Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

Roberto Pinheiro

Membros Plenos
  • Total de itens

    20
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre Roberto Pinheiro

  • Data de Nascimento 21-07-1994

Informações gerais

  • Cidade e Estado
    Juazeiro do Norte, CE
  1. SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 23.01.2018 15:30:38 Path starting: C:\Users\Roberto\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Roberto VersionXML: 4.73s-27.10.2017 ___________________________________________________________________________ Windows 10(6.3.16299) (x64) CoreSingleLanguage Release: 1709 Lang: Portuguese(0416) Installation date OS: 18.01.2018 13:04:17 LicenseStatus: Windows(R), CoreSingleLanguage edition The machine is permanently activated. LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Timebased activation will expire :33394 minutes LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode Boot Mode: Normal Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe) SystemDrive: C: FS: [NTFS] Capacity: [182.6 Gb] Used: [50.2 Gb] Free: [132.4 Gb] ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Avira Antivirus v.15.0.34.17 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes versão 3.3.1.2183 v.3.3.1.2183 --------------------------- [ AdobeProduction ] --------------------------- Adobe Acrobat Reader DC - Português v.18.009.20050 [+] ------------------------------- [ Browser ] ------------------------------- Google Chrome v.63.0.3239.132 [+] --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.63.0.3239.132 ------------------ [ AntivirusFirewallProcessServices ] ------------------- Avira Agendamento (AntiVirSchedulerService) - The service is running C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.34.17 Avira Real-Time Protection (AntiVirService) - The service is running C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.34.17 Avira Mail Protection (AntiVirMailService) - The service has stopped Avira Web Protection (AntiVirWebService) - The service has stopped Avira Service Host (Avira.ServiceHost) - The service has stopped C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe v.1.2.103.26908 Avira System Speedup (SpeedupService) - The service has stopped C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe v.4.5.0.6983 C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.34.17 C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe v.1.2.103.26908 C:\Program Files (x86)\Avira\Antivirus\avgnt.exe v.15.0.34.12 Malwarebytes Service (MBAMService) - The service has stopped C:\Program Files\Windows Defender\MSASCuiL.exe v.4.12.16299.15 Serviço Windows Defender Antivirus (WinDefend) - The service has stopped Serviço de Inspeção de Rede do Windows Defender Antivirus (WdNisSvc) - The service has stopped ----------------------------- [ End of Log ] ------------------------------
  2. SystemLook 30.07.11 by jpshortstuff Log created at 13:41 on 21/01/2018 by Roberto Administrator - Elevation successful ========== filefind ========== Searching for "WNetflix3.zip" No files found. Searching for "WNetflix3.zi" No files found. ========== folderfind ========== Searching for "WNetflix3" No folders found. Searching for "Windows.oldWINDOWS" No folders found. ========== regfind ========== Searching for "WNetflix3" No data found. Searching for "WNetflix3.zip" No data found. Searching for "WNetflix3.zi" No data found. -= EOF =- No prompt de comando não foi identificado problemas, nem travou pra iniciar. Nesse caso, está tudo ok? Há mais alguma recomendação ? Grato.
  3. Não possuo o DVD do Windows 10 O link http://jpshortstuff.247fixes.com/SystemLook_x64.exe não foi encontrado
  4. @Elias Pereira Como o relatório tava grande, eu preferi anexar aqui, tudo bem ? Em relação ao erro no arquivo: Windows\system32\logfiles\Srt\Srttrail.txt quando fui tentar reparar a inicialização, há algo que possa ser feito ? Fiquei com receio de restaurar o sistema mais uma vez e o vírus voltar AVSCAN-20180120-185125-A432D30A.LOG
  5. Acho que não sei fazer isso =\ Mas consegui encontrar isso: Dia 18/01 foi encontrado esse vírus, (após eu ter realizado a restauração do Sistema): O arquivo 'C:\Windows.oldWINDOWS\WNetflix3.zi' continha o padrão de 'TR/Spy.Banker.xuroy' [trojan]. O mesmo foi movido à quarentena e depois excluído. Dia 20/01 foi finalizada a última verificação. Número de arquivos: 4088529, Número de diretórios: 107032, Número de detecções: 0, Número de avisos: 9 Posso ficar tranquilo depois disso ?
  6. ETAPA 1 Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 19/01/18 Hora da análise: 14:15 Arquivo de registro: 53f1cef0-fd3c-11e7-9f7a-40167ea0388e.json Administrador: Sim -Informação do software- Versão: 3.3.1.2183 Versão de componentes: 1.0.262 Versão do pacote de definições: 1.0.3733 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 16299.192) CPU: x64 Sistema de arquivos: NTFS Usuário: ROBERTO\Roberto -Resumo da análise- Tipo de análise: Análise Customizada Resultado: Concluído Objetos verificados: 555972 Ameaças detectadas: 0 (Nenhum item malicioso detectado) Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 9 hr, 15 min, 31 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) (end) ETAPA 2 # AdwCleaner 7.0.7.0 - Logfile created on Sat Jan 20 02:38:52 2018 # Updated on 2018/18/01 by Malwarebytes # Running on Windows 10 Home Single Language (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\Public\Documents\Downloaded Installers ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1004 B] - [2018/1/20 2:35:14] C:/AdwCleaner/AdwCleaner[S1].txt - [1071 B] - [2018/1/20 2:38:15] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Amigo, pelo que entendi, aparentemente o PC estaria limpo nesse primeiro momento, porém, antes de consultar aqui, cheguei a usar o Malwarebytes e o Avira, o Avira detectou o vírus, porém o Malware não. Será que necessita de uma outra pesquisa, ou algum outro programa pra realmente me assegurar de estar livre de infecções ?
  7. ZA-Scan.txt Olá, disponho de um note com Windows 10 e ontem realizei o escaneamento com o Avira que identificou um Trojan na pasta Windows32(salvo engano), como o pc continuava travando mesmo com o arquivo na quarentena, eu o deletei e por defeitos na inicialização, fiz a restauração. Após restaurado, reinstalei o Chrome, CCleaner e Avira, que novamente identificou o Trojan e novamente eu o excluí. Atualmente o PC continua travando, ao tentar solucionar o defeito apareceu erro no arquivo: Windows\system32\logfiles\Srt\Srttrail.txt Além de não saber como solucionar esse problema, ainda não sei se a infecção permanece, já que não consigo finalizar o escaneamento com Avira. Conto com vocês para me socorrerem, estou precisando bastante do Note Ok de volta. Muito obrigado.
  8. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2013.06.16.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Pc :: A84963D044E642F [administrador] Proteção: Permitir 16/6/2013 11:26:18 mbam-log-2013-06-16 (11-26-18).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 210475 Tempo decorrido: 7 minuto(s), 7 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso. Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 1 C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Enviado para a Quarentena e deletado com sucesso. (fim)
  9. É porque quando formatei os pendrives o pc reinfectou. O meu pendrive eu formatei no note(q graças a Deus não foi infectado) como NTFS e bloqueei a pasta raíz criando uma única pasta para salvar os arquivos, pois tinha lido q a maioria dos vírus infectam a pasta raíz. Mas mesmo assim quando coloquei no pc de mesa, essa pasta principal ficou oculta. Vou tentar formatá-los em um computador com Ubuntu. Tava pensando em instalar o Ubuntu para abrir pendrives e limpá-los nele e só então abrir no Windows, o q acha ? É válido, isso ?
  10. Acho q os resultados são estes: All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Folder C:\Documents and Settings\Pc\Menu Iniciar\Programas\DealPly\ not found. C:\Documents and Settings\All Users\Dados de aplicativos\Ask\APN-Stub folder moved successfully. C:\Documents and Settings\All Users\Dados de aplicativos\Ask folder moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: Pc ->Flash cache emptied: 2437 bytes Total Flash Files Cleaned = 0,00 mb Restore point Set: OTL Restore Point [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 83055708 bytes ->Google Chrome cache emptied: 819568 bytes User: Pc ->Temp folder emptied: 1480838 bytes ->Temporary Internet Files folder emptied: 2432628 bytes ->FireFox cache emptied: 84792755 bytes ->Google Chrome cache emptied: 146627002 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2339411 bytes %systemroot%\System32 .tmp files removed: 2969 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49237 bytes RecycleBin emptied: 98479654 bytes Total Files Cleaned = 401,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06132013_132357 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL logfile created on: 14/6/2013 07:56:19 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pc\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1015,48 Mb Total Physical Memory | 169,48 Mb Available Physical Memory | 16,69% Memory free 2,38 Gb Paging File | 1,43 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 149,04 Gb Total Space | 117,23 Gb Free Space | 78,66% Space Free | Partition Type: NTFS Computer Name: A84963D044E642F | User Name: Pc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/11 09:26:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pc\Desktop\OTL.exe PRC - [2013/05/31 11:56:02 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.exe PRC - [2013/05/29 02:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe PRC - [2013/05/12 08:23:35 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013/05/09 05:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe PRC - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe PRC - [2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2013/06/14 07:40:31 | 013,140,872 | ---- | M] () -- C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll MOD - [2013/06/14 04:40:01 | 002,088,448 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\13061401\algo.dll MOD - [2013/06/13 13:50:15 | 002,087,936 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\13061301\algo.dll MOD - [2013/05/29 02:27:38 | 000,393,168 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll MOD - [2013/05/29 02:27:37 | 013,136,336 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll MOD - [2013/05/29 02:27:35 | 004,051,408 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013/05/29 02:26:36 | 001,597,392 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll MOD - [2008/04/13 19:20:34 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013/06/12 20:21:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012/09/05 22:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2007/06/01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Pc\CONFIG~1\Temp\catchme.sys -- (catchme) DRV - [2013/05/18 17:07:53 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utexnjq5.sys -- (utexnjq5) DRV - [2013/05/18 11:40:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/05/09 05:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/05/09 05:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/05/09 05:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/05/09 05:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/05/09 05:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013/04/10 20:32:48 | 000,152,880 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360FileOem.sys -- (360FileOem) DRV - [2013/04/10 20:32:48 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360SpOEM.sys -- (360SpOEM) DRV - [2013/04/10 20:32:48 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\360HookOem.sys -- (360HookOem) DRV - [2013/04/10 20:32:48 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360RegOem.sys -- (360RegOem) DRV - [2013/03/06 20:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012/06/19 05:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2011/12/08 03:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2011/06/15 10:11:20 | 000,036,384 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING) DRV - [2011/06/15 10:11:20 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x) DRV - [2011/06/15 10:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLANMP) DRV - [2011/06/15 10:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN) DRV - [2009/11/17 20:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/17 20:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2013/03/21 09:26:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\showlyrics@superstrsoft.co: C:\Arquivos de programas\Show-Lyrics\FF\ [2013/05/21 08:16:26 | 000,000,000 | ---D | M] [2013/03/21 09:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pc\Dados de aplicativos\Mozilla\Extensions [2013/06/03 09:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pc\Dados de aplicativos\Mozilla\Firefox\Profiles\z5sna14m.default\extensions [2013/03/21 09:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions [2012/09/05 22:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll [2012/09/06 00:10:20 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml [2012/09/06 00:10:20 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml [2013/05/14 11:33:34 | 000,000,778 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\portaldosites.xml [2012/09/06 00:10:20 | 000,002,253 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml [2012/09/06 00:10:20 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml [2012/09/06 00:10:20 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com.br/ CHR - plugin: Shockwave Flash (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U17 (Enabled) = C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Pc\Configura\u00E7\u00F5es locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: Google Docs = C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/06/03 10:00:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Show Lyrics) - {90609D82-77C3-4391-8915-CF5638CF4605} - C:\Arquivos de programas\Show-Lyrics\slyrics.dll (SuperStern Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iTunesHelper] C:\Arquivos de programas\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2EE708-983C-4F34-B775-C36D264C6683}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/03/20 17:41:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/06/13 20:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Application Data [2013/06/13 13:23:57 | 000,000,000 | ---D | C] -- C:\_OTL [2013/06/12 21:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Facebook [2013/06/11 09:28:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pc\Desktop\OTL.exe [2013/06/11 09:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\iTunes [2013/06/11 09:25:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Plugins [2013/06/11 09:25:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunesMiniPlayer.Resources [2013/06/11 09:25:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunesHelper.Resources [2013/06/11 09:24:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunes.Resources [2013/06/11 09:24:42 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iPod [2013/06/11 09:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/06/11 09:24:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CD Configuration [2013/06/09 18:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Menu Iniciar\Programas\Counter-Strike 1.6 [2013/06/07 12:02:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/06/03 09:51:25 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/06/03 09:44:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/06/03 09:44:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/06/03 09:44:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/06/03 09:44:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/06/03 09:43:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/03 09:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/06/03 09:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013/06/03 09:32:05 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/31 11:56:06 | 000,293,192 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesOutlookAddIn.dll [2013/05/31 11:56:02 | 000,152,392 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.exe [2013/05/31 11:56:02 | 000,148,808 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.dll [2013/05/31 11:56:02 | 000,117,576 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesMiniPlayer.dll [2013/05/31 11:56:00 | 000,412,488 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesAdmin.dll [2013/05/31 11:55:58 | 009,789,256 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunes.exe [2013/05/31 11:55:42 | 023,411,528 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunes.dll [2013/05/31 11:55:40 | 000,650,056 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iPodUpdaterExt.dll [2013/05/31 11:55:38 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_dsp.dll [2013/05/31 11:55:38 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_sdkmanager.dll [2013/05/31 11:55:38 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_submit.dll [2013/05/31 11:55:38 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_musicid.dll [2013/05/28 20:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\TuneUp Software [2013/05/28 20:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Dados de aplicativos\TuneUp Software [2013/05/28 20:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software [2013/05/28 20:04:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/05/28 18:33:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pc\Menu Iniciar\Programas\Ferramentas administrativas [2013/05/25 07:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\APN [2013/05/25 07:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\AskToolbar [2013/05/25 07:27:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java [2013/05/25 07:18:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013/05/24 06:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Desktop\Roberto Jr [2013/05/23 17:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Desktop\Adilânia [2013/05/21 08:16:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Show-Lyrics [2013/05/21 06:52:59 | 000,000,000 | ---D | C] -- C:\Temp [2013/05/18 16:48:07 | 000,000,000 | ---D | C] -- C:\eec3f82cf185c4d37913cb9fa127dd [2013/05/18 07:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Meus documentos\Projetos [2013/05/17 21:45:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/05/17 21:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Dados de aplicativos\Malwarebytes [2013/05/17 21:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [2013/05/17 11:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG [2013/05/17 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2013/05/17 07:32:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 4.0 [2013/05/16 11:48:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2013/05/16 11:46:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2013/04/08 03:31:30 | 000,112,968 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\ITDetector.ocx ========== Files - Modified Within 30 Days ========== [2013/06/14 07:29:23 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/06/14 07:21:20 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/06/14 07:19:37 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/06/14 07:16:21 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\Show Lyrics Update.job [2013/06/14 07:15:39 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/06/14 07:15:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/06/13 20:50:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/06/13 18:46:04 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-854245398-162531612-842925246-1003UA.job [2013/06/12 21:46:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-854245398-162531612-842925246-1003Core.job [2013/06/12 15:25:57 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/06/11 09:26:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pc\Desktop\OTL.exe [2013/06/11 09:26:04 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/06/11 08:19:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/06/09 18:07:38 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\Counter-Strike 1.6.lnk [2013/06/09 12:10:27 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Pc\Meus documentos\spider.sav [2013/06/07 08:16:49 | 000,289,437 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\edital contrato temporrio 20.02.2013 (6).pdf [2013/06/06 10:01:15 | 000,153,626 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A BOLETO.pdf [2013/06/06 10:00:55 | 000,101,764 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A.pdf [2013/06/05 15:34:22 | 000,002,117 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/06/03 20:11:26 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/03 10:00:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/06/03 09:51:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/06/02 00:04:48 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\adwcleaner.exe [2013/05/31 11:55:38 | 003,008,536 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_dsp.dll [2013/05/31 11:55:38 | 000,776,216 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_sdkmanager.dll [2013/05/31 11:55:38 | 000,262,680 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_submit.dll [2013/05/31 11:55:38 | 000,219,672 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_musicid.dll [2013/05/28 19:57:09 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\PhotoScape.lnk [2013/05/27 12:32:52 | 001,695,683 | ---- | M] () -- C:\Documents and Settings\Pc\Meus documentos\Transmissão de Energia - R Pinheiro.rar [2013/05/25 07:20:03 | 000,446,266 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2013/05/25 07:20:03 | 000,408,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/05/25 07:20:03 | 000,065,392 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2013/05/25 07:20:03 | 000,055,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/05/24 05:49:59 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog [2013/05/18 17:07:53 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utexnjq5.sys [2013/05/18 11:55:28 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Pc\Dados de aplicativos\mbam.context.scan [2013/05/18 11:40:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/05/17 11:20:19 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/06/12 21:41:06 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-854245398-162531612-842925246-1003UA.job [2013/06/12 21:41:06 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-854245398-162531612-842925246-1003Core.job [2013/06/11 09:26:04 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/06/09 18:07:38 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\Counter-Strike 1.6.lnk [2013/06/07 08:16:48 | 000,289,437 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\edital contrato temporrio 20.02.2013 (6).pdf [2013/06/06 10:01:15 | 000,153,626 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A BOLETO.pdf [2013/06/06 10:00:55 | 000,101,764 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A.pdf [2013/06/03 09:51:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013/06/03 09:51:26 | 000,261,856 | RHS- | C] () -- C:\cmldr [2013/06/03 09:44:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/06/03 09:44:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/06/03 09:44:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/06/03 09:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/06/03 09:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/06/03 09:34:07 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\adwcleaner.exe [2013/05/27 12:32:51 | 001,695,683 | ---- | C] () -- C:\Documents and Settings\Pc\Meus documentos\Transmissão de Energia - R Pinheiro.rar [2013/05/21 08:16:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\Show Lyrics Update.job [2013/05/18 17:07:48 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utexnjq5.sys [2013/05/18 11:38:43 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Pc\Dados de aplicativos\mbam.context.scan [2013/05/16 11:54:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013/05/16 11:54:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2013/05/16 11:48:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013/04/21 13:38:46 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Pc\default.pls [2013/04/21 13:38:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2013/04/12 05:51:39 | 000,003,784 | ---- | C] () -- C:\WINDOWS\System32\PsClikSeguro.ini [2013/04/12 05:51:39 | 000,002,152 | ---- | C] () -- C:\WINDOWS\System32\PsClikSeguroOff.ini [2013/04/08 03:31:26 | 000,122,375 | ---- | C] () -- C:\Arquivos de programas\Acknowledgements.rtf [2013/03/27 09:46:21 | 000,000,148 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2013/03/27 09:41:45 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL [2013/03/27 09:41:45 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\NMCLN.EXE [2013/03/27 09:37:43 | 000,903,168 | ---- | C] () -- C:\WINDOWS\System32\mitmdl30.dll [2013/03/27 09:37:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [2013/03/27 09:37:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2013/03/27 09:37:42 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [2013/03/27 09:37:42 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [2013/03/27 09:37:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2013/03/27 09:37:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [2013/03/27 09:37:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [2013/03/27 09:37:42 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2013/03/27 09:37:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2013/03/27 09:37:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [2013/03/27 09:37:42 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2013/03/27 09:37:42 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2013/03/27 09:37:42 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2013/03/27 09:37:42 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [2013/03/26 08:37:42 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2013/03/24 10:50:15 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/03/21 09:39:05 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/21 09:39:04 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/03/21 09:22:17 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2013/03/21 09:22:14 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2013/03/21 09:22:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2013/03/21 09:22:14 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2013/03/21 09:10:26 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2013/03/21 09:04:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2013/03/20 17:44:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013/03/20 17:38:42 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2013/03/20 14:33:03 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2013/03/20 14:31:56 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:20:42 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/06/11 09:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/03/21 09:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software [2013/05/14 11:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG [2013/04/04 18:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon [2013/05/14 11:43:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files [2013/06/03 08:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\eSafe [2013/04/29 03:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe [2013/05/28 20:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer [2013/05/28 20:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software [2013/05/28 20:04:37 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/05/14 11:43:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013/05/14 11:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\AVG [2013/04/04 18:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\DSite [2013/05/29 08:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\eIntaller [2013/04/28 21:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\GetRightToGo [2013/04/04 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\Mipony Download Manager Packages [2013/05/28 20:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\PhotoScape [2013/04/12 05:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\PSafe [2013/05/02 17:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\Rovio [2013/05/28 20:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\TuneUp Software [2013/04/04 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\Unity [2013/05/13 08:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pc\Dados de aplicativos\Zip Opener Packages ========== Purity Check ========== < End of report >
  11. Diego, uma dúvida é quanto aos pendrives que estão infectados, porque acho q quase todos estão... E outro detalhe, parece q o meu note não foi infectado, mesmo o pendrive estando infectado ele não lançou o vírus de novo quando eu o formatei.
  12. Cara, uma coisa curiosa aconteceu, as mensagens do AVAST pararam de aparecer, será q essa infecção em particular do início do post já foi ? OTL.txt: OTL logfile created on: 11/6/2013 09:29:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pc\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1015,48 Mb Total Physical Memory | 360,80 Mb Available Physical Memory | 35,53% Memory free 2,38 Gb Paging File | 1,84 Gb Available in Paging File | 77,16% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 149,04 Gb Total Space | 117,90 Gb Free Space | 79,11% Space Free | Partition Type: NTFS Computer Name: A84963D044E642F | User Name: Pc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/11 09:26:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pc\Desktop\OTL.exe PRC - [2013/05/31 11:56:02 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.exe PRC - [2013/05/29 02:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe PRC - [2013/05/12 08:23:35 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013/05/09 05:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe PRC - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe PRC - [2013/03/12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe PRC - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2013/06/10 15:17:39 | 002,087,936 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\13061002\algo.dll MOD - [2013/06/10 06:25:38 | 002,087,936 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\13061001\algo.dll MOD - [2013/05/29 02:27:38 | 000,393,168 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll MOD - [2013/05/29 02:27:37 | 013,136,336 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll MOD - [2013/05/29 02:27:35 | 004,051,408 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013/05/29 02:26:36 | 001,597,392 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll MOD - [2012/02/17 20:55:36 | 000,166,912 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll MOD - [2008/04/13 19:20:34 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013/05/15 10:25:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/12/21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012/09/05 22:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2007/06/01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Pc\CONFIG~1\Temp\catchme.sys -- (catchme) DRV - [2013/05/18 17:07:53 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utexnjq5.sys -- (utexnjq5) DRV - [2013/05/18 11:40:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/05/09 05:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/05/09 05:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/05/09 05:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/05/09 05:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/05/09 05:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013/04/10 20:32:48 | 000,152,880 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360FileOem.sys -- (360FileOem) DRV - [2013/04/10 20:32:48 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360SpOEM.sys -- (360SpOEM) DRV - [2013/04/10 20:32:48 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\360HookOem.sys -- (360HookOem) DRV - [2013/04/10 20:32:48 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360RegOem.sys -- (360RegOem) DRV - [2013/03/06 20:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012/06/19 05:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2011/12/08 03:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2011/06/15 10:11:20 | 000,036,384 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING) DRV - [2011/06/15 10:11:20 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x) DRV - [2011/06/15 10:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLANMP) DRV - [2011/06/15 10:11:20 | 000,017,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN) DRV - [2009/11/17 20:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/17 20:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2013/03/21 09:26:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\showlyrics@superstrsoft.co: C:\Arquivos de programas\Show-Lyrics\FF\ [2013/05/21 08:16:26 | 000,000,000 | ---D | M] [2013/03/21 09:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pc\Dados de aplicativos\Mozilla\Extensions [2013/06/03 09:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pc\Dados de aplicativos\Mozilla\Firefox\Profiles\z5sna14m.default\extensions [2013/03/21 09:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions [2012/09/05 22:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll [2012/09/06 00:10:20 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml [2012/09/06 00:10:20 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml [2013/05/14 11:33:34 | 000,000,778 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\portaldosites.xml [2012/09/06 00:10:20 | 000,002,253 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml [2012/09/06 00:10:20 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml [2012/09/06 00:10:20 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://start.gamehitzone.com/?utm_source=AutocrossTruckRacing&utm_medium=start O1 HOSTS File: ([2013/06/03 10:00:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Show Lyrics) - {90609D82-77C3-4391-8915-CF5638CF4605} - C:\Arquivos de programas\Show-Lyrics\slyrics.dll (SuperStern Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iTunesHelper] C:\Arquivos de programas\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Oracle Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2EE708-983C-4F34-B775-C36D264C6683}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/03/20 17:41:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus estender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus estender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus estender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus estender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Arquivos de programas\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2013/06/11 09:28:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pc\Desktop\OTL.exe [2013/06/11 09:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\iTunes [2013/06/11 09:25:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Plugins [2013/06/11 09:25:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunesMiniPlayer.Resources [2013/06/11 09:25:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunesHelper.Resources [2013/06/11 09:24:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunes.Resources [2013/06/11 09:24:42 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iPod [2013/06/11 09:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/06/11 09:24:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CD Configuration [2013/06/11 09:20:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/06/10 13:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Desktop\Nova pasta [2013/06/09 18:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Menu Iniciar\Programas\Counter-Strike 1.6 [2013/06/07 12:02:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/06/03 09:51:25 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/06/03 09:44:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/06/03 09:44:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/06/03 09:44:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/06/03 09:44:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/06/03 09:43:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/03 09:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/06/03 09:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013/06/03 09:32:05 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/31 11:56:06 | 000,293,192 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesOutlookAddIn.dll [2013/05/31 11:56:02 | 000,152,392 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.exe [2013/05/31 11:56:02 | 000,148,808 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.dll [2013/05/31 11:56:02 | 000,117,576 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesMiniPlayer.dll [2013/05/31 11:56:00 | 000,412,488 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunesAdmin.dll [2013/05/31 11:55:58 | 009,789,256 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunes.exe [2013/05/31 11:55:42 | 023,411,528 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iTunes.dll [2013/05/31 11:55:40 | 000,650,056 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\iPodUpdaterExt.dll [2013/05/31 11:55:38 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_dsp.dll [2013/05/31 11:55:38 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_sdkmanager.dll [2013/05/31 11:55:38 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_submit.dll [2013/05/31 11:55:38 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_musicid.dll [2013/05/28 20:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\TuneUp Software [2013/05/28 20:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Dados de aplicativos\TuneUp Software [2013/05/28 20:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software [2013/05/28 20:04:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/05/28 19:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Menu Iniciar\Programas\DealPly [2013/05/28 18:33:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pc\Menu Iniciar\Programas\Ferramentas administrativas [2013/05/25 07:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ask [2013/05/25 07:27:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java [2013/05/25 07:21:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/05/25 07:21:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/05/25 07:21:53 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/05/25 07:18:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013/05/24 06:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Desktop\Roberto Jr [2013/05/23 17:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Desktop\Adilânia [2013/05/21 08:16:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Show-Lyrics [2013/05/21 06:52:59 | 000,000,000 | ---D | C] -- C:\Temp [2013/05/18 16:48:07 | 000,000,000 | ---D | C] -- C:\eec3f82cf185c4d37913cb9fa127dd [2013/05/18 07:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Meus documentos\Projetos [2013/05/17 21:45:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/05/17 21:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Dados de aplicativos\Malwarebytes [2013/05/17 21:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [2013/05/17 11:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG [2013/05/17 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2013/05/17 07:32:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 4.0 [2013/05/16 12:35:08 | 000,272,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2013/05/16 12:33:45 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2013/05/16 12:33:30 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2013/05/16 12:33:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2013/05/16 12:33:26 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2013/05/16 12:33:24 | 011,112,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2013/05/16 12:33:24 | 002,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2013/05/16 12:33:23 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2013/05/16 12:24:35 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013/05/16 11:54:54 | 002,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2013/05/16 11:54:54 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2013/05/16 11:54:53 | 002,032,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2013/05/16 11:54:52 | 002,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2013/05/16 11:48:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2013/05/16 11:48:20 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2013/05/16 11:46:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2013/05/15 17:44:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll [2013/05/15 17:41:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll [2013/05/15 17:41:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll [2013/05/14 12:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2013/05/14 11:50:01 | 000,000,000 | -HSD | C] -- C:\Arquivos de programas\5658 [2013/05/14 11:50:01 | 000,000,000 | ---D | C] -- C:\48193 [2013/05/14 11:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Dados de aplicativos\AVG [2013/05/14 11:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG [2013/05/14 11:43:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013/05/14 11:43:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files [2013/05/14 11:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\eSafe [2013/05/14 11:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Dados de aplicativos\eIntaller [2013/05/13 20:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Drive [2013/05/13 15:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\avast! Free Antivirus [2013/05/13 08:17:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly [2013/05/13 08:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2013/05/13 08:15:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft.NET [2013/05/13 08:15:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2013/05/13 08:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Dados de aplicativos\Zip Opener Packages [2013/05/12 18:16:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Counter-Strike 1.6 [2013/05/12 18:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pc\Desktop\cs 1.6 [2013/04/08 03:31:30 | 000,112,968 | ---- | C] (Apple Inc.) -- C:\Arquivos de programas\ITDetector.ocx [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/11 09:28:00 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/06/11 09:26:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pc\Desktop\OTL.exe [2013/06/11 09:26:04 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/06/11 09:19:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/06/11 08:36:05 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\Show Lyrics Update.job [2013/06/11 08:28:00 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/06/11 08:19:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/06/11 06:25:56 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/06/11 06:25:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/06/10 09:08:41 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/06/09 18:07:38 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\Counter-Strike 1.6.lnk [2013/06/09 12:10:27 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Pc\Meus documentos\spider.sav [2013/06/07 08:16:49 | 000,289,437 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\edital contrato temporrio 20.02.2013 (6).pdf [2013/06/06 10:01:15 | 000,153,626 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A BOLETO.pdf [2013/06/06 10:00:55 | 000,101,764 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A.pdf [2013/06/05 15:34:22 | 000,002,117 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/06/03 10:00:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/06/03 09:51:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/06/02 00:04:48 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\adwcleaner.exe [2013/05/31 11:56:06 | 000,293,192 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunesOutlookAddIn.dll [2013/05/31 11:56:02 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.exe [2013/05/31 11:56:02 | 000,148,808 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunesHelper.dll [2013/05/31 11:56:02 | 000,117,576 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunesMiniPlayer.dll [2013/05/31 11:56:00 | 000,412,488 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunesAdmin.dll [2013/05/31 11:55:58 | 009,789,256 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunes.exe [2013/05/31 11:55:42 | 023,411,528 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iTunes.dll [2013/05/31 11:55:40 | 000,650,056 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iPodUpdaterExt.dll [2013/05/31 11:55:38 | 003,008,536 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_dsp.dll [2013/05/31 11:55:38 | 000,776,216 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_sdkmanager.dll [2013/05/31 11:55:38 | 000,262,680 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_submit.dll [2013/05/31 11:55:38 | 000,219,672 | ---- | M] (Gracenote, Inc.) -- C:\Arquivos de programas\gnsdk_musicid.dll [2013/05/28 19:57:09 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Pc\Desktop\PhotoScape.lnk [2013/05/27 12:32:52 | 001,695,683 | ---- | M] () -- C:\Documents and Settings\Pc\Meus documentos\Transmissão de Energia - R Pinheiro.rar [2013/05/25 07:20:03 | 000,446,266 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2013/05/25 07:20:03 | 000,408,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/05/25 07:20:03 | 000,065,392 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2013/05/25 07:20:03 | 000,055,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/05/24 05:53:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/05/24 05:49:59 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog [2013/05/18 17:07:53 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utexnjq5.sys [2013/05/18 11:55:28 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Pc\Dados de aplicativos\mbam.context.scan [2013/05/18 11:40:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/05/17 11:20:19 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/05/15 10:25:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/05/15 10:25:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/05/14 11:49:40 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Pc\default.pls [2013/05/14 11:33:50 | 000,001,012 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013/05/13 15:44:46 | 000,002,969 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/05/13 15:38:16 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/11 09:26:04 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/06/09 18:07:38 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\Counter-Strike 1.6.lnk [2013/06/07 08:16:48 | 000,289,437 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\edital contrato temporrio 20.02.2013 (6).pdf [2013/06/06 10:01:15 | 000,153,626 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A BOLETO.pdf [2013/06/06 10:00:55 | 000,101,764 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\Banco Itaú S_A.pdf [2013/06/03 09:51:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013/06/03 09:51:26 | 000,261,856 | RHS- | C] () -- C:\cmldr [2013/06/03 09:44:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/06/03 09:44:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/06/03 09:44:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/06/03 09:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/06/03 09:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/06/03 09:34:07 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Pc\Desktop\adwcleaner.exe [2013/05/27 12:32:51 | 001,695,683 | ---- | C] () -- C:\Documents and Settings\Pc\Meus documentos\Transmissão de Energia - R Pinheiro.rar [2013/05/21 08:16:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\Show Lyrics Update.job [2013/05/18 17:07:48 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utexnjq5.sys [2013/05/18 11:38:43 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Pc\Dados de aplicativos\mbam.context.scan [2013/05/16 11:54:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013/05/16 11:54:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2013/05/16 11:48:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013/05/13 15:38:16 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2013/05/13 08:44:00 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog [2013/04/21 13:38:46 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Pc\default.pls [2013/04/21 13:38:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2013/04/12 05:51:39 | 000,003,784 | ---- | C] () -- C:\WINDOWS\System32\PsClikSeguro.ini [2013/04/12 05:51:39 | 000,002,152 | ---- | C] () -- C:\WINDOWS\System32\PsClikSeguroOff.ini [2013/04/08 03:31:26 | 000,122,375 | ---- | C] () -- C:\Arquivos de programas\Acknowledgements.rtf [2013/03/27 09:46:21 | 000,000,148 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2013/03/27 09:41:45 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL [2013/03/27 09:41:45 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\NMCLN.EXE [2013/03/27 09:37:43 | 000,903,168 | ---- | C] () -- C:\WINDOWS\System32\mitmdl30.dll [2013/03/27 09:37:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [2013/03/27 09:37:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2013/03/27 09:37:42 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [2013/03/27 09:37:42 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [2013/03/27 09:37:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2013/03/27 09:37:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [2013/03/27 09:37:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [2013/03/27 09:37:42 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2013/03/27 09:37:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2013/03/27 09:37:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [2013/03/27 09:37:42 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2013/03/27 09:37:42 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2013/03/27 09:37:42 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2013/03/27 09:37:42 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [2013/03/26 08:37:42 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2013/03/21 09:39:05 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/21 09:39:04 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/03/21 09:22:17 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2013/03/21 09:22:14 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2013/03/21 09:22:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2013/03/21 09:22:14 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2013/03/21 09:10:26 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2013/03/21 09:04:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2013/03/20 17:44:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013/03/20 17:38:42 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2013/03/20 14:33:03 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2013/03/20 14:31:56 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:20:42 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:20:42 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < MD5 for: ATAPI.SYS > [2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\erdnt\cache\eventlog.dll [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\erdnt\cache\netlogon.dll [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\erdnt\cache\scecli.dll [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll < End of report > Extras.txt: OTL Extras logfile created on: 11/6/2013 09:29:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pc\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1015,48 Mb Total Physical Memory | 360,80 Mb Available Physical Memory | 35,53% Memory free 2,38 Gb Paging File | 1,84 Gb Available in Paging File | 77,16% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 149,04 Gb Total Space | 117,90 Gb Free Space | 79,11% Space Free | Partition Type: NTFS Computer Name: A84963D044E642F | User Name: Pc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "FirewallDisableNotify" = 1 "AntiVirusDisableNotify" = 1 "FirewallOverride" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" = C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Serviço do Bonjour -- (Apple Inc.) "C:\Arquivos de programas\Counter-Strike 1.6\hl.exe" = C:\Arquivos de programas\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Arquivos de programas\iTunes.exe" = C:\Arquivos de programas\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D637670-BC00-4FAC-8E00-518EB7F65091}" = Angry Birds Rio "{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Suporte para Aplicativos Apple "{66EBD70F-A42C-475F-AEDF-277378151046}" = Nero 7 Essentials "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{91FD3E1D-FE00-4ECB-8379-204704812A9D}" = Crystal10 "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CEEF7B2C-FE9A-492D-820B-EBCAB0927D3D}" = Release OrCAD 10.3 "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "aTube Catcher" = aTube Catcher "avast" = avast! Free Antivirus "CCleaner" = CCleaner "Counter-Strike 1.6" = Counter-Strike 1.6 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.1.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) "MiPony" = MiPony 2.0.2 "Mozilla Firefox 15.0.1 (x86 pt-BR)" = Mozilla Firefox 15.0.1 (x86 pt-BR) "MozillaMaintenanceService" = Mozilla Maintenance Service "PhotoScape" = PhotoScape "showlyrics@superstrsoft.co" = Show Lyrics "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dealply" = Dealply "Mipony Download Manager Packages" = Mipony Download Manager Packages "UnityWebPlayer" = Unity Web Player "Zip Opener Packages" = Zip Opener Packages ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/4/2013 22:41:34 | Computer Name = A84963D044E642F | Source = Chrome | ID = 1 Description = Error - 28/4/2013 20:48:17 | Computer Name = A84963D044E642F | Source = Chrome | ID = 1 Description = Error - 11/5/2013 08:30:13 | Computer Name = A84963D044E642F | Source = Chrome | ID = 1 Description = Error - 3/6/2013 08:57:35 | Computer Name = A84963D044E642F | Source = crypt32 | ID = 131080 Description = Falha na recuperação de atualização automática do número de seqüência de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> com erro: A connection with the server could not be established [ System Events ] Error - 31/5/2013 14:51:50 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Yontoo Desktop Updater devido ao seguinte erro: %%1053 Error - 1/6/2013 10:19:26 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço Yontoo Desktop Updater se conecte. Error - 1/6/2013 10:19:26 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Yontoo Desktop Updater devido ao seguinte erro: %%1053 Error - 2/6/2013 09:23:56 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço Yontoo Desktop Updater se conecte. Error - 2/6/2013 09:23:56 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Yontoo Desktop Updater devido ao seguinte erro: %%1053 Error - 2/6/2013 13:54:08 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço Yontoo Desktop Updater se conecte. Error - 2/6/2013 13:54:08 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Yontoo Desktop Updater devido ao seguinte erro: %%1053 Error - 2/6/2013 18:19:16 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço Yontoo Desktop Updater se conecte. Error - 2/6/2013 18:19:16 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Yontoo Desktop Updater devido ao seguinte erro: %%1053 Error - 3/6/2013 08:43:45 | Computer Name = A84963D044E642F | Source = Service Control Manager | ID = 7034 Description = O serviço eSafe Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). < End of report >
  13. Pronto Diego, fiz o q você me passou. Aqui o do JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Microsoft Windows XP x86 Ran by Pc on seg 03/06/2013 at 9:32:17,51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] yontoo desktop updater Successfully deleted: [service] yontoo desktop updater ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yontoo desktop Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-854245398-162531612-842925246-1003\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\dealply Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltadskbnd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltadskbnd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{11EDA296-C7B8-439F-884C-79055EBED76A} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Successfully deleted: [Registry Key] "hkey_current_user\software\apn" Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Pc\Dados de aplicativos\babylon" Successfully deleted: [Folder] "C:\Documents and Settings\Pc\Dados de aplicativos\dealply" Successfully deleted: [Folder] "C:\Documents and Settings\Pc\Dados de aplicativos\delta" Successfully deleted: [Folder] "C:\Documents and Settings\Pc\Dados de aplicativos\opencandy" Successfully deleted: [Folder] "C:\Documents and Settings\Pc\Dados de aplicativos\yontoo" Successfully deleted: [Folder] "C:\Arquivos de programas\baidu" Successfully deleted: [Folder] "C:\Arquivos de programas\dealply" Successfully deleted: [Folder] "C:\Arquivos de programas\iminent" Successfully deleted: [Folder] "C:\Arquivos de programas\yontoo" Successfully deleted: [Folder] "C:\Arquivos de programas\ask.com" Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ FireFox Successfully deleted: [File] "C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] "C:\Arquivos de programas\Mozilla Firefox\searchplugins\v9.xml" Successfully deleted: [File] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\user.js Successfully deleted: [File] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\searchplugins\askcom.xml Successfully deleted: [File] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\searchplugins\babylon.xml Successfully deleted: [File] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\searchplugins\browserprotect.xml Successfully deleted: [File] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\searchplugins\delta.xml Successfully deleted: [Folder] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\extensions\ffxtlbr@delta.com Successfully deleted: [Folder] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\extensions\plugin@yontoo.com Successfully deleted: [Folder] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\extensions\staged Successfully deleted: [Folder] C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\extensions\toolbar@ask.com Successfully deleted the following from C:\Documents and Settings\Pc\Dados de aplicativos\mozilla\firefox\profiles\z5sna14m.default\prefs.js user_pref("avg.install.userHPSettings", "hxxp://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntrId=2032001FD0F19B51"); user_pref("avg.install.userSPSettings", "Delta Search"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("extensions.asktb.abar-war-regex", "conduit\\.com"); user_pref("extensions.asktb.autofill-competitor-query-enabled", true); user_pref("extensions.asktb.cbid", "^U3"); user_pref("extensions.asktb.config-updated", false); user_pref("extensions.asktb.crumb", "2013.05.25+18.59.30-toolbar012iad-BR-Rm9ydGFsZXphLEJyYXppbA%3D%3D"); user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar"); user_pref("extensions.asktb.displaybehavior", ""); user_pref("extensions.asktb.displaytext", ""); user_pref("extensions.asktb.dtid", "^YYYYYY^YY^BR"); user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BRXX0093"); user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("extensions.asktb.ff19-config-first-run", "true"); user_pref("extensions.asktb.first-launch-url", "hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013"); user_pref("extensions.asktb.fresh-install", false); user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp user_pref("extensions.asktb.keyword-toggled-in-session", true); user_pref("extensions.asktb.l", "dis"); user_pref("extensions.asktb.last-config-req", "1369533580341"); user_pref("extensions.asktb.locale", "pt_BR"); user_pref("extensions.asktb.location", "Fortaleza,Brazil"); user_pref("extensions.asktb.lstation", ""); user_pref("extensions.asktb.new-tab-opt-out", true); user_pref("extensions.asktb.news-native-on", true); user_pref("extensions.asktb.o", "100000027"); user_pref("extensions.asktb.overlay-reloaded-using-restart", true); user_pref("extensions.asktb.pstate", ""); user_pref("extensions.asktb.qsrc", "2871"); user_pref("extensions.asktb.r", "20"); user_pref("extensions.asktb.search-suggestions-enabled", true); user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); user_pref("extensions.asktb.slwo", "1"); user_pref("extensions.asktb.socialmini-first", true); user_pref("extensions.asktb.socialmini-interval", "1200000"); user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); user_pref("extensions.asktb.socialmini-max-items", "30"); user_pref("extensions.asktb.socialmini-native-on", true); user_pref("extensions.asktb.socialmini-speed", "10000"); user_pref("extensions.asktb.socialmini-transition-first-open", false); user_pref("extensions.asktb.to", ""); user_pref("extensions.asktb.v", "3.15.23.100013"); user_pref("extensions.asktb.volume", ""); user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar"); user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01"); user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000"); user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000"); user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11"); user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02"); user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0"); user_pref("browser.startup.homepage", "hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1369828108"); user_pref("browser.search.defaultenginename", "v9"); user_pref("browser.search.order.1", "v9"); user_pref("browser.search.selectedEngine", "v9"); ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on seg 03/06/2013 at 9:38:11,34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ O do AdwCleaner, só coloquei para verificar e ele não encontrou nada pelo q eu acho: # AdwCleaner v2.301 - Relatório criado em 03/06/2013 às 10:59:24 # Atualizado em 16/05/2013 por Xplode # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits) # Usuário : Pc - A84963D044E642F # Modo de Boot : Normal # Executado de : C:\Documents and Settings\Pc\Desktop\adwcleaner.exe # Opção [Verificar] ***** [serviços] ***** Encontrado : eSafeSvc ***** [Arquivos/Pastas] ***** Arquivo Infected : C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013) Arquivo Infected : C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013) Arquivo Infected : C:\Documents and Settings\Pc\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013) Arquivo Infected : C:\Documents and Settings\Pc\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013) Arquivo Infected : C:\Documents and Settings\Pc\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013) Arquivo Infected : C:\Documents and Settings\Pc\Menu Iniciar\Programas\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013) Arquivo Infected : C:\Documents and Settings\Pc\Menu Iniciar\Programas\Internet Explorer.lnk ( arg. : hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013) Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Ask Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\eSafe Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer Pasta Encontrado : C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\APN Pasta Encontrado : C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\AskToolbar Pasta Encontrado : C:\Documents and Settings\Pc\Dados de aplicativos\eIntaller Pasta Encontrado : C:\Documents and Settings\Pc\Menu Iniciar\Programas\DealPly ***** [Registro] ***** Chave Encontrada : HKCU\Software\596dddbe138bf12 Chave Encontrada : HKCU\Software\DataMngr_Toolbar Chave Encontrada : HKCU\Software\Delta Chave Encontrada : HKCU\Software\delta LTD Chave Encontrada : HKCU\Software\InstallCore Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Chave Encontrada : HKLM\SOFTWARE\596dddbe138bf12 Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Chave Encontrada : HKLM\Software\Delta Chave Encontrada : HKLM\Software\Desksvc Chave Encontrada : HKLM\Software\eSafeSecControl Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Chave Encontrada : HKLM\Software\portaldositesSoftware Chave Encontrada : HKLM\Software\V9 Dados Encontrada : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Arquivos de programas\Mozilla Firefox\firefox.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1368542013 ***** [Navegadores] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registro está limpo. -\\ Mozilla Firefox v15.0.1 (pt-BR) Arquivo : C:\Documents and Settings\Pc\Dados de aplicativos\Mozilla\Firefox\Profiles\z5sna14m.default\prefs.js [OK] Arquivo está limpo. -\\ Google Chrome v27.0.1453.94 Arquivo : C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences [OK] Arquivo está limpo. Arquivo : C:\Documents and Settings\Pc\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences Encontrada [l.7877] : urls_to_restore_on_startup = [ "hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=SAMSUNGXHD161HJ_S15LJ50QC02081&ts=1369828108" ] ************************* AdwCleaner[R1].txt - [47184 octets] - [17/05/2013 21:08:12] AdwCleaner[R2].txt - [17120 octets] - [03/06/2013 09:40:20] AdwCleaner[R3].txt - [14786 octets] - [03/06/2013 10:59:24] ########## EOF - C:\AdwCleaner[R3].txt - [14847 octets] ########## E o Relatório do ComboFix ComboFix 13-06-01.01 - Pc 03/06/2013 9:53.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.570 [GMT -3:00] Executando de: c:\documents and settings\Pc\Meus documentos\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\arquivos de programas\Show-Lyrics\slYRics.dll c:\documents and settings\Pc\Dados de aplicativos\495 c:\documents and settings\Pc\Dados de aplicativos\495\5f.js c:\windows\system32\SET1A1D.tmp c:\windows\system32\SET1A30.tmp c:\windows\system32\winnt c:\windows\system32\winnt\atl.dll . . (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-03 to 2013-06-03 )))))))))))))))))))))))))))) . . 2013-06-03 12:32 . 2013-06-03 12:32 -------- d-----w- c:\windows\ERUNT 2013-06-03 12:32 . 2013-06-03 12:32 -------- d-----w- C:\JRT 2013-05-28 23:10 . 2013-05-28 23:10 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\TuneUp Software 2013-05-28 23:06 . 2013-05-28 23:06 -------- d-----w- c:\documents and settings\Pc\Dados de aplicativos\TuneUp Software 2013-05-28 23:04 . 2013-05-28 23:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software 2013-05-28 23:04 . 2013-05-28 23:04 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-05-25 10:39 . 2013-05-25 10:39 -------- d-----w- c:\documents and settings\Pc\Configurações locais\Dados de aplicativos\APN 2013-05-25 10:39 . 2013-05-25 10:39 -------- d-----w- c:\documents and settings\Pc\Configurações locais\Dados de aplicativos\AskToolbar 2013-05-25 10:28 . 2013-05-25 10:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ask 2013-05-25 10:27 . 2013-05-25 10:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2013-05-25 10:21 . 2013-04-04 08:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-25 10:18 . 2013-05-25 10:18 -------- d-----w- c:\windows\Sun 2013-05-21 11:16 . 2013-06-03 12:59 -------- d-----w- c:\arquivos de programas\Show-Lyrics 2013-05-21 09:52 . 2013-05-21 09:52 -------- d-----w- C:\Temp 2013-05-18 20:07 . 2013-05-18 20:07 7168 ----a-w- c:\windows\system32\drivers\utexnjq5.sys 2013-05-18 19:48 . 2013-05-18 19:48 -------- d-----w- C:\eec3f82cf185c4d37913cb9fa127dd 2013-05-18 00:45 . 2013-05-18 14:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-05-18 00:45 . 2013-05-18 00:45 -------- d-----w- c:\documents and settings\Pc\Dados de aplicativos\Malwarebytes 2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2013-05-17 14:46 . 2013-05-17 14:46 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\AVG 2013-05-17 14:21 . 2013-05-17 14:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2013-05-17 10:32 . 2013-05-17 11:10 -------- d-----w- c:\windows\ie8updates 2013-05-17 10:32 . 2013-05-17 10:32 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2013-05-16 15:35 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-05-16 15:35 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2013-05-16 15:33 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-05-16 15:33 . 2013-04-16 22:26 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-05-16 15:33 . 2013-04-16 22:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-05-16 15:33 . 2013-04-16 22:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-05-16 15:33 . 2013-04-16 22:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-05-16 15:33 . 2013-04-16 22:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-05-16 15:33 . 2013-04-16 22:26 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-05-16 15:33 . 2013-04-16 22:26 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-05-16 15:33 . 2013-04-16 22:26 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-05-16 15:24 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-05-16 14:54 . 2013-03-07 15:56 2197632 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-05-16 14:54 . 2013-03-07 15:56 2153984 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-05-16 14:54 . 2013-03-07 15:56 2032640 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-05-16 14:54 . 2013-03-07 15:56 2074240 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2013-05-16 14:54 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-05-16 14:54 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2013-05-16 14:46 . 2013-05-24 08:51 -------- d--h--w- c:\windows\$hf_mig$ 2013-05-15 20:44 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2013-05-15 20:41 . 2009-11-27 16:08 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2013-05-15 20:41 . 2009-11-27 16:08 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll 2013-05-14 14:50 . 2013-05-14 14:50 -------- d-----w- C:\48193 2013-05-14 14:50 . 2013-05-14 14:50 -------- d-sh--w- c:\arquivos de programas\5658 2013-05-14 14:44 . 2013-05-14 14:44 -------- d-----w- c:\documents and settings\Pc\Dados de aplicativos\AVG 2013-05-14 14:44 . 2013-05-14 14:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG 2013-05-14 14:43 . 2013-05-14 14:43 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-05-14 14:43 . 2013-05-14 14:43 -------- d--h--w- c:\documents and settings\All Users\Dados de aplicativos\Common Files 2013-05-14 14:34 . 2013-06-03 11:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\eSafe 2013-05-14 14:31 . 2013-05-29 11:42 -------- d-----w- c:\documents and settings\Pc\Dados de aplicativos\eIntaller 2013-05-13 11:15 . 2013-05-13 11:15 -------- d-----w- c:\arquivos de programas\Microsoft.NET 2013-05-13 11:06 . 2013-05-13 11:06 -------- d-----w- c:\documents and settings\Pc\Dados de aplicativos\Zip Opener Packages 2013-05-12 21:16 . 2013-05-15 01:37 -------- d-----w- c:\arquivos de programas\Counter-Strike 1.6 2013-05-07 13:00 . 2013-05-07 13:00 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google 2013-05-07 12:01 . 2013-05-07 12:01 -------- d-----w- c:\arquivos de programas\Mozilla Plugins 2013-05-07 12:01 . 2013-05-07 12:01 -------- d-----w- c:\arquivos de programas\iTunesMiniPlayer.Resources 2013-05-07 12:01 . 2013-05-07 12:01 -------- d-----w- c:\arquivos de programas\iTunesHelper.Resources 2013-05-07 12:01 . 2013-05-07 12:01 -------- d-----w- c:\arquivos de programas\iTunes.Resources 2013-05-07 12:01 . 2013-05-07 12:01 -------- d-----w- c:\arquivos de programas\iPod 2013-05-07 12:00 . 2013-05-07 12:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-05-07 12:00 . 2013-05-07 12:01 -------- d-----w- c:\arquivos de programas\CD Configuration 2013-05-07 11:19 . 2013-05-07 11:19 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Apple . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 13:25 . 2013-03-21 12:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 13:25 . 2013-03-21 12:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-09 08:59 . 2013-03-21 12:39 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-05-09 08:59 . 2013-03-21 12:39 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-05-09 08:59 . 2013-03-21 12:39 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2013-03-21 12:39 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-05-09 08:59 . 2013-03-21 12:39 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2013-03-21 12:39 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-05-09 08:59 . 2013-03-21 12:39 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2013-03-21 12:39 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2013-03-21 12:38 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2013-03-21 12:39 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-04-16 22:26 . 2008-04-13 22:20 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:26 . 2008-04-13 22:20 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-16 22:26 . 2008-04-13 22:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:30 . 2008-04-13 21:55 385024 ----a-w- c:\windows\system32\html.iec 2013-04-12 14:01 . 2008-04-13 21:54 1876480 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 23:32 . 2013-04-12 08:50 152880 ----a-r- c:\windows\system32\drivers\360FileOem.sys 2013-04-10 23:32 . 2013-04-12 08:50 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys 2013-04-10 23:32 . 2013-04-12 08:50 29744 ----a-r- c:\windows\system32\drivers\360RegOem.sys 2013-04-10 23:32 . 2013-04-12 08:50 61488 ----a-r- c:\windows\system32\drivers\360HookOem.sys 2013-04-05 20:34 . 2013-04-12 08:51 322560 ----a-r- c:\windows\system32\PsClikS.dll 2013-03-21 12:49 . 2013-03-21 12:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-21 12:49 . 2013-03-21 12:49 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-08 08:36 . 2008-04-13 22:20 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2008-04-13 22:00 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56 . 2008-04-13 19:00 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-06 23:33 . 2013-04-23 12:37 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-02-20 16:16 . 2013-02-20 16:16 112968 ----a-w- c:\arquivos de programas\ITDetector.ocx 2013-02-20 15:35 . 2013-02-20 15:35 293192 ----a-w- c:\arquivos de programas\iTunesOutlookAddIn.dll 2013-02-20 15:35 . 2013-02-20 15:35 152392 ----a-w- c:\arquivos de programas\iTunesHelper.exe 2013-02-20 15:35 . 2013-02-20 15:35 117576 ----a-w- c:\arquivos de programas\iTunesMiniPlayer.dll 2013-02-20 15:35 . 2013-02-20 15:35 412488 ----a-w- c:\arquivos de programas\iTunesAdmin.dll 2013-02-20 15:35 . 2013-02-20 15:35 148808 ----a-w- c:\arquivos de programas\iTunesHelper.dll 2013-02-20 15:35 . 2013-02-20 15:35 9789256 ----a-w- c:\arquivos de programas\iTunes.exe 2013-02-20 15:35 . 2013-02-20 15:35 22970184 ----a-w- c:\arquivos de programas\iTunes.dll 2013-02-20 15:35 . 2013-02-20 15:35 650056 ----a-w- c:\arquivos de programas\iPodUpdaterExt.dll 2013-02-20 15:35 . 2013-02-20 15:35 782688 ----a-w- c:\arquivos de programas\gnsdk_sdkmanager.dll 2013-02-20 15:35 . 2013-02-20 15:35 3015008 ----a-w- c:\arquivos de programas\gnsdk_dsp.dll 2013-02-20 15:35 . 2013-02-20 15:35 269152 ----a-w- c:\arquivos de programas\gnsdk_submit.dll 2013-02-20 15:35 . 2013-02-20 15:35 226144 ----a-w- c:\arquivos de programas\gnsdk_musicid.dll 2012-09-06 01:26 . 2013-03-21 12:26 266720 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 19:10 576976 ----a-w- c:\arquivos de programas\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 19:10 576976 ----a-w- c:\arquivos de programas\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 19:10 576976 ----a-w- c:\arquivos de programas\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 19:10 576976 ----a-w- c:\arquivos de programas\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "APSDaemon"="c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\arquivos de programas\iTunesHelper.exe" "IgfxTray"=c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"="1" "FirewallOverride"="1" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallDisableNotify"="1" "AntiVirusDisableNotify"="1" "FirewallOverride"="1" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Arquivos de programas\\iTunes.exe"= . R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [12/4/2013 05:50 61488] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21/3/2013 09:39 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21/3/2013 09:39 174664] R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [12/4/2013 05:50 152880] R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [12/4/2013 05:50 29744] R1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [12/4/2013 05:50 64048] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [23/4/2013 09:37 21576] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21/3/2013 09:39 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/3/2013 09:39 368944] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/3/2013 09:39 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21/3/2013 09:39 66336] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [21/3/2013 09:06 22016] S2 eSafeSvc;eSafe Service;c:\documents and settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe [14/5/2013 11:34 360512] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/3/2013 09:10 1691480] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [17/5/2013 21:45 40776] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [21/3/2013 09:06 36384] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [21/3/2013 09:06 17664] S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [21/3/2013 09:06 17664] S3 utexnjq5;AVZ Kernel Driver;c:\windows\system32\drivers\utexnjq5.sys [18/5/2013 17:07 7168] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-24 19:32 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe . Conteúdo da pasta 'Tarefas Agendadas' . 2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 13:25] . 2013-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57] . 2013-06-03 c:\windows\Tasks\avast! Emergency Update.job - c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-21 08:58] . 2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-04-13 15:17] . 2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-04-13 15:17] . 2013-06-03 c:\windows\Tasks\Show Lyrics Update.job - c:\arquivos de programas\Show-Lyrics\ShwLUPD.exe [2013-05-20 09:08] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Pc\Dados de aplicativos\Mozilla\Firefox\Profiles\z5sna14m.default\ FF - ExtSQL: 2013-04-04 18:58; ffxtlbr@delta.com; c:\documents and settings\Pc\Dados de aplicativos\Mozilla\Firefox\Profiles\z5sna14m.default\extensions\ffxtlbr@delta.com FF - ExtSQL: 2013-05-21 08:16; showlyrics@superstrsoft.co; c:\arquivos de programas\Show-Lyrics\FF FF - ExtSQL: 2013-05-25 07:39; toolbar@ask.com; c:\documents and settings\Pc\Dados de aplicativos\Mozilla\Firefox\Profiles\z5sna14m.default\extensions\toolbar@ask.com . - - - - ORFÃOS REMOVIDOS - - - - . AddRemove-DealPly - c:\arquivos de programas\DealPly\uninst.exe AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\arquivos de programas\Ask.com\Updater\Updater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-03 10:00 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Tempo para conclusão: 2013-06-03 10:02:32 ComboFix-quarantined-files.txt 2013-06-03 13:02 . Pré-execução: 10 pasta(s) 129.178.595.328 bytes disponíveis Pós execução: 13 pasta(s) 129.485.672.448 bytes disponíveis . WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 6D4775CEA70F6FFECAA124DB0A9F317E Obrigado e esperando respostas =)
  14. Detalhe é que eu executei o arquivo DDS.com ao invés do DDS.scr, tem diferença ?

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×