872c0

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80049e12c0]<< spvh.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80049e12c0

Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dce060] fffffa8004dce060

Trace 3 CLASSPNP.SYS[fffff88001b1143f] -> nt!IofCallDriver -> [0xfffffa8004b11520] fffffa8004b11520

Trace 5 ACPI.sys[fffff8800118b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b13060] fffffa8004b13060

Trace \Driver\atapi[0xfffffa8004b0a900] -> IRP_MJ_CREATE -> 0xfffffa80049e12c0 fffffa80049e12c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\ax64c4sa.SYS fffff88002e00000-fffff88002e45000 (282624 bytes)

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x02 0xC9 0x0B ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x3C 0x2A 0xCD ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x59 0xA3 0xD2 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x02 0xC9 0x0B ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x3C 0x2A 0xCD ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x59 0xA3 0xD2 ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x02 0xC9 0x0B ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x3C 0x2A 0xCD ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x59 0xA3 0xD2 ...

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, preciso muitíssimo.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2

Run by Daniele BR at 17:27:52 on 2013-07-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4055.2866 [GMT -3:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Windows\SysWOW64\WTClient.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIHLL.EXE

C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Windows\System32\spool\drivers\x64\3\bgsmsnd.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Users\Daniele BR\Downloads\-Remoção de vírus e malware\dds.com

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851643

uSearch Bar = Preserve

uProxyOverride = 127.0.0.1:9421;<local>

uURLSearchHooks: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - <orphaned>

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\MSK\mskapbho.dll

BHO: pdfMachine: {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120627091353.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: pdfMachine: {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll

TB: pdfMachine: {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\SysWOW64\bgstb.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AdobeBridge] <no file>

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [NWEReboot] <no file>

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\DANIEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\DANIEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Capturar esta página - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Capturar imagem - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Capturar seleção - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Capturar URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Nova nota - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{1D8BCDB5-6FF5-4198-9F06-1B32B319C8FB} : DHCPNameServer = 200.222.122.134 192.168.0.1

TCP: Interfaces\{3B6AE428-2091-442A-92C8-D366C74A1B80} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120627091353.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\

FF - prefs.js: browser.startup.homepage - hxxps://internetbanking.caixa.gov.br/siwin/adesao/dadosConta.do;jsessionid=1531af41e14bf01f1ae08b2200aca:m+kc?acao=cadDadosConta:http://worldarchitecture.org/wanews/mnfv/temple-university-march-apply-now.html|http://architecture.temple.edu/|http://www.mindmanager.com.br/1/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=a42241a8000000000000000021d7e123&q=

FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-05-13 23:39; clipconverter@clipconverter.cc; C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\extensions\clipconverter@clipconverter.cc.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack -

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - def

FF - user.js: extensions.BabylonToolbar_i.id - a42241a8000000000000000021d7e123

FF - user.js: extensions.BabylonToolbar_i.hardId - a42241a8000000000000000021d7e123

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15398

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:20:05

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babclient

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - std

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 771536]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 340216]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-30 55280]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-29 151648]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-3-17 552832]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-10-26 56776]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-30 241456]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-30 218760]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-30 182752]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-30 673088]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 70112]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-31 56344]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-31 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-8-31 321064]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 309840]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 515968]

R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2007-6-7 28672]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-7 1436424]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-23 196440]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-31 158976]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 106552]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]

S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2007-4-23 14336]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-5 1255736]

S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile="C:\Windows\SysWOW64\notepad.exe" "%1"

.

=============== Created Last 30 ================

.

2013-07-02 20:09:09 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll

2013-07-02 20:09:09 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll

2013-07-02 20:09:09 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll

2013-06-30 00:49:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-13 02:57:19 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 21:22:32 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 21:22:31 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 21:22:30 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-06-12 21:22:25 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-06-12 21:22:25 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-06-12 21:22:02 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-06-12 21:22:02 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-06-12 21:21:58 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-06-12 21:21:57 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-06-12 21:21:56 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-12 21:21:56 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-12 21:21:56 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-12 21:21:56 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-06-12 21:21:56 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-06-12 21:21:55 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-06-12 21:21:55 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-06-12 21:21:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-06-12 21:21:04 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 21:21:03 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-06-12 19:25:07 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-06-10 15:28:59 -------- d-----w- C:\Users\Daniele BR\AppData\Local\{07D616C9-0835-4BA5-92E2-52A388919351}

2013-06-10 15:28:23 -------- d-----w- C:\Users\Daniele BR\AppData\Local\{C9413F21-FAA7-4D73-B87F-BE97EC448EDD}

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2013-06-06 20:13:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2013-06-30 00:49:47 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-30 00:49:47 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-12 19:25:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 19:25:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-01 06:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2013-05-01 06:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-11 22:54:26 288688 ----a-r- C:\Windows\System32\drivers\360FltOEM.sys

2013-04-11 21:52:52 382976 ----a-r- C:\Windows\System32\PsClikS64.dll

2013-04-11 21:52:52 322560 ----a-r- C:\Windows\SysWow64\PsClikS.dll

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 17:28:39,57 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 04/09/2010 15:13:43

System Uptime: 05/07/2013 14:52:18 (3 hours ago)

.

Motherboard: Dell Inc. | | 033FF6

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 135,722 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 151 GiB total, 49,418 GiB free.

F: is FIXED (NTFS) - 314 GiB total, 162,439 GiB free.

G: is Removable

H: is Removable

I: is Removable

J: is Removable

L: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP225: 12/06/2013 23:55:45 - Windows Update

RP226: 14/06/2013 02:27:06 - Windows Update

RP227: 16/06/2013 14:49:53 - Windows Update

RP228: 24/06/2013 00:00:05 - Ponto de Verificação Agendado

RP229: 26/06/2013 07:44:00 - Windows Update

RP230: 29/06/2013 21:48:18 - Installed Java 7 Update 25

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Reader X (10.1.7) - Português

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Akamai NetSession Interface

Akamai NetSession Interface Service

AMCap

AMR Converter Pro

Analysis Bio

Analysis CST

Apple Software Update

Arquivo do WinRAR

Artlantis Studio 3.0

µTorrent

AutoCAD 2006 - English

AutoCAD 2011 - English

AutoCAD 2011 Language Pack - English

Autodesk Design Review 2011

Autodesk DWF Viewer

Autodesk Material Library 2011

Autodesk Material Library 2011 Base Image library

BitTorrent

BroadGun pdfMachine

BrOffice.org 3.2

Canon Inkjet Printer Driver Add-On Module

Connect

Corel Shell Extension - 64Bit

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang BR

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Software de Suporte)

Desinstalar impressora EPSON TX230 Series

DirectXInstallService

EMC 10 Content

EMCGadgets64

Epson Customer Participation

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

EPSON Scan

ESET Online Scanner v3

Evernote v. 4.6.6

FARO LS 1.1.406.58

Ferramenta de Carregamento do Windows Live

Google Chrome

Google Earth

Google SketchUp 6

Google SketchUp Pro 8

Google Update Helper

GoToAssist 8.0.0.514

HijackThis 2.0.2

IBA Reader

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

Java 7 Update 25

Java Auto Updater

Java 6 Update 20 (64-bit)

Java 6 Update 31

Junk Mail filter update

kuler

Malwarebytes' Anti-Malware versão 1.51.2.1300

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office com Clique para Executar 2010

Microsoft Office Starter 2010 - Português (Brasil)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 22.0 (x86 pt-BR)

Mozilla Maintenance Service

MP3 Skype Recorder

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetLimiter 1.30 (remove only)

NVIDIA Drivers

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

PDF Settings CS4

Photoshop Camera Raw

Photoshop Camera Raw_x64

PowerDVD DX

Presto! Mr. Photo

Programa DecaCAD e Catálogo Eletrônico v3.2 64 bits

QuickTime

Realtek High Definition Audio Driver

Receitanet

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio File Backup

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Shared C Run-time for x64

Skype Click to Call

Skype™ 6.5

Sonic CinePlayer Decoder Pack

Suite Shared Configuration CS4

Suporte para Aplicativos Apple

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

USB Scanner

VD64Inst

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

Visualizador do Microsoft PowerPoint

VLC media player 2.0.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-05 23:29:53

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.02.03E02 298,09GB

Running: o4ixoith.exe; Driver: C:\Users\DANIEL~1\AppData\Local\Temp\uxrdypog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80004dee000 65 bytes [00, 0C, FF, EE, EE, FF, C0, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80004dee042 4 bytes [00, 00, 00, 00]

PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff88000c1c4a0 12 bytes {MOV RAX, 0xfffffa8003ca62a0; JMP RAX}

.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004a6ed64 12 bytes {MOV RAX, 0xfffffa800544a2a0; JMP RAX}

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010fd650] \SystemRoot\System32\Drivers\spcr.sys [unknown section]

IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010fd5dc] \SystemRoot\System32\Drivers\spcr.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010c835c] \SystemRoot\System32\Drivers\spcr.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010c8224] \SystemRoot\System32\Drivers\spcr.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010c8a24] \SystemRoot\System32\Drivers\spcr.sys [unknown section]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010c8ba0] \SystemRoot\System32\Drivers\spcr.sys [unknown section]

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 fffffa8004a062c0

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8004a062c0

Device \Driver\atapi \Device\Ide\IdePort0 fffffa8004a062c0

Device \Driver\atapi \Device\Ide\IdePort1 fffffa8004a062c0

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa8004a062c0

Device \Driver\amdu0wya \Device\Scsi\amdu0wya1Port2Path0Target0Lun0 fffffa800545c2c0

Device \Driver\amdu0wya \Device\Scsi\amdu0wya1 fffffa800545c2c0

Device \FileSystem\Ntfs \Ntfs fffffa8004a0a2c0

Device \FileSystem\fastfat \Fat fffffa80066282c0

Device \Driver\USBSTOR \Device\00000088 fffffa8005d672c0

Device \Driver\usbehci \Device\USBPDO-1 fffffa800544c2c0

Device \Driver\cdrom \Device\CdRom0 fffffa80051fd2c0

Device \Driver\cdrom \Device\CdRom1 fffffa80051fd2c0

Device \Driver\USBSTOR \Device\00000089 fffffa8005d672c0

Device \Driver\usbehci \Device\USBFDO-0 fffffa800544c2c0

Device \Driver\USBSTOR \Device\00000085 fffffa8005d672c0

Device \Driver\usbehci \Device\USBFDO-1 fffffa800544c2c0

Device \Driver\USBSTOR \Device\00000086 fffffa8005d672c0

Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8003caa2c0

Device \Driver\volmgr \Device\FtControl fffffa8003caa2c0

Device \Driver\volmgr \Device\VolMgrControl fffffa8003caa2c0

Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8003caa2c0

Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8003caa2c0

Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8003caa2c0

Device \Driver\volmgr \Device\HarddiskVolume5 fffffa8003caa2c0

Device \Driver\volmgr \Device\HarddiskVolume6 fffffa8003caa2c0

Device \Driver\volmgr \Device\HarddiskVolume7 fffffa8003caa2c0

Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800523b2c0

Device \Driver\volmgr \Device\HarddiskVolume8 fffffa8003caa2c0

Device \Driver\volmgr \Device\HarddiskVolume9 fffffa8003caa2c0

Device \Driver\atapi \Device\ScsiPort0 fffffa8004a062c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{3B6AE428-2091-442A-92C8-D366C74A1B80} fffffa800523b2c0

Device \Driver\USBSTOR \Device\00000087 fffffa8005d672c0

Device \Driver\usbehci \Device\USBPDO-0 fffffa800544c2c0

Device \Driver\atapi \Device\ScsiPort1 fffffa8004a062c0

Device \Driver\amdu0wya \Device\ScsiPort2 fffffa800545c2c0

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a062c0]<< spcr.sys ataport.SYS pciide.sys fffffa8004a062c0

Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e00060] fffffa8004e00060

Trace 3 CLASSPNP.SYS[fffff88001b3f43f] -> nt!IofCallDriver -> [0xfffffa8004b33520] fffffa8004b33520

Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b35060] fffffa8004b35060

Trace \Driver\atapi[0xfffffa8004b2c920] -> IRP_MJ_CREATE -> 0xfffffa8004a062c0 fffffa8004a062c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\amdu0wya.SYS fffff88004000000-fffff88004045000 (282624 bytes)

---- Threads - GMER 2.1 ----

Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2636:2672] 000000007237102d

Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2636:2680] 000000007207f1dc

Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2636:1428] 000000007207f1dc

Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2636:1420] 00000000720755d3

Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2636:3128] 000000007231c159

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x02 0xC9 0x0B ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x3C 0x2A 0xCD ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x59 0xA3 0xD2 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x02 0xC9 0x0B ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x3C 0x2A 0xCD ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x59 0xA3 0xD2 ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x02 0xC9 0x0B ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x3C 0x2A 0xCD ...

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x59 0xA3 0xD2 ...

---- Files - GMER 2.1 ----

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 atualizado pela Lei 2123.2004 Plano Diretor Revisado\PLANOD~1.PDF 363238 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\Mapa 10_Regiao Leste.jpg 628258 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\Mapa 6_Regiao Norte.jpg 2462345 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\MAPA1_~1.JPG 1415052 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\MAPA2_~1.JPG 1397406 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\MAPA3_~1.JPG 434407 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\MAPA4_~1.JPG 1121993 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\MAPA5_~1.JPG 994594 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\MAPA7_~1.JPG 742364 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\MAPA8E~1.JPG 5898804 bytes

File F:\Escritório - 2009 e 2010\DANI OFFICE 2010\03-PROJETOS\2009.003-Meu Sonho Escola Niteroi\PROJETO LEGAL\NITEROI_urbanismo_aprovacao\LEIS_URBANISMO\USADOS\Plano Diretor e Instrumentos\Plano Diretor\Lei 1157.1992 Plano Diretor\Lei 1157.1992 plano Diretor Mapas\Thumbs.db 41984 bytes

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro danirruas

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.0.7 (07.11.2013:1)

OS: Windows 7 Home Premium x64

Ran by Daniele BR on 12/07/2013 at 15:59:58,93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-971680230-1680443159-1465981135-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\babylonhelper.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escort.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{09c554c3-109b-483c-a06b-f14172f1a947}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{6536801b-f50c-449b-9476-093dfd3789e3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontc_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontc_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2851643

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho4877.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho9CB6.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoA3AC.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoB040.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoFA2E.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoFD63.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Daniele BR\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Daniele BR\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{01D59D64-E847-488A-916B-9CA0E4352891}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{03FA3423-D636-40E4-B3E6-ED58E5422C8E}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{07D01C94-A1EB-4BF0-A1AC-956CAD4D420C}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{07D616C9-0835-4BA5-92E2-52A388919351}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{0BE90133-B65D-4A17-9159-7E29EE9697C4}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{1235F2EF-8C20-4D0F-8BBD-5F29F57B6C66}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{177373D2-054F-4544-8BB0-10195C4CD042}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{1BA05B49-AA3F-4844-808A-414A1FA6E213}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{1BBE65E9-E252-4B37-8958-8710E2269E42}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{20DCEFAB-C17E-4F3F-84DA-FD958CDCE530}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{2BED1129-C087-41DD-8382-265F51454158}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{2C2801D5-2F6B-4322-B305-CC6A4616DBF8}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{31486BDD-C9DC-4A5C-988D-5034EE8C370C}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{351B8912-B6BD-4E04-A150-03D1E653FF39}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{358735E8-72DA-4D5C-8479-73D766811424}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{35BA3354-FF43-4F17-8AF8-5FE7DCC58C6A}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{391449B7-58C5-4DFB-BEB1-0425AF378A09}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{3A39B231-9728-48CC-8238-3651CA1EEFEB}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{405EF7F0-455D-44BC-AA51-4EFDAAE27B3B}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{4184E59E-D07C-4DEC-B1CF-5EE28D93F978}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{481575E7-FD6C-40E7-B9DC-2BF6A717CA9D}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{492B1058-D05C-4A9D-A678-BF167391A459}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{4952BDC2-DCA7-4D67-BE21-73521A254DFF}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{4DFA1733-7347-4EEA-9986-48A54C56F51F}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{535C786A-5074-4744-A177-A2C5185BD390}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{539D9EEC-D814-492E-9EFA-CEAC3A970C9F}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{58849187-A8DE-4383-9609-77634135A804}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{58971CE6-EEF1-4D09-A031-87AD565F7096}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{5BE20986-1C4E-4033-8BD3-00EFB75CD532}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{5C06BD4F-2211-4D27-A865-C2AE9E5786BB}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{615E19FB-E91F-4F9D-A078-926548C54D9C}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{63A18821-CC76-4BB8-A7A9-8A29526CA2F8}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{66901E39-3C37-4CE8-BE02-21B1E9787851}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{672DE146-CA1F-4D43-A3F8-5A0AA1471736}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{6842BA57-B5D4-43B0-AAE3-1043F41E3043}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{6C8825B5-6B8B-4111-9F42-05D3E6239736}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{6F230DC6-5D4B-411F-9DF2-8C9740C70676}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{72D66D0B-FE94-4A26-B1C2-66D38A7CAD08}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{73EA89A3-8FB4-4327-87C2-74DCC992F86B}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{743A898B-3F88-4A06-BFD3-D11F5D528E23}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{748C5CF9-04E0-438D-B9D6-DF1F38C1E7E3}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{749BA201-7A59-4C37-A111-8BE74DE9288B}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{74FA4D89-07DF-4715-81F4-A31ACB86A823}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{8127EEB5-9B3B-417B-8E54-5DCC086A9EC3}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{825F7B6F-28F8-4484-B7E5-ED0B046188C4}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{877113DE-6846-4EDE-AC0D-BF623461BE46}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{8AB7B3AF-AB08-45FC-A8B5-6C2D0A8D0D60}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{8D224FD7-A6CE-4796-A196-542A8B0DE43E}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{90138FD6-DB79-4A19-928D-79C0BD21C902}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{9A59D536-2404-4C15-9F53-0CBFD2C02B6F}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{9A775A24-B615-4CEB-8276-E17DDFC7D165}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{9F6E8A69-CF86-4E11-AA50-B6F7AB77B880}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{A05B8E03-1A46-43DC-8341-CBE22CF0BA0E}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{A499054D-8BCA-4B4C-9142-E2E56184A5BE}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{A52532E5-5456-4733-B2A9-16E5CE02CEEC}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{A7FEC4E8-F4B9-406A-97F6-359BD88EBEE4}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{ABF1863A-B39C-4EFA-9D56-6FE6A9B5F9A7}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{C62FD86F-87BF-4AA5-ABE0-8A8E244CA9E3}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{C857A3CE-108F-40C6-AF5B-803D017C95AE}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{C9413F21-FAA7-4D73-B87F-BE97EC448EDD}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{CB116762-CB25-4EED-8FF9-FB515074AE91}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{D09E9C40-392D-4400-A4D6-4CBD37B996B0}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{D1F1AF52-3AE9-4B86-92AA-484FB1C67231}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{D804CB96-7C29-4FB5-8DD4-5B0FC47DCE97}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{D83E825A-DE3B-4AFE-9BD2-FEC927AB1798}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{DC7B76FF-B834-4050-84CC-20D6EF366F9C}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{DECE6D6F-864C-423A-85CD-A20A4B886EF3}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{DFB27C16-B3FA-4A48-849B-0ED97FE52D63}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{EEB71A3A-D5FB-44FD-A1EC-07BF8744E0A9}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{F68E63EA-3C5E-48D6-9B74-CF59E0CF1E09}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{F7CC2F4F-2F99-4790-A6AD-1B2BD10DE609}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{F7F6FA0B-A600-4AD9-A3A9-082525D37529}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{F93BF871-5C89-4F14-926A-D3FBAA8A4369}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{F9FC135E-41ED-48E3-86D2-7B5871C68F26}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{FC7935AD-B4DE-4D46-B1D4-19BEE684AA49}

Successfully deleted: [Empty Folder] C:\Users\Daniele BR\appdata\local\{FE792941-3EC7-4EFC-BD91-7F0CFCA47154}

~~~ FireFox

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\Daniele BR\AppData\Roaming\mozilla\firefox\profiles\0x23805s.default\user.js

Successfully deleted: [File] C:\Users\Daniele BR\AppData\Roaming\mozilla\firefox\profiles\0x23805s.default\searchplugins\conduit.xml

Successfully deleted: [Folder] C:\Users\Daniele BR\AppData\Roaming\mozilla\firefox\profiles\0x23805s.default\smartbar

Successfully deleted the following from C:\Users\Daniele BR\AppData\Roaming\mozilla\firefox\profiles\0x23805s.default\prefs.js

user_pref("CT2851643.1000234.TWC_TMP_city", "SAO PAULO");

user_pref("CT2851643.1000234.TWC_TMP_country", "BR");

user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.FirstTime", "true");

user_pref("CT2851643.FirstTimeFF3", "true");

user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=");

user_pref("CT2851643.UserID", "UN68631673372825532");

user_pref("CT2851643.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT2851643.autoDisableScopes", -1);

user_pref("CT2851643.browser.search.defaultthis.engineName", true);

user_pref("CT2851643.cbcountry_001", "BR");

user_pref("CT2851643.cbfirsttime", "Thu Nov 08 2012 15:13:30 GMT-0200");

user_pref("CT2851643.embeddedsData", "[{\"appId\":\"129351530870900444\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get

user_pref("CT2851643.enableAlerts", "always");

user_pref("CT2851643.enableSearchFromAddressBar", "true");

user_pref("CT2851643.firstTimeDialogOpened", "true");

user_pref("CT2851643.fixPageNotFoundError", "true");

user_pref("CT2851643.fixPageNotFoundErrorInHidden", "true");

user_pref("CT2851643.fixUrls", true);

user_pref("CT2851643.installId", "fftFAA4.tmp.exe");

user_pref("CT2851643.installType", "XPE");

user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.isNewTabEnabled", false);

user_pref("CT2851643.isPerformedSmartBarTransition", "true");

user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2851643.keyword", true);

user_pref("CT2851643.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/

user_pref("CT2851643.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2851643.openThankYouPage", "true");

user_pref("CT2851643.openUninstallPage", "FALSE");

user_pref("CT2851643.scriptSource", "hxxp://127.0.0.1:10000/gui/");

user_pref("CT2851643.search.searchAppId", "129351530870900444");

user_pref("CT2851643.search.searchCount", "0");

user_pref("CT2851643.searchInNewTabEnabled", "false");

user_pref("CT2851643.searchInNewTabEnabledInHidden", "true");

user_pref("CT2851643.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.sendUsageEnabled", "false");

user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851643\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarPT.OurToolbar.com//xpi\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_PT\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

user_pref("CT2851643.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352394809819");

user_pref("CT2851643.serviceLayer_services_appsMetadata_lastUpdate", "1352394809722");

user_pref("CT2851643.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352394810288");

user_pref("CT2851643.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352415048218");

user_pref("CT2851643.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352394810320");

user_pref("CT2851643.serviceLayer_services_searchAPI_lastUpdate", "1352394809841");

user_pref("CT2851643.serviceLayer_services_serviceMap_lastUpdate", "1352394809003");

user_pref("CT2851643.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352394810260");

user_pref("CT2851643.serviceLayer_services_toolbarSettings_lastUpdate", "1352415047839");

user_pref("CT2851643.serviceLayer_services_translation_lastUpdate", "1352394809759");

user_pref("CT2851643.settingsINI", true);

user_pref("CT2851643.shouldFirstTimeDialog", "false");

user_pref("CT2851643.smartbar.CTID", "CT2851643");

user_pref("CT2851643.smartbar.Uninstall", "0");

user_pref("CT2851643.smartbar.homepage", true);

user_pref("CT2851643.smartbar.toolbarName", "uTorrentBar_PT ");

user_pref("CT2851643.startPage", "userChanged");

user_pref("CT2851643.toolbarBornServerTime", "8-11-2012");

user_pref("CT2851643.toolbarCurrentServerTime", "9-11-2012");

user_pref("Smartbar.ConduitHomepagesList", "");

user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_PT Customized Web Search");

user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=");

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=a42241a8000000000000000021d7e123&q=");

user_pref("Smartbar.keywordURLSelectedCTID", "");

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("browser.search.order.1", "Search the web (Babylon)");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babclient");

user_pref("extensions.BabylonToolbar.babExt", "");

user_pref("extensions.BabylonToolbar.babTrack", "");

user_pref("extensions.BabylonToolbar.bbDpng", 27);

user_pref("extensions.BabylonToolbar.dfltSrch", false);

user_pref("extensions.BabylonToolbar.hmpg", false);

user_pref("extensions.BabylonToolbar.id", "a42241a8000000000000000021d7e123");

user_pref("extensions.BabylonToolbar.instlDay", "15398");

user_pref("extensions.BabylonToolbar.instlRef", "std");

user_pref("extensions.BabylonToolbar.lastDP", 27);

user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:20:05");

user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");

user_pref("extensions.BabylonToolbar.newTab", true);

user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.propectorlck", 68950512);

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.ptch_0717", true);

user_pref("extensions.BabylonToolbar.smplGrp", "none");

user_pref("extensions.BabylonToolbar.srcExt", "def");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:20:05");

user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.aflt", "babclient");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "");

user_pref("extensions.BabylonToolbar_i.hardId", "a42241a8000000000000000021d7e123");

user_pref("extensions.BabylonToolbar_i.id", "a42241a8000000000000000021d7e123");

user_pref("extensions.BabylonToolbar_i.instlDay", "15398");

user_pref("extensions.BabylonToolbar_i.instlRef", "std");

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_def");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "def");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:20:05");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&mntrId=a42241a8000000000000000021d7e123&q=");

Emptied folder: C:\Users\Daniele BR\AppData\Roaming\mozilla\firefox\profiles\0x23805s.default\minidumps [181 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 12/07/2013 at 16:04:52,26

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.305 - Relatório criado em 12/07/2013 às 16:27:31

# Atualizado em 11/07/2013 por Xplode

# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuário : Daniele BR - PC-PROGRAMAS

# Modo de Boot : Normal

# Executado de : C:\Users\Daniele BR\Desktop\adwcleaner.exe

# Opção [Verificar]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Pasta Encontrado : C:\Program Files\Babylon

Pasta Encontrado : C:\Users\DANIEL~1\AppData\Local\Temp\BabylonToolbar

Pasta Encontrado : C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda

Pasta Encontrado : C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda

***** [Registro] *****

Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Encontrada : HKCU\Software\InstallCore

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registro está limpo.

-\\ Mozilla Firefox v22.0 (pt-BR)

Arquivo : C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\prefs.js

Encontrada : user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Encontrada : user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Encontrada : user_pref("CT2851643.embeddedsData", "[{\"appId\":\"129351530870900444\",\"apiPermissions\":{\"cross[...]

Encontrada : user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Encontrada : user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Encontrada : user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Encontrada : user_pref("CT2851643.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]

Encontrada : user_pref("CT2851643.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Encontrada : user_pref("CT2851643.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Encontrada : user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Encontrada : user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Encontrada : user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Encontrada : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Encontrada : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Encontrada : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Encontrada : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Encontrada : user_pref("CT2851643.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

-\\ Google Chrome v28.0.1500.71

Arquivo : C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Default\Preferences

Encontrada [l.2348] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2851643",

*************************

AdwCleaner[R1].txt - [6215 octets] - [12/07/2013 16:27:31]

########## EOF - C:\AdwCleaner[R1].txt - [6275 octets] ##########

# AdwCleaner v2.305 - Relatório criado em 12/07/2013 às 16:29:16

# Atualizado em 11/07/2013 por Xplode

# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuário : Daniele BR - PC-PROGRAMAS

# Modo de Boot : Normal

# Executado de : C:\Users\Daniele BR\Desktop\adwcleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Pasta Removido : C:\Program Files\Babylon

Pasta Removido : C:\Users\DANIEL~1\AppData\Local\Temp\BabylonToolbar

Pasta Removido : C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda

Removido Durante o reboot : C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda

***** [Registro] *****

Chave Removida : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Removida : HKCU\Software\InstallCore

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registro está limpo.

-\\ Mozilla Firefox v22.0 (pt-BR)

Arquivo : C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\prefs.js

Removida : user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Removida : user_pref("CT2851643.embeddedsData", "[{\"appId\":\"129351530870900444\",\"apiPermissions\":{\"cross[...]

Removida : user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Removida : user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]

Removida : user_pref("CT2851643.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Removida : user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Removida : user_pref("CT2851643.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

-\\ Google Chrome v28.0.1500.71

Arquivo : C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.2348] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2851643",

*************************

AdwCleaner[R1].txt - [6328 octets] - [12/07/2013 16:27:31]

AdwCleaner[s1].txt - [5988 octets] - [12/07/2013 16:29:16]

########## EOF - C:\AdwCleaner[s1].txt - [6048 octets] ##########

ComboFix 13-07-13.01 - Daniele BR 13/07/2013 12:50:09.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4055.2518 [GMT -3:00]

Executando de: c:\users\Daniele BR\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* AV residente está ativo

.

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\5525521728.sys

c:\users\Daniele BR\AppData\Roaming\inst.exe

c:\windows\IsUn0416.exe

c:\windows\IsUn0816.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-13 to 2013-07-13 ))))))))))))))))))))))))))))

.

.

2013-07-13 16:54 . 2013-07-13 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-13 16:54 . 2013-07-13 16:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-07-13 06:01 . 2013-07-13 06:08 -------- d-----w- c:\windows\system32\MRT

2013-07-12 18:59 . 2013-07-12 18:59 -------- d-----w- c:\windows\ERUNT

2013-07-11 12:17 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-11 12:17 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-11 12:17 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-11 12:17 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll

2013-07-11 12:17 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

2013-07-11 12:17 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

2013-07-11 12:17 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

2013-07-11 12:17 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll

2013-07-11 12:17 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-07-11 12:17 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-11 12:17 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-11 12:16 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-07-11 12:16 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-11 12:16 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-11 12:16 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-11 12:16 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 12:16 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 12:16 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-07-11 12:16 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-02 20:09 . 2013-05-22 02:42 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll

2013-07-02 20:09 . 2013-05-22 02:42 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll

2013-07-02 20:09 . 2013-05-22 02:42 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll

2013-06-30 00:49 . 2013-06-30 00:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-30 00:49 . 2012-09-27 00:14 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-30 00:49 . 2010-08-31 00:37 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-24 03:57 . 2010-09-05 06:20 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-12 19:25 . 2012-04-05 20:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-12 19:25 . 2011-05-16 19:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 19:25 . 2013-06-12 19:25 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-05-13 05:51 . 2013-06-12 21:21 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-12 21:21 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-12 21:21 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-12 21:21 52224 ----a-w- c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-12 21:21 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-12 21:21 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-13 04:45 . 2013-06-12 21:21 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-13 03:43 . 2013-06-12 21:21 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 21:21 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-12 21:21 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-05-10 05:49 . 2013-06-12 21:22 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-12 21:22 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-05-08 06:39 . 2013-06-12 21:22 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-01 06:59 . 2013-05-01 06:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2013-05-01 06:59 . 2013-05-01 06:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2013-04-26 05:51 . 2013-06-12 21:22 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-04-26 04:55 . 2013-06-12 21:22 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-04-25 23:30 . 2013-06-12 21:21 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-04-17 07:02 . 2013-06-12 21:22 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24 . 2013-06-12 21:22 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Akamai NetSession Interface"="c:\users\Daniele BR\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLL.EXE" [2012-02-29 283232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"bgsmsnd.exe"="c:\windows\system32\spool\DRIVERS\x64\3\bgsmsnd.exe" [2006-05-06 151552]

"WTClient"="WTClient.exe" [2007-04-11 40960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]

.

c:\users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-22 1089888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2011-04-18 17:12 496072 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]

R3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 06:01 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:25]

.

2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 00:45]

.

2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 00:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: Capturar esta página - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Capturar imagem - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Capturar seleção - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Capturar URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Nova nota - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\

FF - prefs.js: browser.startup.homepage - hxxps://internetbanking.caixa.gov.br/siwin/adesao/dadosConta.do;jsessionid=1531af41e14bf01f1ae08b2200aca:m+kc?acao=cadDadosConta:http://worldarchitecture.org/wanews/mnfv/temple-university-march-apply-now.html|http://architecture.temple.edu/|http://www.mindmanager.com.br/1/

FF - ExtSQL: 2013-05-13 23:39; clipconverter@clipconverter.cc; c:\users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\extensions\clipconverter@clipconverter.cc.xpi

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKLM-Run-NWEReboot - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-HijackThis - c:\users\DANIEL~1\AppData\Local\Temp\Rar$EX00.622\HijackThis.exe

AddRemove-PMUninstall - c:\windows\IsUn0816.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-971680230-1680443159-1465981135-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-971680230-1680443159-1465981135-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-07-13 14:30:27

ComboFix-quarantined-files.txt 2013-07-13 17:30

.

Pré-execução: 154.213.011.456 bytes disponíveis

Pós execução: 159.694.884.864 bytes disponíveis

.

- - End Of File - - FB6DE7AB74895C4F6833AF2FDA59F9D1

A36C5E4F47E84449FF07ED3517B43A31

OBRIGADA.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Depois de fazer o que ue solicitou apareceram várias pastas soltas renomeadas com meus arquivos em locais "loucos".

E está dando check disk em E, mas não consegue consertar pois diz q não há espaço em disco suficiente.

:(

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara danirruas ;)

ProxyOverride = 127.0.0.1:9421
Conhece?
FF - prefs.js: browser.startup.homepage - hxxps://internetbanking.caixa.gov.br/siwin/adesao/dadosConta.do;jsessionid=1531af41e14bf01f1ae08b220 0aca:m+kc?acao=cadDadosConta:http://worldarchitecture.org/wanews/mnfv/temple-university-march-apply-now.html%7Chttp://architecture.temple.edu/%7Chttp://www.mindmanager.com.br/1/
Conhece o link acima?

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

ProxyOverride = 127.0.0.1:9421

Não conheço.

Pelo segundo link entendi que minha conta da caixa deu alguma zica. Foi isso?

Mas também não entendi o que o world architecture tem com isso.

Espero que não tenham invadido minha conta...... :(

(Parece q demoro para ver, mas entro td dia. Sua resposta só apareceu hoje, mesmo dando atualizar td dia. obrigada.)

Abç!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara danirruas

Pelo segundo link entendi que minha conta da caixa deu alguma zica. Foi isso? Mas também não entendi o que o world architecture tem com isso.
Está muito estranho...
Espero que não tenham invadido minha conta.....
Entre em contato com sua agência para tomar as providências necessárias.

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

Firefox::
FF - ProfilePath - c:\users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\
FF - prefs.js: browser.startup.homepage - hxxps://internetbanking.caixa.gov.br/siwin/adesao/dadosConta.do;jsessionid=1531af41e14bf01f1ae08b220 0aca:m+kc?acao=cadDadosConta:http://worldarchitecture.org/wanews/mnfv/temple-university-march-apply-now.html%7Chttp://architecture.temple.edu/%7Chttp://www.mindmanager.com.br/1/


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Faça o download do BankerFix e salve em seu desktop.

  • Importante:A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que precisar antes de executá-la.
  • Clique duas vezes no ícone instalador do BankerFix.
  • Na janela que abrir clique em Executar. Depois clique em Sim.
  • Abrirá uma janela de aviso, certifique que seu computador esteja conectado a Internet. Clique em Ok
  • Vai perceber uma "movimentação" na barra de tarefas... Na janela que abrir em Ok para executar a ferramenta.
  • Abrirá um prompt. Pressione qualquer tecla para continuar.
  • Aguarde...
  • Novamente, pressione qualquer tecla para continuar.
  • Quando terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt em sua próxima resposta.

Depois de fazer sua resposta você pode apagar a pasta: C:\LinhaDefensiva

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

O combofix deu um aviso no final:

"Exception Eaccess Violation ERUNT.3XE at 0003A62_read od adress 0069005c"

Depois q dei ok veio:

ComboFix 13-07-18.04 - Daniele BR 19/07/2013 2:07.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4055.1802 [GMT -3:00]

Executando de: c:\users\Daniele BR\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Daniele BR\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

ADS - drivers: deleted 208 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Y:\Autorun.inf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-19 to 2013-07-19 ))))))))))))))))))))))))))))

.

.

2013-07-19 05:22 . 2013-07-19 05:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-07-19 05:22 . 2013-07-19 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-14 01:46 . 2013-07-14 01:46 -------- d-----w- c:\program files\Western Digital

2013-07-14 01:45 . 2013-07-17 17:44 -------- d-----w- c:\program files (x86)\Western Digital

2013-07-14 01:45 . 2013-07-17 17:44 -------- d-----w- c:\program files (x86)\Common Files\Western Digital

2013-07-14 01:42 . 2013-07-14 01:46 -------- d-----w- c:\programdata\Western Digital

2013-07-13 06:01 . 2013-07-13 06:08 -------- d-----w- c:\windows\system32\MRT

2013-07-12 18:59 . 2013-07-12 18:59 -------- d-----w- c:\windows\ERUNT

2013-07-11 12:17 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-11 12:17 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-11 12:17 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-11 12:17 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll

2013-07-11 12:17 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

2013-07-11 12:17 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

2013-07-11 12:17 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

2013-07-11 12:17 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll

2013-07-11 12:17 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-07-11 12:17 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-11 12:17 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-11 12:16 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-07-11 12:16 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-11 12:16 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-11 12:16 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-11 12:16 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 12:16 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 12:16 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-07-11 12:16 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-02 20:09 . 2013-05-22 02:42 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll

2013-07-02 20:09 . 2013-05-22 02:42 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll

2013-07-02 20:09 . 2013-05-22 02:42 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll

2013-06-30 00:49 . 2013-06-30 00:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-30 00:49 . 2012-09-27 00:14 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-30 00:49 . 2010-08-31 00:37 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-24 03:57 . 2010-09-05 06:20 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-12 19:25 . 2012-04-05 20:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-12 19:25 . 2011-05-16 19:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 19:25 . 2013-06-12 19:25 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-05-13 05:51 . 2013-06-12 21:21 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-12 21:21 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-12 21:21 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-12 21:21 52224 ----a-w- c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-12 21:21 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-12 21:21 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-13 04:45 . 2013-06-12 21:21 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-13 03:43 . 2013-06-12 21:21 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 21:21 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-12 21:21 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-05-10 05:49 . 2013-06-12 21:22 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-12 21:22 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-05-08 06:39 . 2013-06-12 21:22 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-01 06:59 . 2013-05-01 06:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2013-05-01 06:59 . 2013-05-01 06:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2013-04-26 05:51 . 2013-06-12 21:22 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-04-26 04:55 . 2013-06-12 21:22 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-04-25 23:30 . 2013-06-12 21:21 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Akamai NetSession Interface"="c:\users\Daniele BR\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLL.EXE" [2012-02-29 283232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"bgsmsnd.exe"="c:\windows\system32\spool\DRIVERS\x64\3\bgsmsnd.exe" [2006-05-06 151552]

"WTClient"="WTClient.exe" [2007-04-11 40960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]

"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]

.

c:\users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-22 1089888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2011-04-18 17:12 496072 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

R2 0074201374187897mcinstcleanup;McAfee Application Installer Cleanup (0074201374187897);c:\windows\TEMP\007420~1.EXE;c:\windows\TEMP\007420~1.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]

R3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]

S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]

S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 06:01 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:25]

.

2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 00:45]

.

2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 00:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\system32\blank.htm

IE: Capturar esta página - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Capturar imagem - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Capturar seleção - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Capturar URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Nova nota - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\0x23805s.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

AddRemove-HijackThis - c:\users\DANIEL~1\AppData\Local\Temp\Rar$EX00.622\HijackThis.exe

AddRemove-PMUninstall - c:\windows\IsUn0816.exe

.

.

.

Tempo para conclusão: 2013-07-19 02:55:54

ComboFix-quarantined-files.txt 2013-07-19 05:55

ComboFix2.txt 2013-07-13 17:30

.

Pré-execução: 157.693.829.120 bytes disponíveis

Pós execução: 158.090.211.328 bytes disponíveis

.

- - End Of File - - 5970280FA5119D9A08C49445B4FAA9D7

A36C5E4F47E84449FF07ED3517B43A31

E o Bankerfiz me dá este aviso numa janela com Ok, caso queira continuar:

"64-bits system detected. Run iniciar-Bankerfix.vbs from C_LinhaDefensiva"

Mas no prompt diz q algumas janelas podem abrir, para aguardar. Eu só li isso depois de clicar no OK.

Vou executar novamente esperando......

Volto assim que tiver uma resposta do Bankerfix.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Executei o Banker de onde ele mandou e colo o relatório:

BankerFix 3.5 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2013-07-19 - 03:19

-------------------------------------------------------

Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6

=======================================================

----- Fim -------------------------

Então, disse q não tinha nada... O pc continua cada vez pior. Medo ainda...

Não tem nada mesmo??

AGRADECIDA pelo help!!!!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro danirruas

Não tem nada mesmo??
Tudo indica que sim, mais um scan ;)

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.07.24.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

Daniele BR :: PC-PROGRAMAS [administrador]

24/07/2013 11:58:09

mbam-log-2013-07-24 (11-58-09).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 238421

Tempo decorrido: 8 minuto(s), 25 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

:) AGRADEÇO!!!!!!

Deve estar lento porque os 'bichinhos' estragaram ele né. Meu word foi pras cucuias, não salva mais em word, só em pdf. Fora outros programas e a lentidão!!

Me tira uma última dúvida se der.... eu salvando num HD externo antes da limpeza ele tb pode ter sido infectado? DVDs não, né? Para fazer os backups.

Abç! E valeu mesmooooooo ;)

:*

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acho q infelizmente tudo isso não resolveu meu problema ainda.

Meus HDs de arquivos continuam "desparecendo" e "reaparecendo" misteriosamente. Fora muitos arquivos e pastas loucos, e a lentidão em qq coisa q tento abrir ou trabalhar.

Recebi o erro de COM Surrogate ontem e hoje. O antivírus não consegue escanear o E: (assim q desconfiei do vírus inicialmente, porque achava q era hardware). E ainda aquele arquivo .tmp.X reapareceu dentro de uma pasta em E: de novo. :/

Não sei mais o que faço. Todos só sabem dizer para formatar, mas assim perderia tudo, inclusive meu windows e office que vem com o pc. E além disse teria q reinstalar TUDO q nem sei mais tanta coisa que tem aqui....... #MEDO!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro danirruas

eu salvando num HD externo antes da limpeza ele tb pode ter sido infectado? DVDs não, né?
No seu caso pode fazer backup ;)

Por acaso você está usando alguma mídia removível como, por exemplo, pendrive?

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) pc havia 'sumido', voltou ontem.

Sim, HD externo com backup contínuo e pendrive vira e mexe. Mas meu antivirus nao acha nada neles... pra variar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hum... resposta ainda não publicada... tentativa 5.

Sim, uso pendrive às vezes.

Uso HD externo q ficava ligado direto fazendo backup de td e acho q está infectado porque sem pc pedi um note emprestado e usei o HD externo, e daí o note está ficando lento e com os mesmo problemas de travamento q iniciaram no meu pc... :(

Help!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi, tentei responder 6 vezes do meu pc e nada.

Estou num note emprestado...

Sim, uso pendrive de vez em quando.

HD externo ficava plugado direto fazendo backup.

Acho q usando o note infectei ele tb com o hd externo :( HELP!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Sim, uso pendrive de vez em quando.

HD externo ficava plugado direto fazendo backup.

Bem capaz que está aí a causa de nossos problemas :)

Com relação ao pendrive, tem muita coisa nele? Teria como passar para o computador e formatá-lo? Idem para o HD externo.

Aguardo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ah, será? Tomara q seja essa a resposta!!!!!

O pendrive já vou fazer isso. O HD externo não sei se posso formatar porque não sei se perco os programinhas que vêm nele. Não diz nada na instrução. Tenho q pesquisar.

My passaport WD.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Passei os arquivos pro pc e formatei o pendrive!

O HD externo vem com programas: de backup da WD, WD secutity e WD Drive Utilities.

E a instalação foi automática quando pluguei a primeira vez.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro danirruas

Faça um scan com seu antivírus no HD externo. Caso ele tenha alguma opção de formatação nesse programas, então faça-a ;)

Faça o download do Windows Repair (All In One) e salve em seu Desktop

  • Clique duas vezes em seu executável
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Na janela que abrir clique em Next, Next, Next, Next, Next e Finish
  • Abra o programa e escolha a(s) seguinte(s) opção(ões):

    Note:
    Importante seguir a ordem abaixo:


    • Step4: Registry Backup & System Restore e clique no botão Backup, aguarde...
      windowsrepairstept4-1_zpseb336401.png
    • Step2: Check File System:Optional e clique no botão Do It
      windowsrepairstep2-1_zps08aed02b.png
    • Start Repairs: Clique no botão Start
      windowsrepairstartrepairs-1_zpsa179850d.png
      • Na janela que abrir clique no botão Select All (esquerda)
      • Marque a caixa Restart/Shutdown System When Finished
      • Marque Restart System
      • Clique no botão Start e aguarde...

  • Em sua próxima resposta poste o log _Windows_Repair_Log.txt que se encontra em:
    • Em sistemas 64-bit - C:\Arquivos de programa (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • Em sistemas 32-bit - C:\Arquivos de programa\Tweaking.com\Windows Repair (All in One)\Logs

Observação: Para cada passo (step) o programa irá reiniciar o computador, exceto no backup do Registro. Deixe o programa reiniciar... Após, pelo menu Iniciar localize o programa e execute os próximos passos.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Running Repair Under System Account

Starting Repairs...

Start (08/08/2013 22:48:17)

Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (08/08/2013 22:48:17)

Running Repair Under Current User Account

Done (08/08/2013 22:48:31)

Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (08/08/2013 22:48:31)

Running Repair Under System Account

Done (08/08/2013 22:51:02)

Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (08/08/2013 22:51:02)

Running Repair Under System Account

Done (08/08/2013 22:51:57)

Reset File Permissions 01/19

C:\apps & Sub Folders

Start (08/08/2013 22:51:57)

Running Repair Under System Account

Done (08/08/2013 22:52:00)

Reset File Permissions 02/19

C:\Arquivos de Programas & Sub Folders

Start (08/08/2013 22:52:00)

Running Repair Under System Account

Done (08/08/2013 22:53:27)

Reset File Permissions 03/19

C:\Arquivos de Programas RFB & Sub Folders

Start (08/08/2013 22:53:27)

Running Repair Under System Account

Done (08/08/2013 22:53:32)

Reset File Permissions 04/19

C:\Autodesk & Sub Folders

Start (08/08/2013 22:53:32)

Running Repair Under System Account

Done (08/08/2013 22:54:21)

Reset File Permissions 05/19

C:\Config.Msi & Sub Folders

Start (08/08/2013 22:54:21)

Running Repair Under System Account

Done (08/08/2013 22:54:24)

Reset File Permissions 06/19

C:\dell & Sub Folders

Start (08/08/2013 22:54:24)

Running Repair Under System Account

Done (08/08/2013 22:54:26)

Reset File Permissions 07/19

C:\Drivers & Sub Folders

Start (08/08/2013 22:54:26)

Running Repair Under System Account

Done (08/08/2013 22:54:31)

Reset File Permissions 08/19

C:\ifx & Sub Folders

Start (08/08/2013 22:54:31)

Running Repair Under System Account

Done (08/08/2013 22:54:33)

Reset File Permissions 09/19

C:\LGC105 & Sub Folders

Start (08/08/2013 22:54:33)

Running Repair Under System Account

Done (08/08/2013 22:54:36)

Reset File Permissions 10/19

C:\LG_USB & Sub Folders

Start (08/08/2013 22:54:36)

Running Repair Under System Account

Done (08/08/2013 22:54:38)

Reset File Permissions 11/19

C:\LinhaDefensiva & Sub Folders

Start (08/08/2013 22:54:38)

Running Repair Under System Account

Done (08/08/2013 22:54:41)

Reset File Permissions 12/19

C:\PerfLogs & Sub Folders

Start (08/08/2013 22:54:41)

Running Repair Under System Account

Done (08/08/2013 22:54:43)

Reset File Permissions 13/19

C:\Program Files & Sub Folders

Start (08/08/2013 22:54:43)

Running Repair Under System Account

Done (08/08/2013 22:55:20)

Reset File Permissions 14/19

C:\Program Files (x86) & Sub Folders

Start (08/08/2013 22:55:21)

Running Repair Under System Account

Done (08/08/2013 22:58:14)

Reset File Permissions 15/19

C:\ProgramData & Sub Folders

Start (08/08/2013 22:58:14)

Running Repair Under System Account

Done (08/08/2013 22:59:35)

Reset File Permissions 16/19

C:\Qoobox & Sub Folders

Start (08/08/2013 22:59:35)

Running Repair Under System Account

Done (08/08/2013 22:59:38)

Reset File Permissions 17/19

C:\RegBackup & Sub Folders

Start (08/08/2013 22:59:38)

Running Repair Under System Account

Done (08/08/2013 22:59:40)

Reset File Permissions 18/19

C:\System Recovery & Sub Folders

Start (08/08/2013 22:59:40)

Running Repair Under System Account

Done (08/08/2013 22:59:43)

Reset File Permissions 19/19

C:\Windows & Sub Folders

Start (08/08/2013 22:59:43)

Running Repair Under System Account

Done (08/08/2013 23:08:01)

Reset File Permissions 01/11

E:\Arquivos de Programas & Sub Folders

Start (08/08/2013 23:08:01)

Running Repair Under System Account

Done (08/08/2013 23:08:42)

Reset File Permissions 02/11

E:\BACKUP_16.11.2011 & Sub Folders

Start (08/08/2013 23:08:42)

Running Repair Under System Account

Stopping, Waiting for current repair to finish...

Repairs Stopped By User.

Done (09/08/2013 03:54:40)

Total Repair Time: 05:06:23

Starting Repairs...

Start (09/08/2013 07:47:57)

Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (09/08/2013 07:47:57)

Running Repair Under Current User Account

Done (09/08/2013 07:48:10)

Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (09/08/2013 07:48:10)

Running Repair Under System Account

Done (09/08/2013 07:49:59)

Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (09/08/2013 07:49:59)

Running Repair Under System Account

Done (09/08/2013 07:50:55)

Reset File Permissions 01/19

C:\apps & Sub Folders

Start (09/08/2013 07:50:55)

Running Repair Under System Account

Done (09/08/2013 07:50:57)

Reset File Permissions 02/19

C:\Arquivos de Programas & Sub Folders

Start (09/08/2013 07:50:57)

Running Repair Under System Account

Done (09/08/2013 07:51:49)

Reset File Permissions 03/19

C:\Arquivos de Programas RFB & Sub Folders

Start (09/08/2013 07:51:49)

Running Repair Under System Account

Done (09/08/2013 07:51:52)

Reset File Permissions 04/19

C:\Autodesk & Sub Folders

Start (09/08/2013 07:51:52)

Running Repair Under System Account

Done (09/08/2013 07:52:36)

Reset File Permissions 05/19

C:\Config.Msi & Sub Folders

Start (09/08/2013 07:52:36)

Running Repair Under System Account

Done (09/08/2013 07:52:38)

Reset File Permissions 06/19

C:\dell & Sub Folders

Start (09/08/2013 07:52:38)

Running Repair Under System Account

Done (09/08/2013 07:52:41)

Reset File Permissions 07/19

C:\Drivers & Sub Folders

Start (09/08/2013 07:52:41)

Running Repair Under System Account

Done (09/08/2013 07:52:45)

Reset File Permissions 08/19

C:\ifx & Sub Folders

Start (09/08/2013 07:52:45)

Running Repair Under System Account

Done (09/08/2013 07:52:48)

Reset File Permissions 09/19

C:\LGC105 & Sub Folders

Start (09/08/2013 07:52:48)

Running Repair Under System Account

Done (09/08/2013 07:52:50)

Reset File Permissions 10/19

C:\LG_USB & Sub Folders

Start (09/08/2013 07:52:50)

Running Repair Under System Account

Done (09/08/2013 07:52:53)

Reset File Permissions 11/19

C:\LinhaDefensiva & Sub Folders

Start (09/08/2013 07:52:53)

Running Repair Under System Account

Done (09/08/2013 07:52:55)

Reset File Permissions 12/19

C:\PerfLogs & Sub Folders

Start (09/08/2013 07:52:55)

Running Repair Under System Account

Done (09/08/2013 07:52:58)

Reset File Permissions 13/19

C:\Program Files & Sub Folders

Start (09/08/2013 07:52:58)

Running Repair Under System Account

Done (09/08/2013 07:53:35)

Reset File Permissions 14/19

C:\Program Files (x86) & Sub Folders

Start (09/08/2013 07:53:35)

Running Repair Under System Account

Done (09/08/2013 07:55:31)

Reset File Permissions 15/19

C:\ProgramData & Sub Folders

Start (09/08/2013 07:55:31)

Running Repair Under System Account

Done (09/08/2013 07:56:25)

Reset File Permissions 16/19

C:\Qoobox & Sub Folders

Start (09/08/2013 07:56:25)

Running Repair Under System Account

Done (09/08/2013 07:56:28)

Reset File Permissions 17/19

C:\RegBackup & Sub Folders

Start (09/08/2013 07:56:28)

Running Repair Under System Account

Done (09/08/2013 07:56:30)

Reset File Permissions 18/19

C:\System Recovery & Sub Folders

Start (09/08/2013 07:56:31)

Running Repair Under System Account

Done (09/08/2013 07:56:33)

Reset File Permissions 19/19

C:\Windows & Sub Folders

Start (09/08/2013 07:56:33)

Running Repair Under System Account

Done (09/08/2013 08:02:56)

Reset File Permissions: Cleanup

& Sub Folders

Start (09/08/2013 08:02:56)

Running Repair Under System Account

Done (09/08/2013 08:03:01)

Register System Files

Start (09/08/2013 08:03:01)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:03:24)

Repair WMI

Start (09/08/2013 08:03:24)

Running Repair Under Current User Account

Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account

Invalid Global Switch.

Invalid Global Switch.

Done (09/08/2013 08:05:47)

Repair Windows Firewall

Start (09/08/2013 08:05:47)

Running Repair Under Current User Account

Erro de sistema 5.

Acesso negado.

O servi‡o de ICS (Compartilhamento de ConexÆo com a Internet) nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

Erro de sistema 5.

Acesso negado.

O servi‡o solicitado j* foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 2182.

O servi‡o de ICS (Compartilhamento de ConexÆo com a Internet) nÆo p“de ser iniciado.

O servi‡o nÆo informou um erro.

Para obter mais ajuda, digite NET HELPMSG 3534.

O servi‡o solicitado j* foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 2182.

Running Repair Under System Account

O servi‡o de ICS (Compartilhamento de ConexÆo com a Internet) nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

O servi‡o de ICS (Compartilhamento de ConexÆo com a Internet) nÆo p“de ser iniciado.

O servi‡o nÆo informou um erro.

Para obter mais ajuda, digite NET HELPMSG 3534.

Done (09/08/2013 08:06:15)

Repair Internet Explorer

Start (09/08/2013 08:06:15)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:06:37)

Repair MDAC/MS Jet

Start (09/08/2013 08:06:37)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:06:46)

Repair Hosts File

Start (09/08/2013 08:06:46)

Running Repair Under System Account

Done (09/08/2013 08:06:48)

Remove Policies Set By Infections

Start (09/08/2013 08:06:48)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:06:53)

Repair Missing Start Menu Icons Removed By Infections

Start (09/08/2013 08:06:53)

Running Repair Under System Account

Done (09/08/2013 08:06:55)

Repair Icons

Start (09/08/2013 08:06:55)

Running Repair Under System Account

Não foi possível encontrar C:\Users\Daniele BR\AppData\Local\IconCache.db.bak

Não foi possível encontrar C:\Users\Daniele BR\AppData\Local\IconCache.db

Done (09/08/2013 08:06:58)

Repair Winsock & DNS Cache

Start (09/08/2013 08:06:58)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:07:15)

Remove Temp Files

Start (09/08/2013 08:07:15)

Running Repair Under System Account

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

C:\Users\DANIEL~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt - O arquivo já está sendo usado por outro processo.

C:\Users\DANIEL~1\AppData\Local\Temp\~DFB25B6E574BEDF031.TMP - O arquivo já está sendo usado por outro processo.

Done (09/08/2013 08:07:17)

Repair Proxy Settings

Start (09/08/2013 08:07:17)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:07:22)

Unhide Non System Files

Start (09/08/2013 08:07:22)

C:\ - Total Files Unhidden: 718

E:\ - Total Files Unhidden: 0

F:\ - Total Files Unhidden: 0

Q:\ - Total Files Unhidden: 0

Done (09/08/2013 08:09:32)

Repair Windows Updates

Start (09/08/2013 08:09:32)

Running Repair Under Current User Account

O servi‡o de Windows Update nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

O sistema nÆo pode encontrar o arquivo especificado.

Running Repair Under System Account

O servi‡o de Servi‡os de criptografia nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

O servi‡o de Servi‡o de transferˆncia inteligente de plano de fundo nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

O servi‡o de Windows Update nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

O sistema não pode encontrar o arquivo especificado.

Done (09/08/2013 08:09:56)

Repair CD/DVD Missing/Not Working

Start (09/08/2013 08:09:56)

Done (09/08/2013 08:09:56)

Repair Volume Shadow Copy Service

Start (09/08/2013 08:09:56)

Running Repair Under Current User Account

O servi‡o de C¢pia de Sombra de Volume nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

O servi‡o de Provedor de C¢pia de Sombra de Software da Microsoft nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

Running Repair Under System Account

O servi‡o de C¢pia de Sombra de Volume nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

O servi‡o de Provedor de C¢pia de Sombra de Software da Microsoft nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

Done (09/08/2013 08:10:01)

Repair Windows Sidebar/Gadgets

Start (09/08/2013 08:10:01)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:05)

Repair MSI (Windows Installer)

Start (09/08/2013 08:10:05)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:14)

Repair Windows Snipping Tool

Start (09/08/2013 08:10:14)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:19)

Repair bat Association

Start (09/08/2013 08:10:19)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:24)

Repair cmd Association

Start (09/08/2013 08:10:24)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:29)

Repair com Association

Start (09/08/2013 08:10:29)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:33)

Repair Directory Association

Start (09/08/2013 08:10:33)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:38)

Repair Drive Association

Start (09/08/2013 08:10:38)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:43)

Repair exe Association

Start (09/08/2013 08:10:43)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:48)

Repair Folder Association

Start (09/08/2013 08:10:48)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:52)

Repair inf Association

Start (09/08/2013 08:10:52)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:10:57)

Repair lnk (Shortcuts) Association

Start (09/08/2013 08:10:57)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:02)

Repair msc Association

Start (09/08/2013 08:11:02)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:07)

Repair reg Association

Start (09/08/2013 08:11:07)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:11)

Repair scr Association

Start (09/08/2013 08:11:11)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:16)

Repair Windows Safe Mode

Start (09/08/2013 08:11:16)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:21)

Repair Print Spooler

Start (09/08/2013 08:11:21)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:32)

Restore Important Windows Services

Start (09/08/2013 08:11:32)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:37)

Set Windows Services To Default Startup

Start (09/08/2013 08:11:37)

Running Repair Under Current User Account

Running Repair Under System Account

Done (09/08/2013 08:11:44)

Cleaning up empty logs...

All Selected Repairs Done.

Done (09/08/2013 08:11:44)

Total Repair Time: 00:23:47

...YOU MUST RESTART YOUR SYSTEM...

Running Repair Under System Account

Neste momento, meu computador não reconhece meu HD de arquivos!!!!!! Só aparece o C: :(

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×