Ir ao conteúdo
  • Cadastre-se
Rob Asp

Possível infecção

Recommended Posts

Boa tarde pessoal, ultimamente minha net anda muito lenta e os navegadores andam travando muito, então, estou meio desconfiado que pode ser algum vírus ou malware que esteja roubando minha banda..gostaria que analizassem meus logs abaixo, por enquanto obrigado...

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.55.2
Run by ROBERT LIMA at 15:02:59 on 2014-05-19
Microsoft Windows 8 Pro  6.2.9200.0.1252.55.1046.18.4061.1920 [GMT -3:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\003\xmkysecqun64.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TradeManager\AliIM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [aliim] "C:\Program Files (x86)\TradeManager\AliIM.exe" /autorun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [uSB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: itau.com.br
Trusted Zone: taobao.com
Trusted Zone: taobao.com
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{36C6FB55-374A-4454-986D-7FBF85E073E2} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B} : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ROBERT LIMA\AppData\Roaming\Mozilla\Firefox\Profiles\hg651xo3.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll
FF - plugin: C:\Program Files (x86)\TradeManager\nptrademanager.dll
FF - plugin: C:\Program Files (x86)\TradeManager\npwangwang.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-10-23 45880]
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\Drivers\FSPFltd.sys [2013-6-22 54848]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2013/06/02 03:45:05];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-3-1 146928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-3-15 520520]
R2 xmkysecqun64;xmkysecqun64;C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=5B99CC8D-7BAF-430A-9C63-67C9980E3ED8 --> C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=5B99CC8D-7BAF-430A-9C63-67C9980E3ED8 [?]
R3 bthav;Perfil AV do Bluetooth;C:\Windows\System32\Drivers\bthav.sys [2008-7-10 40448]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-8-20 103576]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2014-05-17 12:04:25    261808    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10239.bin
2014-05-03 03:27:58    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-03 03:27:58    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-04-28 18:18:03    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-26 21:21:50    --------    d-sh--w-    C:\ProgramData\System Restore
2014-04-26 02:59:49    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Roaming\FireShot
2014-04-25 21:25:43    --------    d-----w-    C:\Users\ROBERT LIMA\.receitanet
2014-04-20 23:16:46    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Roaming\Alibaba
2014-04-20 23:15:24    --------    d-----w-    C:\Windows\SysWow64\aliedit
2014-04-20 23:15:21    --------    d-----w-    C:\Program Files (x86)\TradeManager
2014-04-20 05:31:11    --------    d-----w-    C:\Users\ROBERT LIMA\TemplatesML
.
==================== Find3M  ====================
.
2014-04-22 23:47:16    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47:16    694232    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-09 14:13:25    0    ----a-w-    C:\Windows\SysWow64\drivers\TPM.SYS
2014-03-21 14:46:46    152848    ----a-w-    C:\Windows\SysWow64\comdlg32.ocx
2014-03-10 22:28:45    31088    ----a-w-    C:\Windows\SysWow64\drivers\gbpndisrd.sys
2014-03-07 00:48:11    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-07 00:47:24    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-07 00:08:30    2240000    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-07 00:08:27    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-03-07 00:08:06    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
.
============= FINISH: 15:03:13,66 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 31/05/2013 21:50:47
System Uptime: 17/05/2014 15:59:41 (48 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5G41T-M LX2/BR
Processor: Pentium® Dual-Core  CPU      E5700  @ 3.00GHz | LGA775 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 248 GiB total, 216,855 GiB free.
D: is FIXED (NTFS) - 684 GiB total, 679,884 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 865,014 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP42: 28/04/2014 12:51:23 - Ponto de Verificação Agendado
RP43: 03/05/2014 13:25:06 - Windows Update
RP44: 11/05/2014 21:15:48 - Ponto de Verificação Agendado
RP45: 17/05/2014 16:33:20 - Instalado Utilitário de Configuração de Rede Sem Fios TP-LINK e dúª
RP46: 19/05/2014 14:48:26 - Removido Utilitário de Configuração de Rede Sem Fios TP-LINK e CîS¶u
.
==== Installed Programs ======================
.
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06) - Português
Adobe Shockwave Player 12.1
aTube Catcher
AVG 2013
CCleaner
CyberLink PowerDVD 10
Google Chrome
Google Update Helper
Java 7 Update 55
Java Auto Updater
K-Lite Codec Pack 9.9.5 (Full)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
My Lockbox 2.9.8
Nero 7 Ultra Edition
neroxml
Picasa 3
Skype™ 6.14
swMSM
TP-LINK TL-WN727N Driver
TradeManager 2013 Beta2
USB Disk Security
Visual Studio 2010 x64 Redistributables
WinRAR 4.00 (64-bit)
.
==== End Of File ===========================
 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-19 15:37:15
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6 MB1000CBZQE rev.HPG1 931,51GB
Running: gmer.exe; Driver: C:\Users\ROBERT~1\AppData\Local\Temp\kglorpow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                                           fffff960001e3e00 7 bytes [00, 77, 82, 01, 00, 57, F2]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                       fffff960001e3e08 7 bytes [01, 42, C0, FF, 00, 17, DB]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                  000007fa86b01532 4 bytes [b0, 86, FA, 07]
.text   C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                  000007fa86b0153a 4 bytes [b0, 86, FA, 07]
.text   C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                000007fa86b0165a 4 bytes [b0, 86, FA, 07]
.text   C:\Program Files\003\xmkysecqun64.exe[2064] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fa8b6a177a 4 bytes [6A, 8B, FA, 07]
.text   C:\Program Files\003\xmkysecqun64.exe[2064] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fa8b6a1782 4 bytes [6A, 8B, FA, 07]
.text   C:\Windows\Explorer.EXE[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue                           000007fa8d563f11 6 bytes JMP 000007fb87204810
.text   C:\Windows\Explorer.EXE[4772] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameW                       000007fa89792d10 5 bytes JMP 000007fb87205050
.text   C:\Windows\Explorer.EXE[4772] C:\Windows\SYSTEM32\slc.dll!SLIsWindowsGenuineLocal                         000007fa8704d724 7 bytes JMP 000007fa87204980
.text   C:\Windows\Explorer.EXE[4772] C:\Windows\SYSTEM32\sppc.dll!SLIsGenuineLocalEx                             000007fa86b9d014 5 bytes JMP 000007fa872049a0

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [4552:4744]                                                                 fffff9600081d5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                         -595065247
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@28bab5122ee9                  0xDE 0x1F 0xDB 0x14 ...

---- EOF - GMER 2.1 ----
 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, segue abaixo os logs atualizados:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.55.2
Run by ROBERT LIMA at 23:22:22 on 2014-05-22
Microsoft Windows 8 Pro  6.2.9200.0.1252.55.1046.18.4061.2679 [GMT -3:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
\SYSTEMROOT\SYSTEM32\SMSS.EXE
C:\PROGRA~2\AVG\AVG2013\AVGRSA.EXE
C:\PROGRAM FILES (X86)\AVG\AVG2013\AVGCSRVA.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRAM FILES (X86)\AVG\AVG2013\AVGIDSAGENT.EXE
C:\PROGRAM FILES (X86)\AVG\AVG2013\AVGWDSVC.EXE
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\003\xmkysecqun64.exe
C:\PROGRAM FILES (X86)\AVG\AVG2013\AVGNSA.EXE
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
C:\WINDOWS\SYSTEM32\DWM.EXE
C:\WINDOWS\SYSTEM32\TASKHOSTEX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE
C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETERW.EXE
C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE
C:\PROGRAM FILES (X86)\CYBERLINK\POWERDVD10\PDVD10SERV.EXE
C:\PROGRAM FILES (X86)\CYBERLINK\SHARED FILES\BRS.EXE
C:\PROGRAM FILES (X86)\AVG\AVG2013\AVGUI.EXE
C:\PROGRAM FILES (X86)\TRADEMANAGER\ALIIM.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE
C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE
C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE
C:\PROGRAM FILES (X86)\AVG\AVG2013\AVGCFGEX.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [aliim] "C:\Program Files (x86)\TradeManager\AliIM.exe" /autorun
uRun: [PriceMeterW] "C:\Users\ROBERT LIMA\AppData\Local\PriceMeter\pricemeterw.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: itau.com.br
Trusted Zone: taobao.com
Trusted Zone: taobao.com
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{36C6FB55-374A-4454-986D-7FBF85E073E2} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B} : DHCPNameServer = 192.168.1.1 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
x64-Run: [spywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-Run: [spywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ROBERT LIMA\AppData\Roaming\Mozilla\Firefox\Profiles\hg651xo3.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com.br
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll
FF - plugin: C:\Program Files (x86)\TradeManager\nptrademanager.dll
FF - plugin: C:\Program Files (x86)\TradeManager\npwangwang.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-10-23 45880]
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\Drivers\FSPFltd.sys [2013-6-22 54848]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2013/06/02 03:45:05];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-3-1 146928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-3-15 520520]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\Drivers\stflt.sys [2014-5-21 51496]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2014-5-21 1146304]
R2 xmkysecqun64;xmkysecqun64;C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=5B99CC8D-7BAF-430A-9C63-67C9980E3ED8 --> C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=5B99CC8D-7BAF-430A-9C63-67C9980E3ED8 [?]
R3 bthav;Perfil AV do Bluetooth;C:\Windows\System32\Drivers\bthav.sys [2008-7-10 40448]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-8-20 103576]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 SWDUMon;SWDUMon;C:\Windows\System32\Drivers\SWDUMon.sys [2014-5-19 16152]
S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2014-05-21 17:26:22    51496    ----a-w-    C:\Windows\System32\drivers\stflt.sys
2014-05-21 17:26:22    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Roaming\Spyware Terminator
2014-05-21 17:26:22    --------    d-----w-    C:\ProgramData\Spyware Terminator
2014-05-21 17:26:18    --------    d-----w-    C:\Program Files (x86)\Spyware Terminator
2014-05-21 17:24:10    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Roaming\Baidu
2014-05-21 17:24:03    --------    d-----w-    C:\ProgramData\Baidu Security
2014-05-21 17:23:58    --------    d-----w-    C:\ProgramData\baidu
2014-05-21 17:23:54    --------    d-----w-    C:\Program Files (x86)\Baidu Security
2014-05-21 17:21:48    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Local\PriceMeter
2014-05-19 22:47:52    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2014-05-19 22:47:36    --------    d-----w-    C:\Intel
2014-05-19 22:45:16    16152    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
2014-05-19 22:45:15    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Local\SlimWare Utilities Inc
2014-05-19 22:45:08    --------    d-----w-    C:\Program Files (x86)\SlimDrivers
2014-05-19 21:45:15    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Local\192
2014-05-19 21:45:15    --------    d-----w-    C:\Users\ROBERT LIMA\.android
2014-05-19 21:45:14    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Local\cache
2014-05-19 21:45:11    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Local\Mobogenie
2014-05-19 21:43:15    --------    d-----w-    C:\ProgramData\IconCache
2014-05-19 21:42:26    718497    ----a-w-    C:\Windows\unins000.exe
2014-05-19 21:17:46    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Roaming\Easeware
2014-05-17 12:04:25    261808    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10239.bin
2014-05-08 13:48:42    227704    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-03 03:27:58    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-03 03:27:58    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-04-28 18:18:03    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-26 21:21:50    --------    d-sh--w-    C:\ProgramData\System Restore
2014-04-26 02:59:49    --------    d-----w-    C:\Users\ROBERT LIMA\AppData\Roaming\FireShot
2014-04-25 21:25:43    --------    d-----w-    C:\Users\ROBERT LIMA\.receitanet
.
==================== Find3M  ====================
.
2014-04-22 23:47:16    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47:16    694232    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-09 14:13:25    0    ----a-w-    C:\Windows\SysWow64\drivers\TPM.SYS
2014-03-21 14:46:46    152848    ----a-w-    C:\Windows\SysWow64\comdlg32.ocx
2014-03-10 22:28:45    31088    ----a-w-    C:\Windows\SysWow64\drivers\gbpndisrd.sys
2014-03-07 00:48:11    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-07 00:47:24    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-07 00:08:30    2240000    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-07 00:08:27    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-03-07 00:08:06    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
.
============= FINISH: 23:22:59,10 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 31/05/2013 21:50:47
System Uptime: 19/05/2014 19:49:27 (76 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5G41T-M LX2/BR
Processor: Pentium® Dual-Core  CPU      E5700  @ 3.00GHz | LGA775 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 248 GiB total, 216,608 GiB free.
D: is FIXED (NTFS) - 684 GiB total, 679,884 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 865,014 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 03/05/2014 13:25:06 - Windows Update
RP44: 11/05/2014 21:15:48 - Ponto de Verificação Agendado
RP45: 17/05/2014 16:33:20 - Instalado Utilitário de Configuração de Rede Sem Fios TP-LINK e dúª
RP46: 19/05/2014 14:48:26 - Removido Utilitário de Configuração de Rede Sem Fios TP-LINK e CîS¶u
RP47: 19/05/2014 19:46:48 - SlimDrivers Installing Drivers
.
==== Installed Programs ======================
.
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07) - Português
Adobe Shockwave Player 12.1
aTube Catcher
AVG 2013
CCleaner
CyberLink PowerDVD 10
Google Chrome
Google Update Helper
Java 7 Update 55
Java Auto Updater
K-Lite Codec Pack 9.9.5 (Full)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
My Lockbox 2.9.8
My Program version 1.5
Nero 7 Ultra Edition
neroxml
Picasa 3
Price Metér (remove only)
Skype™ 6.14
SlimDrivers
Software Version Updater
Spyware Terminator 2012
swMSM
TP-LINK TL-WN727N Driver
TradeManager 2013 Beta2
Visual Studio 2010 x64 Redistributables
WinRAR 4.00 (64-bit)
.
==== End Of File ===========================
 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-22 23:53:13
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7 MB1000CBZQE rev.HPG1 931,51GB
Running: gmer.exe; Driver: C:\Users\ROBERT~1\AppData\Local\Temp\kglorpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\003\xmkysecqun64.exe[2292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                 000007fd647d177a 4 bytes [7D, 64, FD, 07]
.text    C:\Program Files\003\xmkysecqun64.exe[2292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                 000007fd647d1782 4 bytes [7D, 64, FD, 07]
.text    C:\WINDOWS\EXPLORER.EXE[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue                                                                                                                          000007fd662d3f11 6 bytes JMP 000007fe5f7e4810
.text    C:\WINDOWS\EXPLORER.EXE[5184] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameW                                                                                                                      000007fd62832d10 5 bytes JMP 000007fe5f7e5050
.text    C:\WINDOWS\EXPLORER.EXE[5184] C:\Windows\SYSTEM32\slc.dll!SLIsWindowsGenuineLocal                                                                                                                        000007fd5f04d724 7 bytes JMP 000007fd5f7e4980
.text    C:\WINDOWS\EXPLORER.EXE[5184] C:\Windows\SYSTEM32\sppc.dll!SLIsGenuineLocalEx                                                                                                                            000007fd5ea6d014 5 bytes JMP 000007fd5f7e49a0

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\SYSTEM32\CSRSS.EXE [5656:2372]                                                                                                                                                                fffff960006885e8
---- Processes - GMER 2.1 ----

Process  C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETERW.EXE (*** suspicious ***) @ C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETERW.EXE [5780] (PriceMeterW/PriceMeter)(2014-05-21 17:26:03)  0000000001350000
Process  C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE (*** suspicious ***) @ C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE [1440] (PriceMeter)(2014-05-21 17:26:03)                0000000000280000
Process  C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE (*** suspicious ***) @ C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE [5472] (PriceMeter)(2014-05-21 17:26:03)                0000000000280000
Process  C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE (*** suspicious ***) @ C:\USERS\ROBERT LIMA\APPDATA\LOCAL\PRICEMETER\PRICEMETER.EXE [4116] (PriceMeter)(2014-05-21 17:26:03)                0000000000280000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                        -1204970499
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57                                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@28bab5122ee9                                                                                                                 0xDE 0x1F 0xDB 0x14 ...

---- EOF - GMER 2.1 ----
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Rob Asp

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Faça o donwload do OTL by OldTimer e salve em seu Desktop.
  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sys/md5stop
  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
Não interrompa o scan em hipótese alguma;
Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
Poste os dois logs em sua próxima resposta.
Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, seguem abaixo os logs solicitados:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Pro x64
Ran by ROBERT LIMA on 23/05/2014 at 12:47:51,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\amiupdxp.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\ROBERT LIMA\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\ROBERT LIMA\AppData\Roaming\getrighttogo"



~~~ FireFox

Successfully deleted: [File] C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\firefox\profiles\hg651xo3.default\user.js
Emptied folder: C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\firefox\profiles\hg651xo3.default\minidumps [20 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/05/2014 at 12:55:26,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.210 - Relatório criado 23/05/2014 às 13:20:21
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 8 Pro  (64 bits)
# Usuário : ROBERT LIMA - ROBERT
# Executando de : C:\Users\ROBERT LIMA\Desktop\adwcleaner_3.210.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : xmkysecqun64

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Users\ROBERT LIMA\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\ROBERT LIMA\AppData\Local\PriceMeter
Arquivo Deletada : C:\Users\ROBERT LIMA\daemonprocess.txt
Arquivo Deletada : C:\Windows\System32\Tasks\pricemeterdownloader
Arquivo Deletada : C:\Windows\System32\Tasks\pricemetertask
Arquivo Deletada : C:\Windows\System32\Tasks\pricemeterwatcher

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : HKCU\Software\AVG Nation toolbar
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\ViewPassword
Chave Deletedo : HKLM\Software\AVG Nation toolbar
Chave Deletedo : HKLM\Software\AVG Security Toolbar
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\ROBERT LIMA\AppData\Roaming\Mozilla\Firefox\Profiles\hg651xo3.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\ROBERT LIMA\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [startup_urls] : hxxp://www.search.ask.com/?tpid=ATU3-SAT&o=APN10947&pf=V7&trgb=CR&p2=%5EB1W%5EYYYYYY%5EYY%5EBR&gct=hp&apn_ptnrs=%5EB1W&apn_dtid=%5EYYYYYY%5EYY%5EBR&apn_dbr=cr_33.0.1750.154&apn_uid=A4AD58E3-71F4-418C-9DF7-7F2B1DC0A245&itbv=12.10.6.4907&doi=2014-03-28&psv=
Deletedo [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [2951 octets] - [23/05/2014 12:57:50]
AdwCleaner[s0].txt - [2696 octets] - [23/05/2014 13:20:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2756 octets] ##########

 

OTL logfile created on: 23/05/2014 13:26:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ROBERT LIMA\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16863)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,97 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,97% Memory free
4,65 Gb Paging File | 3,28 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,58 Gb Total Space | 216,31 Gb Free Space | 87,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 679,88 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 865,01 Gb Free Space | 92,86% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT | User Name: ROBERT LIMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/23 12:46:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ROBERT LIMA\Desktop\OTL.exe
PRC - [2014/05/13 23:23:34 | 003,681,688 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2014/05/13 23:23:26 | 002,774,936 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2014/05/13 18:11:42 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/11 23:08:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 00:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2013/08/22 03:37:48 | 000,293,272 | ---- | M] (Alibaba (China) Co., Ltd.) -- C:\Program Files (x86)\TradeManager\AliIM.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/08 18:42:42 | 002,584,864 | ---- | M] (FSPro Labs) -- C:\Arquivos de Programas\My Lockbox\mylbx.exe
PRC - [2011/03/01 06:57:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 18:11:42 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/11 23:08:54 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/27 01:17:08 | 000,367,120 | ---- | M] () -- C:\Program Files (x86)\TradeManager\rv2archive.dll
MOD - [2013/01/14 09:17:22 | 000,456,208 | ---- | M] () -- C:\Program Files (x86)\TradeManager\uacagent.dll
MOD - [2012/12/12 01:40:44 | 000,037,488 | ---- | M] () -- C:\Program Files (x86)\TradeManager\rv2log.dll
MOD - [2012/12/12 01:40:38 | 000,321,648 | ---- | M] () -- C:\Program Files (x86)\TradeManager\rv2core.dll
MOD - [2012/11/23 03:11:54 | 000,279,584 | ---- | M] () -- C:\Program Files (x86)\TradeManager\pcre.dll
MOD - [2012/11/22 06:04:36 | 001,554,888 | ---- | M] () -- C:\Program Files (x86)\TradeManager\libeay32.dll
MOD - [2010/06/30 14:03:14 | 000,051,512 | ---- | M] () -- C:\Arquivos de Programas\My Lockbox\FSPFlt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/13 23:23:42 | 001,146,304 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2014/05/13 18:11:42 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/11 23:08:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/20 00:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/26 00:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 00:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/04/09 11:13:25 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TPM.SYS -- (TPM)
DRV - [2011/03/01 10:57:56 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/06/02 03:45:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.br.msn.com/
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 EC 3E E2 E0 5F CE 01  [binary data]
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..\SearchScopes\{4B2E63B3-1175-498D-8B43-1C98E18A65A2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com.br"
FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.10
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.54
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Program Files (x86)\TradeManager\nptrademanager.dll ( )
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\TradeManager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0: C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/19 19:56:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873}: C:\Users\ROBERT LIMA\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/19 19:56:33 | 000,000,000 | ---D | M]
 
[2013/06/04 18:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\Extensions
[2014/05/05 09:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\Firefox\Profiles\hg651xo3.default\extensions
[2014/05/03 13:23:18 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\Firefox\Profiles\hg651xo3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2014/05/05 09:08:35 | 000,207,726 | ---- | M] () (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\firefox\profiles\hg651xo3.default\extensions\oldnewsfeed@jetpack.xpi
[2013/07/22 20:24:03 | 000,280,941 | ---- | M] () (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\firefox\profiles\hg651xo3.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2014/05/11 23:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 23:08:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/26 22:52:44 | 000,087,568 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2013/03/26 22:52:46 | 000,087,568 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EBR&gct=&itbv=12.10.6.48&doi=2014-04-28&apn_uid=33BB71AA-4054-4C4A-8D52-C533FD009B9F&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EBR&apn_dbr=cr_34.0.1847.131&psv=&trgb=CR&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Users\ROBERT LIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/05/17 14:42:36 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001..\Run: [aliim] C:\Program Files (x86)\TradeManager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: itau.com.br ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: itau.com.br ([bankline] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: itau.com.br ([clickbanking] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: itau.com.br ([guardiao] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: itau.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3070796102-1358900160-2401040873-1001\..Trusted Domains: taobao.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C6FB55-374A-4454-986D-7FBF85E073E2}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{841534a9-cc51-11e2-be6f-bcaec59c31df}\Shell - "" = AutoRun
O33 - MountPoints2\{841534a9-cc51-11e2-be6f-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{841534d3-cc51-11e2-be6f-bcaec59c31df}\Shell - "" = AutoRun
O33 - MountPoints2\{841534d3-cc51-11e2-be6f-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{975258cf-85c9-11e3-be9c-bcaec59c31df}\Shell - "" = AutoRun
O33 - MountPoints2\{975258cf-85c9-11e3-be9c-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus estender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus estender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus estender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAWFP - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SecureAssist - service
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus estender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9CE848E2-B9D1-47a5-A74E-15B1AFD915D6} -
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/23 12:58:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/23 12:57:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/23 12:47:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/23 12:45:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ROBERT LIMA\Desktop\OTL.exe
[2014/05/23 12:43:41 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\ROBERT LIMA\Desktop\JRT.exe
[2014/05/23 00:14:25 | 000,000,000 | ---D | C] -- D:\Users\ROBERT LIMA\Documents\Azamerica s1005
[2014/05/21 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\Spyware Terminator
[2014/05/21 14:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2014/05/21 14:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2014/05/21 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2014/05/21 14:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2014/05/21 14:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
[2014/05/21 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
[2014/05/21 14:21:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2014/05/19 19:47:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2014/05/19 19:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/05/19 19:47:36 | 000,000,000 | ---D | C] -- C:\Intel
[2014/05/19 19:45:15 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Local\SlimWare Utilities Inc
[2014/05/19 19:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2014/05/19 19:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2014/05/19 19:45:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/05/19 19:13:30 | 000,581,632 | -H-- | C] (radio42) -- C:\Users\ROBERT LIMA\Desktop\Bass.Net.dll
[2014/05/19 19:13:30 | 000,105,528 | -H-- | C] (Un4seen Developments) -- C:\Users\ROBERT LIMA\Desktop\Bass.dll
[2014/05/19 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Local\192
[2014/05/19 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\.android
[2014/05/19 18:45:14 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Local\cache
[2014/05/19 18:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IconCache
[2014/05/19 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\Easeware
[2014/05/19 14:54:45 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\Desktop\gmer
[2014/05/19 14:53:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\ROBERT LIMA\Desktop\dds.scr
[2014/05/15 02:15:33 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\Desktop\casa
[2014/05/11 23:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/28 15:18:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/28 15:18:03 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/28 15:18:03 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/28 15:18:03 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/28 15:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/26 18:21:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\System Restore
[2014/04/25 23:59:49 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\FireShot
[2014/04/25 18:25:43 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\.receitanet
[2014/04/25 12:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/06/02 19:02:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ROBERT LIMA\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/23 13:23:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/23 13:21:49 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014/05/23 13:21:41 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/23 13:21:32 | 3406,655,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/23 13:21:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/23 13:20:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/23 13:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/23 12:46:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ROBERT LIMA\Desktop\OTL.exe
[2014/05/23 12:45:49 | 001,326,389 | ---- | M] () -- C:\Users\ROBERT LIMA\Desktop\adwcleaner_3.210.exe
[2014/05/23 12:43:45 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\ROBERT LIMA\Desktop\JRT.exe
[2014/05/23 12:35:36 | 000,591,051 | ---- | M] () -- C:\Windows\SysWow64\_q5C84hNuFyw
[2014/05/22 23:54:33 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/21 14:26:19 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/05/19 19:50:03 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2014/05/19 19:45:08 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2014/05/19 19:13:30 | 000,581,632 | -H-- | M] (radio42) -- C:\Users\ROBERT LIMA\Desktop\Bass.Net.dll
[2014/05/19 19:13:30 | 000,105,528 | -H-- | M] (Un4seen Developments) -- C:\Users\ROBERT LIMA\Desktop\Bass.dll
[2014/05/19 18:42:26 | 000,118,260 | ---- | M] () -- C:\Windows\unins000.dat
[2014/05/19 18:42:17 | 000,718,497 | ---- | M] () -- C:\Windows\unins000.exe
[2014/05/19 14:53:15 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\ROBERT LIMA\Desktop\dds.scr
[2014/05/17 14:51:30 | 000,006,406 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_145128.reg
[2014/05/17 14:46:57 | 000,020,140 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_144654.reg
[2014/05/17 13:33:56 | 000,273,125 | ---- | M] () -- C:\Users\ROBERT LIMA\recibo.jpeg
[2014/05/11 23:32:31 | 001,141,899 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\Comprovante endereço.pdf
[2014/05/03 02:42:31 | 000,694,922 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\TABELA.pdf
[2014/04/26 00:05:35 | 000,116,093 | ---- | M] () -- C:\Users\ROBERT LIMA\Desktop\O AliExpress _ Gestão de pedidos.pdf
[2014/04/25 12:04:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/23 12:45:43 | 001,326,389 | ---- | C] () -- C:\Users\ROBERT LIMA\Desktop\adwcleaner_3.210.exe
[2014/05/21 14:26:19 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/05/19 19:50:06 | 000,591,051 | ---- | C] () -- C:\Windows\SysWow64\_q5C84hNuFyw
[2014/05/19 19:45:19 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014/05/19 19:45:08 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2014/05/19 18:42:26 | 000,718,497 | ---- | C] () -- C:\Windows\unins000.exe
[2014/05/19 18:42:26 | 000,118,260 | ---- | C] () -- C:\Windows\unins000.dat
[2014/05/19 18:17:45 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2014/05/17 14:51:29 | 000,006,406 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_145128.reg
[2014/05/17 14:46:56 | 000,020,140 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_144654.reg
[2014/05/17 13:34:29 | 000,273,125 | ---- | C] () -- C:\Users\ROBERT LIMA\recibo.jpeg
[2014/05/15 02:17:36 | 000,694,922 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\TABELA.pdf
[2014/05/12 01:50:48 | 000,018,989 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\boleto.gif
[2014/05/11 23:32:26 | 001,141,899 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\Comprovante endereço.pdf
[2014/04/25 23:37:28 | 000,116,093 | ---- | C] () -- C:\Users\ROBERT LIMA\Desktop\O AliExpress _ Gestão de pedidos.pdf
[2014/04/09 11:13:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\TPM.SYS
[2013/09/13 21:41:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/06/06 19:12:35 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/06/04 18:05:40 | 000,000,572 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/06/02 19:23:55 | 000,000,210 | ---- | C] () -- C:\Windows\wininit.ini
[2013/06/02 19:02:09 | 000,099,384 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\inst.exe
[2013/06/02 19:02:09 | 000,007,859 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\pcouffin.cat
[2013/06/02 19:02:09 | 000,001,167 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\pcouffin.inf
[2013/06/02 19:00:06 | 000,001,057 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\vso_ts_preview.xml
[2012/07/26 05:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 05:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 04:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 22:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 17:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 17:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 17:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 17:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 17:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 11:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/04/12 00:58:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/01/26 21:31:25 | 019,752,448 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/01/26 21:52:21 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 00:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 00:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 00:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/11 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/06/11 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2014/04/20 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Alibaba
[2013/06/03 10:58:02 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\AVG2013
[2014/05/19 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Easeware
[2014/04/25 23:59:49 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\FireShot
[2014/05/21 14:26:22 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Spyware Terminator
[2013/06/03 10:57:31 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\TuneUp Software
[2013/06/02 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Vso
[2013/06/02 18:56:46 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Zbshareware Lab
[2013/06/11 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Usuário Padrão\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< MD5 for: ATAPI.SYS  >
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Users\ROBERT LIMA\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140519T224705358006\internal_ide_channel\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Users\ROBERT LIMA\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140519T224705358006\pci\ven_8086&dev_27c0\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Users\ROBERT LIMA\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140519T224705358006\pci\ven_8086&dev_27df\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys
[2012/07/26 02:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys
 
< MD5 for: NETLOGON.DLL  >
[2012/07/26 00:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012/07/26 00:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll
[2012/07/26 00:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll
[2012/07/26 00:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012/07/26 02:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2012/07/26 02:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2012/07/26 02:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2012/07/26 00:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll
[2012/07/26 00:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll
[2012/07/26 00:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll
[2012/07/26 00:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\ROBERT LIMA\recibo.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
 


Restante...

 

OTL Extras logfile created on: 23/05/2014 13:26:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ROBERT LIMA\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16863)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,97 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,97% Memory free
4,65 Gb Paging File | 3,28 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,58 Gb Total Space | 216,31 Gb Free Space | 87,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 679,88 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 865,01 Gb Free Space | 92,86% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT | User Name: ROBERT LIMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AD8F2D44-E14A-4CA8-A4AB-ACE8CC7E7109}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000B3FD3-59C3-40F1-9FB6-12B3072C48C8}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{05271DD6-6AC7-4A1C-9168-03BD9B19CFB3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{073DC2C2-537D-467C-AB09-909A9CE79EE7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{0FD0D7EB-C733-4A48-8FAB-A15D963C5FA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14CDA6F2-9FAD-442F-9A9B-2D9ABB29F2E1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1CCB793A-5526-4F1A-8162-4568573BCBC4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{20A8D011-4B1D-469A-B5D4-5F3DA4158511}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{25FD1C5C-995F-477A-B41C-9578F1AEB7FA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{27DF8B69-1042-4EC4-ADC8-5923221C5256}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{31336A84-CAC8-4782-B034-9E65FA703E88}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{32741797-44C5-4129-9672-36ABB8F683FB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{38734ED0-95E5-44A7-A9B4-263161B2B4DD}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{46E7C8BC-44AC-45B9-A06C-4C5B656A2C29}" = protocol=6 | dir=in | app=c:\program files (x86)\trademanager\aliim.exe |
"{5095F988-370A-4124-B2C3-4BE00878EC98}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{59C328A3-2065-408E-A768-A343A8D599D0}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{698E6315-9646-443C-B6F0-3CF322498BC1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6F528345-3130-422D-9C24-6DB7CC87AE96}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{740709DB-DFF6-45E1-BB12-E9E525E5A92B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{7B7D048E-EE40-43FE-BA17-A03833CB0BC7}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{7E118F5B-76A2-4382-8BE5-9952BD555B37}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85190BEB-87E8-4A54-8F6F-BF27A41386DA}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9297593E-1DE2-4D3C-A48F-2F76B8F6F799}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{95A5B44B-129A-4651-9A52-61F729744E22}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{9CD0EA8D-C7F7-45BD-A703-CE7A0B9D916C}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{9CD6136D-39FB-41B6-A077-BA868C90281A}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{A0E5FC58-BBB1-4D8A-A3CF-2002033C6452}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AE3B53FC-0811-4D97-A835-82BF9B6F3C50}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B2C2F84F-C2C8-4C3E-BC22-6AE3091EFE1F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B7F696CD-0E9C-427F-AB53-9D9F387D6E8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{B82BB6C1-9E17-490E-AAFB-4AA63AA876F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{B8F9F30D-E539-4BE5-9CFE-8E1F7FD3C7FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{C18764C8-8C3B-443E-AD98-12A336FDBA1D}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{C9487750-09B7-455C-A0D4-9D5C2A7D59E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{CC9D3DA0-3E06-4C41-8CCF-AC451ACEB7F4}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D5B59499-AAF7-4A8F-9B88-7E3DE3196198}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{D679819B-45F4-47B3-AE4C-F0E311830B86}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{DAAFB14C-4BF1-4E8E-BF30-E270E2811EEE}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{DEB97630-DF9B-475D-9C49-2C4E356CBE6C}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{DECE8310-C6E3-4B3E-87E0-EB8B03C8F26C}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{E280DCA3-76EE-4D42-A61E-11A31714EDAE}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E868DA7C-1D78-46F7-8F7E-9A637B761789}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{F2E37470-8FE1-4078-9C50-0F95CE4625A1}" = protocol=17 | dir=in | app=c:\program files (x86)\trademanager\aliim.exe |
"{F51CAF7E-D2E8-4021-8A30-9B985E89F459}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F86F787F-08C8-4028-9949-73E4F05701AC}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FFF1C3B8-6B98-4084-9198-4E5AF7EF0764}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"TCP Query User{452585D9-9258-467C-B424-9B7F1E56C637}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{D41893BB-7B96-4D3E-8336-52B31ECF5678}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{11D4A61A-5BAC-4A7F-B858-706253EBDFAD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A070A021-C374-40D1-8DEF-96569F4CE00C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Português
"{CF097717-F174-4144-954A-FBC4BF301046}" = Nero 7 Ultra Edition
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E796AA87-FE52-49A8-AD93-0236A9F87632}" = TP-LINK TL-WN727N Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"aTube Catcher" = aTube Catcher
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.5 (Full)
"Mozilla Firefox 29.0.1 (x86 pt-BR)" = Mozilla Firefox 29.0.1 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Program_is1" = My Program version 1.5
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"TradeManager" = TradeManager 2013 Beta2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3070796102-1358900160-2401040873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Price Metér" = Price Metér (remove only)
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 23/05/2014 12:20:44 | Computer Name = ROBERT | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
 erro:   %%5
 
 
< End of report >
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Rob Asp

 

Etapa nº 1 #

 

Você adicionou estes sites como confiáveis:

 

Trusted Domains: alipay.com ([]http in Trusted sites)
Trusted Domains: alisoft.com ([]http in Trusted sites)
Trusted Domains: taobao.com ([]http in Trusted sites)

 

 

 

Etapa nº 2 #

 

Novamente com o OTL
  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTLCHR - default_search_provider: Ask Search (Enabled)CHR - default_search_provider: search_url = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EBR&gct=&itbv=12.10.6.48&doi=2014-04-28&apn_uid=33BB71AA-4054-4C4A-8D52-C533FD009B9F&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EBR&apn_dbr=cr_34.0.1847.131&psv=&trgb=CR&q={searchTerms}CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms},O33 - MountPoints2\{841534a9-cc51-11e2-be6f-bcaec59c31df}\Shell - "" = AutoRunO33 - MountPoints2\{841534a9-cc51-11e2-be6f-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"O33 - MountPoints2\{841534d3-cc51-11e2-be6f-bcaec59c31df}\Shell - "" = AutoRunO33 - MountPoints2\{841534d3-cc51-11e2-be6f-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"O33 - MountPoints2\{975258cf-85c9-11e3-be9c-bcaec59c31df}\Shell - "" = AutoRunO33 - MountPoints2\{975258cf-85c9-11e3-be9c-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"O33 - MountPoints2\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\Shell - "" = AutoRunO33 - MountPoints2\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"[2014/05/21 14:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security[2014/05/21 14:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security[2014/05/21 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér[2014/05/21 14:21:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu@Alternate Data Stream - 168 bytes -> C:\Users\ROBERT LIMA\recibo.jpeg:3or4kl4x13tuuug3Byamue2s4b@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 :Commands[purity][emptyflash][createrestorepoint][emptytemp]
  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, Seguem os logs:

 

ll processes killed
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841534a9-cc51-11e2-be6f-bcaec59c31df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841534a9-cc51-11e2-be6f-bcaec59c31df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841534a9-cc51-11e2-be6f-bcaec59c31df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841534a9-cc51-11e2-be6f-bcaec59c31df}\ not found.
File "G:\AutoRun.exe" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841534d3-cc51-11e2-be6f-bcaec59c31df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841534d3-cc51-11e2-be6f-bcaec59c31df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841534d3-cc51-11e2-be6f-bcaec59c31df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841534d3-cc51-11e2-be6f-bcaec59c31df}\ not found.
File "G:\AutoRun.exe" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975258cf-85c9-11e3-be9c-bcaec59c31df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975258cf-85c9-11e3-be9c-bcaec59c31df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975258cf-85c9-11e3-be9c-bcaec59c31df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975258cf-85c9-11e3-be9c-bcaec59c31df}\ not found.
File "G:\AutoRun.exe" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdb137c4-94fa-11e3-be9f-bcaec59c31df}\ not found.
File "G:\AutoRun.exe" not found.
C:\ProgramData\Baidu Security folder moved successfully.
C:\Program Files (x86)\Baidu Security\Baidu Antivirus folder moved successfully.
C:\Program Files (x86)\Baidu Security folder moved successfully.
C:\Users\ROBERT LIMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér folder moved successfully.
C:\Users\Public\Documents\Baidu\Common\I18N folder moved successfully.
C:\Users\Public\Documents\Baidu\Common folder moved successfully.
C:\Users\Public\Documents\Baidu folder moved successfully.
Unable to delete ADS C:\Users\ROBERT LIMA\recibo.jpeg:3or4kl4x13tuuug3Byamue2s4b .
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: ROBERT LIMA
->Flash cache emptied: 2286 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
 
Total Flash Files Cleaned = 0,00 mb
 
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ROBERT LIMA
->Temp folder emptied: 37922943 bytes
->Temporary Internet Files folder emptied: 48406359 bytes
->Java cache emptied: 248178 bytes
->FireFox cache emptied: 223553119 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 707 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35503882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 18787 bytes
 
Total Files Cleaned = 330,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05252014_190032

Files\Folders moved on Reboot...
C:\Users\ROBERT LIMA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\ROBERT LIMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Users\ROBERT LIMA\AppData\Local\Mozilla\Firefox\Profiles\hg651xo3.default\Cache\_CACHE_001_ moved successfully.
C:\Users\ROBERT LIMA\AppData\Local\Mozilla\Firefox\Profiles\hg651xo3.default\Cache\_CACHE_002_ moved successfully.
C:\Users\ROBERT LIMA\AppData\Local\Mozilla\Firefox\Profiles\hg651xo3.default\Cache\_CACHE_003_ moved successfully.
C:\Users\ROBERT LIMA\AppData\Local\Mozilla\Firefox\Profiles\hg651xo3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\ROBERT LIMA\AppData\Local\Mozilla\Firefox\Profiles\hg651xo3.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


 OTL logfile created on: 25/05/2014 19:08:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ROBERT LIMA\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16863)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,97 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 68,04% Memory free
4,65 Gb Paging File | 3,23 Gb Available in Paging File | 69,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,58 Gb Total Space | 216,83 Gb Free Space | 87,58% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 679,88 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 864,41 Gb Free Space | 92,80% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT | User Name: ROBERT LIMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/23 12:46:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ROBERT LIMA\Desktop\OTL.exe
PRC - [2014/05/13 23:23:34 | 003,681,688 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2014/05/13 23:23:26 | 002,774,936 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2014/05/13 18:11:42 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/11 23:08:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 00:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2013/08/22 03:37:48 | 000,293,272 | ---- | M] (Alibaba (China) Co., Ltd.) -- C:\Program Files (x86)\TradeManager\AliIM.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/08 18:42:42 | 002,584,864 | ---- | M] (FSPro Labs) -- C:\Arquivos de Programas\My Lockbox\mylbx.exe
PRC - [2011/03/01 06:57:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 18:11:42 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/11 23:08:54 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/27 01:17:08 | 000,367,120 | ---- | M] () -- C:\Program Files (x86)\TradeManager\rv2archive.dll
MOD - [2013/01/14 09:17:22 | 000,456,208 | ---- | M] () -- C:\Program Files (x86)\TradeManager\uacagent.dll
MOD - [2012/12/12 01:40:44 | 000,037,488 | ---- | M] () -- C:\Program Files (x86)\TradeManager\rv2log.dll
MOD - [2012/12/12 01:40:38 | 000,321,648 | ---- | M] () -- C:\Program Files (x86)\TradeManager\rv2core.dll
MOD - [2012/11/23 03:11:54 | 000,279,584 | ---- | M] () -- C:\Program Files (x86)\TradeManager\pcre.dll
MOD - [2012/11/22 06:04:36 | 001,554,888 | ---- | M] () -- C:\Program Files (x86)\TradeManager\libeay32.dll
MOD - [2010/06/30 14:03:14 | 000,051,512 | ---- | M] () -- C:\Arquivos de Programas\My Lockbox\FSPFlt.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/08/16 02:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/24 19:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 06:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 03:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 03:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 01:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 23:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 23:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 20:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 20:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 03:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 00:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 00:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 00:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 00:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 00:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 00:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 00:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 00:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 00:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 00:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 00:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 00:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 21:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014/05/13 23:23:42 | 001,146,304 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2014/05/13 18:11:42 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/11 23:08:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/20 00:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/26 00:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 00:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/25 19:05:13 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/05/21 14:26:22 | 000,051,496 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013/11/25 00:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/25 04:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/24 19:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/23 00:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/10 08:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 03:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 23:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/08/16 02:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 03:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/18 02:04:48 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/07/09 05:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 22:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 22:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/29 03:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 00:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/17 11:13:26 | 000,017,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2013/03/02 07:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 07:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 22:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/27 00:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 01:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 00:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012/10/12 05:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 04:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/28 17:55:02 | 001,979,464 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012/09/20 04:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 04:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 02:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 02:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 02:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 02:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 02:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 02:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 02:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 02:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 02:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 02:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 02:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 02:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 02:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 02:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 02:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 02:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 02:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 01:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 01:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 00:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 23:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 23:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 23:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 23:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 23:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 23:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 23:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 23:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 23:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 23:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 23:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 23:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 23:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 23:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 23:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 23:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 23:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 23:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 23:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 23:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 23:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 23:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 23:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 23:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 23:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/02 11:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/06/02 11:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2010/07/22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2008/07/10 18:20:40 | 000,040,448 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bthav.sys -- (bthav)
DRV - [2014/04/09 11:13:25 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TPM.SYS -- (TPM)
DRV - [2011/03/01 10:57:56 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/06/02 03:45:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.br.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 EC 3E E2 E0 5F CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {4B2E63B3-1175-498D-8B43-1C98E18A65A2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{4B2E63B3-1175-498D-8B43-1C98E18A65A2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com.br"
FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.10
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.54
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Program Files (x86)\TradeManager\nptrademanager.dll ( )
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\TradeManager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0: C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/19 19:56:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873}: C:\Users\ROBERT LIMA\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/19 19:56:33 | 000,000,000 | ---D | M]
 
[2013/06/04 18:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\Extensions
[2014/05/05 09:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\Firefox\Profiles\hg651xo3.default\extensions
[2014/05/03 13:23:18 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\Firefox\Profiles\hg651xo3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2014/05/05 09:08:35 | 000,207,726 | ---- | M] () (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\firefox\profiles\hg651xo3.default\extensions\oldnewsfeed@jetpack.xpi
[2013/07/22 20:24:03 | 000,280,941 | ---- | M] () (No name found) -- C:\Users\ROBERT LIMA\AppData\Roaming\mozilla\firefox\profiles\hg651xo3.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2014/05/11 23:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 23:08:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/26 22:52:44 | 000,087,568 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2013/03/26 22:52:46 | 000,087,568 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EBR&gct=&itbv=12.10.6.48&doi=2014-04-28&apn_uid=33BB71AA-4054-4C4A-8D52-C533FD009B9F&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EBR&apn_dbr=cr_34.0.1847.131&psv=&trgb=CR&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Users\ROBERT LIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/05/17 14:42:36 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [spywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [spywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [aliim] C:\Program Files (x86)\TradeManager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] * in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([clickbanking] * in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([guardiao] * in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C6FB55-374A-4454-986D-7FBF85E073E2}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A9422C-6639-4B06-998C-1E0F8988145B}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/25 19:00:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/23 12:58:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/23 12:57:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/23 12:47:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/23 12:45:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ROBERT LIMA\Desktop\OTL.exe
[2014/05/23 12:43:41 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\ROBERT LIMA\Desktop\JRT.exe
[2014/05/23 00:14:25 | 000,000,000 | ---D | C] -- D:\Users\ROBERT LIMA\Documents\Azamerica s1005
[2014/05/21 14:26:22 | 000,051,496 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/05/21 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\Spyware Terminator
[2014/05/21 14:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2014/05/21 14:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2014/05/21 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2014/05/19 19:47:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2014/05/19 19:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/05/19 19:47:36 | 000,000,000 | ---D | C] -- C:\Intel
[2014/05/19 19:45:15 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Local\SlimWare Utilities Inc
[2014/05/19 19:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2014/05/19 19:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2014/05/19 19:45:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/05/19 19:13:30 | 000,581,632 | -H-- | C] (radio42) -- C:\Users\ROBERT LIMA\Desktop\Bass.Net.dll
[2014/05/19 19:13:30 | 000,105,528 | -H-- | C] (Un4seen Developments) -- C:\Users\ROBERT LIMA\Desktop\Bass.dll
[2014/05/19 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Local\192
[2014/05/19 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\.android
[2014/05/19 18:45:14 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Local\cache
[2014/05/19 18:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IconCache
[2014/05/19 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\Easeware
[2014/05/19 14:54:45 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\Desktop\gmer
[2014/05/19 14:53:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\ROBERT LIMA\Desktop\dds.scr
[2014/05/15 02:15:33 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\Desktop\casa
[2014/05/11 23:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/28 15:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/26 18:21:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\System Restore
[2014/04/25 23:59:49 | 000,000,000 | ---D | C] -- C:\Users\ROBERT LIMA\AppData\Roaming\FireShot
[2013/06/02 19:02:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ROBERT LIMA\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/25 19:11:14 | 001,765,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/25 19:11:14 | 000,762,618 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2014/05/25 19:11:14 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/25 19:11:14 | 000,154,410 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2014/05/25 19:11:14 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/25 19:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/25 19:06:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/25 19:05:24 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014/05/25 19:05:13 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/05/25 19:05:07 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/25 19:04:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/25 19:04:46 | 3406,655,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/24 02:20:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/23 12:46:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ROBERT LIMA\Desktop\OTL.exe
[2014/05/23 12:45:49 | 001,326,389 | ---- | M] () -- C:\Users\ROBERT LIMA\Desktop\adwcleaner_3.210.exe
[2014/05/23 12:43:45 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\ROBERT LIMA\Desktop\JRT.exe
[2014/05/23 12:35:36 | 000,591,051 | ---- | M] () -- C:\Windows\SysWow64\_q5C84hNuFyw
[2014/05/22 23:54:33 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/21 14:26:22 | 000,051,496 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014/05/21 14:26:19 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/05/19 19:50:03 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2014/05/19 19:45:08 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2014/05/19 19:13:30 | 000,581,632 | -H-- | M] (radio42) -- C:\Users\ROBERT LIMA\Desktop\Bass.Net.dll
[2014/05/19 19:13:30 | 000,105,528 | -H-- | M] (Un4seen Developments) -- C:\Users\ROBERT LIMA\Desktop\Bass.dll
[2014/05/19 18:42:26 | 000,118,260 | ---- | M] () -- C:\Windows\unins000.dat
[2014/05/19 18:42:17 | 000,718,497 | ---- | M] () -- C:\Windows\unins000.exe
[2014/05/19 14:53:15 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\ROBERT LIMA\Desktop\dds.scr
[2014/05/17 14:51:30 | 000,006,406 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_145128.reg
[2014/05/17 14:46:57 | 000,020,140 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_144654.reg
[2014/05/17 13:33:56 | 000,273,125 | ---- | M] () -- C:\Users\ROBERT LIMA\recibo.jpeg
[2014/05/11 23:32:31 | 001,141,899 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\Comprovante endereço.pdf
[2014/05/03 02:42:31 | 000,694,922 | ---- | M] () -- D:\Users\ROBERT LIMA\Documents\TABELA.pdf
[2014/04/26 00:05:35 | 000,116,093 | ---- | M] () -- C:\Users\ROBERT LIMA\Desktop\O AliExpress _ Gestão de pedidos.pdf
 
========== Files Created - No Company Name ==========
 
[2014/05/23 16:02:17 | 000,114,640 | ---- | C] () -- C:\Users\ROBERT LIMA\Desktop\china_2660807b.jpg
[2014/05/23 12:45:43 | 001,326,389 | ---- | C] () -- C:\Users\ROBERT LIMA\Desktop\adwcleaner_3.210.exe
[2014/05/21 14:26:19 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014/05/19 19:50:06 | 000,591,051 | ---- | C] () -- C:\Windows\SysWow64\_q5C84hNuFyw
[2014/05/19 19:45:19 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014/05/19 19:45:16 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/05/19 19:45:08 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2014/05/19 18:42:26 | 000,718,497 | ---- | C] () -- C:\Windows\unins000.exe
[2014/05/19 18:42:26 | 000,118,260 | ---- | C] () -- C:\Windows\unins000.dat
[2014/05/19 18:17:45 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2014/05/17 14:51:29 | 000,006,406 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_145128.reg
[2014/05/17 14:46:56 | 000,020,140 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\cc_20140517_144654.reg
[2014/05/17 13:34:29 | 000,273,125 | ---- | C] () -- C:\Users\ROBERT LIMA\recibo.jpeg
[2014/05/15 02:17:36 | 000,694,922 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\TABELA.pdf
[2014/05/12 01:50:48 | 000,018,989 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\boleto.gif
[2014/05/11 23:32:26 | 001,141,899 | ---- | C] () -- D:\Users\ROBERT LIMA\Documents\Comprovante endereço.pdf
[2014/04/25 23:37:28 | 000,116,093 | ---- | C] () -- C:\Users\ROBERT LIMA\Desktop\O AliExpress _ Gestão de pedidos.pdf
[2014/04/09 11:13:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\TPM.SYS
[2013/09/13 21:41:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/06/06 19:12:35 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/06/04 18:05:40 | 000,000,572 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/06/02 19:23:55 | 000,000,210 | ---- | C] () -- C:\Windows\wininit.ini
[2013/06/02 19:02:09 | 000,099,384 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\inst.exe
[2013/06/02 19:02:09 | 000,007,859 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\pcouffin.cat
[2013/06/02 19:02:09 | 000,001,167 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\pcouffin.inf
[2013/06/02 19:00:06 | 000,001,057 | ---- | C] () -- C:\Users\ROBERT LIMA\AppData\Roaming\vso_ts_preview.xml
[2012/07/26 05:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 05:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 04:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 22:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 17:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 17:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 17:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 17:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 17:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 11:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/04/12 00:58:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/01/26 21:31:25 | 019,752,448 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/01/26 21:52:21 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 00:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 00:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 00:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/20 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Alibaba
[2013/06/03 10:58:02 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\AVG2013
[2014/05/19 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Easeware
[2014/04/25 23:59:49 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\FireShot
[2014/05/21 14:26:22 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Spyware Terminator
[2013/06/03 10:57:31 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\TuneUp Software
[2013/06/02 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Vso
[2013/06/02 18:56:46 | 000,000,000 | ---D | M] -- C:\Users\ROBERT LIMA\AppData\Roaming\Zbshareware Lab
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\ROBERT LIMA\recibo.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esqueceu de me responder a pergunta da Etapa nº1

 

Ah sim...são sites de compras, mas se tiver algum problema de adware ou coisa parecida pode retirar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Rob Asp

 

# Etapa nº 1 #

 

Reinstale o Chrome ;)

 

# Etapa nº 2 #

 

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia

segue abaixo o log do Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data de Verificação: 27/05/2014
Hora da Verificação: 12:06:01
Logfile: Malwarebytes.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.05.27.06
Rootkit Database: v2014.05.21.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 8
CPU: x64
Sistema de Arquivo: NTFS
Usuário: ROBERT LIMA

Tipo da Verificação: Verificação Rápida
Resultado: Completado
Arquivos Verificados: 213354
Tempo Decorrido: 2 min, 47 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Desabilitado
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 1
PUP.Optional.PriceMeter.A, HKU\S-1-5-21-3070796102-1358900160-2401040873-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PriceMeter, Quarantined, [baa82e280378d5614e3d643621e10ef2],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Rob Asp

 

# Etapa nº 1 #
 
Faça o download do Kaspersky AVP Tool de um desses links:
 
Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
Somente o campo "email" é obrigatório.
Informe seu email depois clique no botão Submit Form.
A página será recarregada. Clique no botão Download
Salve-o em sua área de trabalho (Desktop).
Execute o arquivo e aguarde a instalação.
  • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

 
KRT_settings.png
 
Nesta tela, marque a caixa ao lado de:
Meu Computador; 
Disco local (C:);
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
Depois clique na aba Automatic Scan.

 
KRT_install2_.png
 
De volta à tela inicial do programa, clique no botão Start scanning;
Tenha paciência, é um pouco demorado;
Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

 
KRT_detection_.png
 
Uma vez finalizado o scan, proceda da seguinte forma:
Na tela principal, caso tenha sido detectado algo, então salve o log
Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
Escolha um local de fácil acesso e salve como log.txt
Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
Se nada for detectado, então não precisa salvar o log, apenas avise.
Para sair do programa, basta clicar no X no canto superior direito.

 

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

 
# Etapa nº 2 #
 
Faça o download do SecurityCheck e salve em seu Desktop
 
Clique duas vezes no SecurityCheck.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Pressione qualquer tecla para continuar... será aberto um relatório
Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite

 

O Kaspersky AVP Tool não detectou nada. segue abaixo o log do Securitycheck:

 

 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013   
Windows Defender                  
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Terminator 2012   
 Java 7 Update 55  
 Adobe Flash Player     13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Rob Asp

 

>>>> Como está o computador?
 
# Etapa nº 1 #
 
Atualize o Internet Explorer
 
# Etapa nº 2 #
 
Novamente com o OTL
  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Clique no botão 3979150508_cb492f5c9b_o.jpg
  • Aguarde...
  • Quando for pedido para reiniciar clique em OK.

 

 
# Etapa nº 3 #
 
  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.
 
# Etapa nº 4 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
Abra o programa e clique em Executar Limpeza;
clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
 
Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde

 

O computador melhorou bastante, fiz todos os procedimentos acima.

 

Obrigado

:-BEER

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×