Boa Noite! Soraya Lourenço

|- Baixe: < AdwCleaner > ( ... par Xplode )

|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Suppression.jpg&key=ea7f314988c364d38f61f15aee7583e1c9e325cba8a0d859f1c7cd594582e777" alt="AdwCleaner_Suppression.jpg" />

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

Abraços!

Segue o log:

AdwCleaner v1.703 - Logfile created 07/30/2012 at 13:37:54

Updated 20/07/2012 by Xplode

Operating system : Windows 7 Starter Service Pack 1 (32 bits)

User : Soraya - LOURENÇO-PC

Running from : C:\Users\Soraya\Desktop\adwcleaner.exe

Option [Delete]

*** [services] ***

*** [Files / Folders] ***

Folder Deleted : C:\Users\Soraya\AppData\Local\Conduit

Folder Deleted : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Folder Deleted : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk

Folder Deleted : C:\Users\Soraya\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Soraya\AppData\Roaming\Complitly

Folder Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\ConduitCommon

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Program Files\Complitly

Folder Deleted : C:\Program Files\Conduit

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\funmoods.xml

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\SweetIm.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

*** [Registry] ***

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\SweetIM

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

*** [Registre - GUID] ***

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

*** [internet Browsers] ***

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0TzutBtDtCtBtDyCtCzy&cr=200577644 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.babylon.com/?affID=113480&tt=060612_5_&babsrc=HP_ss&mntrId=d47eecd5000000000000e0ca9478f907 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (pt-BR)

Profile name : default

File : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js

C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);

Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);

Deleted : user_pref("CT3072253.CTID", "CT3072253");

Deleted : user_pref("CT3072253.CurrentServerDate", "24-7-2012");

Deleted : user_pref("CT3072253.DSInstall", true);

Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Tue Jul 24 2012 11:04:49 GMT-0300 (Hora oficial d[...]

Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");

Deleted : user_pref("CT3072253.FirstServerDate", "24-7-2012");

Deleted : user_pref("CT3072253.FirstTime", true);

Deleted : user_pref("CT3072253.FirstTimeFF3", true);

Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);

Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3072253.HPInstall", false);

Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);

Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com.br/");

Deleted : user_pref("CT3072253.Initialize", true);

Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);

Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 2);

Deleted : user_pref("CT3072253.InstallationType", "Unknown");

Deleted : user_pref("CT3072253.InstalledDate", "Tue Jul 24 2012 11:04:52 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);

Deleted : user_pref("CT3072253.IsGrouping", false);

Deleted : user_pref("CT3072253.IsInitSetupIni", true);

Deleted : user_pref("CT3072253.IsMulticommunity", false);

Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);

Deleted : user_pref("CT3072253.IsOpenUninstallPage", true);

Deleted : user_pref("CT3072253.IsProtectorsInit", true);

Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Jul 24 2012 11:04:52 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Jul 24 2012 11:06:18 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT3072253.Locale", "en");

Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);

Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.14.1.0");

Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]

Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Jul 24 2012 11:04:53 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3072253.SearchProtectorEnabled", true);

Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Jul 24 2012 11:04:46 GMT-0300 (Hora oficial do B[...]

Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Tue Jul 24 2012 11:04:46 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT3072253.SettingsLastUpdate", "1342354602");

Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Tue Jul 24 2012 11:04:46 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");

Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3072253.UserID", "UN83582594931646696");

Deleted : user_pref("CT3072253.alertChannelId", "1463702");

Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4252");

Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20323420323031322031313A30343A35372[...]

Deleted : user_pref("CT3072253.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]

Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Tue Jul 24 2012 11:04:48 GMT-0300 (Hora ofi[...]

Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.initDone", true);

Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3072253.myStuffEnabled", true);

Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3072253.revertSettingsEnabled", true);

Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.testingCtid", "");

Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Jul 24 2012 11:04:47 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Tue Jul 24 2012 11:04:51 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3072253.usagesFlag", 1);

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/BR", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Soraya\\AppData\\Roaming\\Mozilla\\[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");

Deleted : user_pref("CommunityToolbar.globalUserId", "f10e06c7-4841-485a-b6ce-e158a4dff984");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jul 24 2012 11:04:5[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 24 2012 11:04:52 GMT-030[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 24 2012 11:04:47 GMT-0300 (H[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "0d068552-f176-4b8f-955a-07ea205139ab");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.br/");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Deleted : user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://search.babylon.com/?affID=113480&tt=3012_8&[...]

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=3012_8&babsrc=NT_ss&mntr[...]

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15548");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=3012_1");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15539");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=3012_[...]

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.123:08:32");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.Softonic.admin", false);

Deleted : user_pref("extensions.Softonic.aflt", "SD");

Deleted : user_pref("extensions.Softonic.cntry", "BR");

Deleted : user_pref("extensions.Softonic.dfltSrch", false);

Deleted : user_pref("extensions.Softonic.dfltlng", "en");

Deleted : user_pref("extensions.Softonic.dfltsrch", "false");

Deleted : user_pref("extensions.Softonic.envrmnt", "production");

Deleted : user_pref("extensions.Softonic.hdrMd5", "E6352C170EDD7A7200CDAC4F18B9D1DF");

Deleted : user_pref("extensions.Softonic.hmpg", false);

Deleted : user_pref("extensions.Softonic.hrdid", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.Softonic.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.Softonic.instlday", "");

Deleted : user_pref("extensions.Softonic.instlref", "");

Deleted : user_pref("extensions.Softonic.isdcmntcmplt", "false");

Deleted : user_pref("extensions.Softonic.keywordurl", "");

Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.017:30:02");

Deleted : user_pref("extensions.Softonic.logicsmngrdailyreporttime", "11-06-2012");

Deleted : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.Softonic.newTab", false);

Deleted : user_pref("extensions.Softonic.newtab", "false");

Deleted : user_pref("extensions.Softonic.newtaburl", "");

Deleted : user_pref("extensions.Softonic.prdct", "Softonic");

Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");

Deleted : user_pref("extensions.Softonic.prtnrid", "softonic");

Deleted : user_pref("extensions.Softonic.savedVrsnTs", "1");

Deleted : user_pref("extensions.Softonic.sg", "az");

Deleted : user_pref("extensions.Softonic.similarsitesstorage-pid2", "5e7cda79789861b");

Deleted : user_pref("extensions.Softonic.smplGrp", "none");

Deleted : user_pref("extensions.Softonic.smplgrp", "none");

Deleted : user_pref("extensions.Softonic.srch", "");

Deleted : user_pref("extensions.Softonic.srchprvdr", "");

Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...]

Deleted : user_pref("extensions.Softonic.tlbrid", "base");

Deleted : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...]

Deleted : user_pref("extensions.Softonic.vrsn", "");

Deleted : user_pref("extensions.Softonic.vrsnTs", "1.5.21.017:30:02");

Deleted : user_pref("extensions.Softonic.vrsni", "1.5.21.0");

Deleted : user_pref("extensions.Softonic.vrsnts", "1.5.21.017:30:02");

Deleted : user_pref("extensions.Softonic_i.newTab", false);

Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");

Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.017:30:02");

Deleted : user_pref("extensions.funmoods.admin", false);

Deleted : user_pref("extensions.funmoods.aflt", "iron2");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.cntry", "BR");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "55B0F2732E139AA003C197ACFDDC095E");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzut[...]

Deleted : user_pref("extensions.funmoods.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.funmoods.instlDay", "15510");

Deleted : user_pref("extensions.funmoods.instlRef", "iron2");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:22:46");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]

Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:22:46");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.aflt", "orgnl");

Deleted : user_pref("extensions.funmoods_i.dfltLng", "");

Deleted : user_pref("extensions.funmoods_i.excTlbr", false);

Deleted : user_pref("extensions.funmoods_i.hmpg", true);

Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=vsl");

Deleted : user_pref("extensions.funmoods_i.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.funmoods_i.instlDay", "15511");

Deleted : user_pref("extensions.funmoods_i.instlRef", "");

Deleted : user_pref("extensions.funmoods_i.newTab", false);

Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");

Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=orgnl&q=[...]

Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1614:04:32");

Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113480&tt=3012_8&babsrc=KW_ss&mntrId=d47e[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [30626 octets] - [30/07/2012 13:37:54]

########## EOF - C:\AdwCleaner[s1].txt - [30755 octets] ##########

O link gerado foi

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120730_j8r813f13z7

E o relatorio foi:

Rapport de ZHPDiag v1.31.105 par Nicolas Coolman, Update du 25/06/2012

Run by Soraya at 30/07/2012 13:50:16

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Web site : http://nicolascoolman.skyrock.com/

State :

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 14.0.1 v14.0.1 (Defaut)

---\\ Windows Product Information

~ Langage: Anglais

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ System Information

~ Processor: x86 Family 20 Model 1 Stepping 0, AuthenticAMD

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1788 MB (46% free)

System Restore: Activé (Enable)

System drive C: has 144 GB (80%) free of 180 GB

---\\ Logged in mode

~ Computer Name: LOURENÇO-PC

~ User Name: Soraya

~ All Users Names: Soraya, Convidado, Administrador,

~ Unselected Option: O45,O61,O62,O65,O82

Logged in as Administrator

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Soraya\AppData\Roaming\

~ %Desktop% : C:\Users\Soraya\Desktop\

~ %Favorites% : C:\Users\Soraya\Favorites\

~ %LocalAppData% : C:\Users\Soraya\AppData\Local\

~ %StartMenu% : C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 144 Go of 180 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 248 Go of 268 Go)

E:\ CD-ROM drive (Not Inserted)

Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

~ Scan Security Center in 00mn 00s

---\\ Search Generic System Files

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.27/07/2012 - 10:14:56.) -- C:\Windows\System32\wininet.dll [1129472]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]

[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:39:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]

[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]

~ Scan Generic Processes in 00mn 01s

---\\ Hidden files state (Hidden/Total)

~ Mes musiques (My Musics) : 41/450

~ Mes Videos (My Videos) : 1/2

~ Mes Favoris (My Favorites) : 1/4

~ Mes Documents (My Documents) : 2/115

~ Mon Bureau (My Desktop) : 2/85

~ Menu demarrer (Programs) : 1/30

~ Scan Hidden Files in 00mn 01s

---\\ Running Processes

[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Facebook Installer.) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3636]

[MD5.19CB8B3851F40518DC639C0613273122] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [840992] [PID.3688]

[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3716]

[MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.3780]

[MD5.8A9FACCB684500829F7D0BCC67B386CC] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.1152]

[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.3700]

[MD5.D6C4B257BBD494F08B2984E533B072A0] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [945232] [PID.3280]

[MD5.CAF103ABAE8D7AC48C6283C9EA0C942F] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe [7060560] [PID.3272]

[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.2056]

[MD5.1D721C0A479F378326EA770B3E6FABEE] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2852128] [PID.3092]

[MD5.3F677172F23FC17283D9BCE4B42E3F65] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [913888] [PID.672]

[MD5.A06AB1550658A19E871A6FD7FF1C2CDB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16864] [PID.4476]

[MD5.7DD731B5B95D5B8D14DC4E1468EB09E3] - (.Adobe Systems, Inc. - Adobe Flash Player 11.3 r300.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe [1536712] [PID.4512]

[MD5.EE34DEB598BFB6E0FAF3C483AA3E73F8] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4399696] [PID.4956]

[MD5.D9C70E8552670E7A67778ED238C18975] - (.Samsung Electronics Co., Ltd. - Smart Restarter Program.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2208624] [PID.5636]

[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.5812]

[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.5884]

[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.5972]

[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775848] [PID.6136]

[MD5.1E20F1E969193B6763630EAC6CFDC2EB] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [1757264] [PID.3316]

[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.5012]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Users\Soraya\Desktop\ZHPDiag_silent.exe [794216] [PID.3752]

[MD5.BE955BAB4EFC2A28BE2692D102FFC85A] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3838464] [PID.3744]

~ Scan Processes Running in 00mn 01s

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)

C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences

~ Scan Google Browser in 00mn 00s

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js

M3 - MFPP: Plugins - [soraya] -- C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\Search.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\twitter.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml

M0 - MFSP: prefs.js [soraya - d9gpgnfs.default] http://www.google.com

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.10411.0.) -- C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)

P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.450] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.448] - (.RealNetworks, Inc. - 6.0.12.448.) -- C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll (.not file.)

~ Scan Firefox Browser in 00mn 00s

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} . (...) (No version) -- (.not file.)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ Scan IE Browser in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects (O2)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} . (...) -- mscoree.dll (.not file.)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

~ Scan BHO in 00mn 00s

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

~ Scan Toolbar in 00mn 00s

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [OiVelox] . (...) -- C:\Program Files\Oi\Programmer\OiVeloxCheck.exe

O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-1980178241-1392328930-356032191-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

---\\ Other User Links (O4)

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Adobe Reader.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\DL.lnk . (...) -- D:\DL

O4 - Global Startup: C:\Users\Soraya\Desktop\MBRCheck.lnk . (...) -- C:\Program Files\ZHPDiag\mbrcheck.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Media Player Classic.lnk . (.MPC-HC Team.) -- C:\Program Files\Essentials Codec Pack\MPC\mpc-hc.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\MsPaint.lnk . (.Microsoft Corporation.) -- C:\Windows\System32\mspaint.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Oi Velox.lnk . (.LightComm Tecnologia.) -- C:\Program Files\Oi\Programmer\OiVelox.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\StarterBackgroundChanger.lnk . (.RGE.) -- C:\Program Files\StarterBackgroundChanger\StarterBackgroundChanger.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Windows Defender.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Defender\MSASCui.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\ZHPDiag.lnk . (...) -- C:\Program Files\ZHPDiag\ZHPDiags.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\ZHPFix.lnk . (...) -- C:\Program Files\ZHPDiag\ZHPFix.exe

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk . (.Gretech Corp..) -- C:\Program Files\GRETECH\GomPlayer\GOM.EXE

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jetAudio.lnk . (.JetAudio, Inc..) -- C:\Program Files\JetAudio\JetAudio.exe

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files\uTorrent\uTorrent.exe

~ Scan Global Startup in 00mn 00s

---\\ Extra items in the IE right-click menu (O8)

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

~ Scan IE Menu Contextuel in 00mn 00s

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBro

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {328ECD19-C167-40eb-A0C7-16FE7634105E} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Prin

~ Scan IE Extra Buttons in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll

~ Scan Winsock in 00mn 00s

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

~ Scan Objets ActiveX in 00mn 00s

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254

~ Scan Domain in 00mn 00s

---\\ Extra protocols (O18)

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --

O18 - Handler: dvd - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: its - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: mhtml - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: ms-its - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

~ Scan Protocole Additionnel in 00mn 00s

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe

O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Unknown owner - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

~ Scan Services in 00mn 00s

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

---\\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ Scan Keys in 00mn 00s

---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMSDaily.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000UA.job

[MD5.6C40D5ED8951AB7B90D08AF655224EE4] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[MD5.EE34DEB598BFB6E0FAF3C483AA3E73F8] [APT] [advSRS5] (.SEC.) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [AutoKMSDaily] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.)

[MD5.5A7E85100ACB28FBA8A81181A06C52D7] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

[MD5.37293B4DBC673DFC3CA4DAF8A52F575D] [APT] [batteryLifeExtender] (.Samsung Electronics. Co. Ltd..) -- C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe

[MD5.D6C4B257BBD494F08B2984E533B072A0] [APT] [EasyDisplayMgr] (.Samsung Electronics Co., Ltd..) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

[MD5.00000000000000000000000000000000] [APT] [EasyPartitionManager] (...) -- C:\Windows\MSetup\BA46-12225A02\EPM.exe (.not file.)

[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000Core] (.Facebook Inc..) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000UA] (.Facebook Inc..) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

[MD5.B00F98FF6FE8682FF941BEB2559BF191] [APT] [MirageAgent] (.CyberLink.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe

[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] [APT] [MovieColorEnhancer] (.Samsung Electronics Co., Ltd..) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

[MD5.5C7686EBAA8F27437C6F2C33F08768F5] [APT] [Windows Codec Update Service] (.MediaCodec.Org.) -- C:\Program Files\Essentials Codec Pack\WECPUpdate.exe

[MD5.3F677172F23FC17283D9BCE4B42E3F65] [APT] [{269378BC-338E-486C-9712-8CD4EE96E606}] (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

[MD5.00000000000000000000000000000000] [APT] [{53EEF08F-89DC-4315-A7F0-AB77D49C080B}] (...) -- D:\DL\Aquivos\Nero 9.0.9.4d.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{7043BCA5-7860-46C9-9E1C-CD1CEBB3A720}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{EE204AB3-7858-4613-B445-EEEB6BBB5A8B}] (...) -- C:\Program Files\VIVO INTERNET\uninst.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{F4170393-8CE2-4639-848D-C4EF364526B7}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

~ Scan Scheduled Task in 00mn 05s

---\\ ActiveSetup Installed Components (O40)

O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll

O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe

O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

~ Scan Active Setup in 00mn 00s

---\\ Drivers launched at startup (O41)

O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys

O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\Drivers\aswrdr2.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: (SABI) . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - C:\windows\system32\Drivers\SABI.sys

O41 - Driver: (SamSs) . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - C:\windows\system32\Drivers\SABI.sys

O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys

O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

---\\ Software installed (O42)

O42 - Logiciel: Microsoft Office Starter 2010 - Português (Brasil) - (.Microsoft Corporation.) [HKLM] -- {90140011-0066-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office com Clique para Executar 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.Click2Run

O42 - Logiciel: Mozilla Firefox 14.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 14.0.1 (x86 pt-BR)

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService

O42 - Logiciel: Oi Velox - (.LightComm Tecnologia.) [HKLM] -- programmeroi_is1

---\\ HKCU & HKLM Software Keys

[HKCU\Software\ATI]

[HKCU\Software\AVAST Software]

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Crossrider]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software\Unity]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Baixaki]

[HKCU\Software\BitTorrent]

[HKCU\Software\Bugsplat]

[HKCU\Software\COWON]

[HKCU\Software\ClassesB]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\CyberLink]

[HKCU\Software\Elantech]

[HKCU\Software\Facebook]

[HKCU\Software\GNU]

[HKCU\Software\GRETECH]

[HKCU\Software\Gabest]

[HKCU\Software\Google]

[HKCU\Software\HP]

[HKCU\Software\Haali]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\I.R.I.S.]

[HKCU\Software\IM Providers]

[HKCU\Software\INCAInternet]

[HKCU\Software\InstallCore]

[HKCU\Software\InstantStormSavers]

[HKCU\Software\Intel]

[HKCU\Software\Iris]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Macromedia]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\Norton]

[HKCU\Software\OCNS]

[HKCU\Software\Opera Software]

[HKCU\Software\Pando Networks]

[HKCU\Software\Policies]

[HKCU\Software\RealNetworks]

[HKCU\Software\Realtek]

[HKCU\Software\RegisteredApplications]

[HKCU\Software\SSPrint]

[HKCU\Software\Samsung]

[HKCU\Software\SkypeRS]

[HKCU\Software\Skype]

[HKCU\Software\StarterBackgroundChanger]

[HKCU\Software\Trolltech]

[HKCU\Software\TuneUp]

[HKCU\Software\Unity]

[HKCU\Software\Video Player]

[HKCU\Software\Webzen]

[HKCU\Software\Widcomm]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Wow6432Node]

[HKLM\Software\360Safe]

[HKLM\Software\AMD]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\AVAST Software]

[HKLM\Software\Adobe]

[HKLM\Software\AdwCleaner]

[HKLM\Software\Ahead]

[HKLM\Software\Atheros]

[HKLM\Software\BcmSetup]

[HKLM\Software\Broadcom]

[HKLM\Software\Bunndle]

[HKLM\Software\CBSTEST]

[HKLM\Software\COWON]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\CyberLink]

[HKLM\Software\DTS]

[HKLM\Software\Dolby]

[HKLM\Software\Essentials Codec Pack]

[HKLM\Software\GNU]

[HKLM\Software\GRETECH]

[HKLM\Software\Gabest]

[HKLM\Software\Google]

[HKLM\Software\HaaliMkx]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\Huawei technologies]

[HKLM\Software\ICE]

[HKLM\Software\Intel]

[HKLM\Software\Jodix]

[HKLM\Software\Khronos]

[HKLM\Software\Knowles]

[HKLM\Software\Macromedia]

[HKLM\Software\Megacubo]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\My Company Name]

[HKLM\Software\NCsoft]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\Oceanis]

[HKLM\Software\Opera Software]

[HKLM\Software\Pando Networks]

[HKLM\Software\Policies]

[HKLM\Software\RTLSetup]

[HKLM\Software\RealAlternative]

[HKLM\Software\RealNetworks]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SRS Labs]

[HKLM\Software\SSPrint]

[HKLM\Software\SSScan]

[HKLM\Software\Samsung Electronics Co., Ltd.]

[HKLM\Software\Samsung Printers]

[HKLM\Software\Samsung]

[HKLM\Software\Skype]

[HKLM\Software\SonicFocus]

[HKLM\Software\StarterBackgroundChanger]

[HKLM\Software\SuppHelpDir]

[HKLM\Software\Symantec]

[HKLM\Software\TuneUp]

[HKLM\Software\V9Software]

[HKLM\Software\VDownloader]

[HKLM\Software\Volatile]

[HKLM\Software\WOW6432Node]

[HKLM\Software\Waves Audio]

[HKLM\Software\Widcomm]

[HKLM\Software\WinRAR]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 21/01/2012 - 16:42:33 - [195,732] ----D C:\Program Files\Adobe

O43 - CFD: 21/01/2012 - 16:42:36 - [1,863] ----D C:\Program Files\AMD APP

O43 - CFD: 21/01/2012 - 17:16:23 - [0] ----D C:\Program Files\Arquivos Comuns

O43 - CFD: 21/01/2012 - 16:42:36 - [0,034] ----D C:\Program Files\Atheros

O43 - CFD: 21/01/2012 - 16:42:36 - [16,785] ----D C:\Program Files\ATI

O43 - CFD: 21/01/2012 - 16:42:37 - [63,068] ----D C:\Program Files\ATI Technologies

O43 - CFD: 27/07/2012 - 12:47:31 - [237,340] ----D C:\Program Files\AVAST Software

O43 - CFD: 21/01/2012 - 16:42:42 - [11,073] ----D C:\Program Files\Broadcom

O43 - CFD: 26/07/2012 - 23:27:42 - [124,790] ----D C:\Program Files\Common Files

O43 - CFD: 21/01/2012 - 16:45:35 - [1083,925] ----D C:\Program Files\CyberLink

O43 - CFD: 14/04/2012 - 08:46:41 - [3,997] ----D C:\Program Files\DVD Maker

O43 - CFD: 21/01/2012 - 16:38:26 - [16,208] ----D C:\Program Files\Elantech

O43 - CFD: 16/05/2012 - 17:18:50 - [35,859] ----D C:\Program Files\Essentials Codec Pack

O43 - CFD: 27/07/2012 - 11:37:42 - [0] ----D C:\Program Files\Google

O43 - CFD: 01/02/2012 - 15:47:56 - [20,364] ----D C:\Program Files\GRETECH

O43 - CFD: 18/05/2012 - 23:39:06 - [215,640] ----D C:\Program Files\HP

O43 - CFD: 21/05/2012 - 20:34:29 - [145,398] --H-D C:\Program Files\InstallShield Installation Information

O43 - CFD: 27/07/2012 - 10:47:57 - [4,929] ----D C:\Program Files\Internet Explorer

O43 - CFD: 01/02/2012 - 15:44:38 - [69,302] ----D C:\Program Files\JetAudio

O43 - CFD: 28/02/2012 - 14:49:16 - [0] ----D C:\Program Files\Microsoft

O43 - CFD: 27/07/2012 - 10:23:43 - [10,731] ----D C:\Program Files\Microsoft Application Virtualization Client

O43 - CFD: 14/07/2009 - 01:52:30 - [44,793] ----D C:\Program Files\Microsoft Games

O43 - CFD: 22/01/2012 - 17:28:15 - [7,525] ----D C:\Program Files\Microsoft Office

O43 - CFD: 19/06/2012 - 19:32:15 - [40,838] ----D C:\Program Files\Microsoft Silverlight

O43 - CFD: 21/01/2012 - 16:47:59 - [1,745] ----D C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 07/06/2012 - 22:01:35 - [0,015] ----D C:\Program Files\Microsoft.NET

O43 - CFD: 29/07/2012 - 01:00:17 - [36,321] ----D C:\Program Files\Mozilla Firefox

O43 - CFD: 29/07/2012 - 10:46:13 - [0,195] ----D C:\Program Files\Mozilla Maintenance Service

O43 - CFD: 14/07/2009 - 01:52:30 - [0,025] ----D C:\Program Files\MSBuild

O43 - CFD: 27/07/2012 - 10:02:50 - [0] ----D C:\Program Files\MSXML 4.0

O43 - CFD: 28/07/2012 - 13:09:14 - [6,211] ----D C:\Program Files\Oi

O43 - CFD: 26/07/2012 - 23:32:53 - [0,000] ----D C:\Program Files\Opera Next

O43 - CFD: 20/02/2012 - 19:48:33 - [21,706] ----D C:\Program Files\Real Alternative

O43 - CFD: 21/01/2012 - 16:48:18 - [20,260] ----D C:\Program Files\Realtek

O43 - CFD: 14/07/2009 - 01:52:30 - [37,262] ----D C:\Program Files\Reference Assemblies

O43 - CFD: 21/01/2012 - 16:48:34 - [973,600] ----D C:\Program Files\Samsung

O43 - CFD: 21/01/2012 - 16:50:47 - [14,041] ----D C:\Program Files\Samsung AnyWeb Print

O43 - CFD: 21/01/2012 - 16:50:47 - [1,863] ----D C:\Program Files\SamsungPrinterLiveUpdate

O43 - CFD: 21/01/2012 - 16:50:48 - [1,747] ----D C:\Program Files\SamsungPrinterLiveUpdateInstaller

O43 - CFD: 21/01/2012 - 16:50:48 - [28,905] R---D C:\Program Files\Skype

O43 - CFD: 09/02/2012 - 01:31:10 - [0,987] ----D C:\Program Files\StarterBackgroundChanger

O43 - CFD: 24/08/2011 - 02:46:08 - [0] --H-D C:\Program Files\Temp

O43 - CFD: 14/07/2009 - 01:53:23 - [0] --H-D C:\Program Files\Uninstall Information

O43 - CFD: 26/05/2012 - 19:43:10 - [0,840] ----D C:\Program Files\uTorrent

O43 - CFD: 21/01/2012 - 16:50:48 - [112,527] ----D C:\Program Files\WIDCOMM

O43 - CFD: 14/04/2012 - 08:46:39 - [2,897] ----D C:\Program Files\Windows Defender

O43 - CFD: 21/01/2012 - 16:51:08 - [515,990] ----D C:\Program Files\Windows Live

O43 - CFD: 14/04/2012 - 08:46:42 - [5,870] ----D C:\Program Files\Windows Mail

O43 - CFD: 14/04/2012 - 08:46:41 - [6,286] ----D C:\Program Files\Windows Media Player

O43 - CFD: 21/01/2012 - 17:16:23 - [11,630] ----D C:\Program Files\Windows NT

O43 - CFD: 14/04/2012 - 08:46:41 - [4,210] ----D C:\Program Files\Windows Photo Viewer

O43 - CFD: 20/11/2010 - 18:33:48 - [0,181] ----D C:\Program Files\Windows Portable Devices

O43 - CFD: 14/04/2012 - 08:46:42 - [10,029] ----D C:\Program Files\Windows Sidebar

O43 - CFD: 20/06/2012 - 13:24:03 - [3,952] ----D C:\Program Files\WinRAR

O43 - CFD: 30/07/2012 - 13:50:32 - [13,194] ----D C:\Program Files\ZHPDiag

O43 - CFD: 21/01/2012 - 16:42:42 - [3,636] ----D C:\Program Files\Common Files\Adobe

O43 - CFD: 01/02/2012 - 15:44:35 - [10,590] ----D C:\Program Files\Common Files\COWON

O43 - CFD: 21/01/2012 - 16:42:42 - [0] ----D C:\Program Files\Common Files\CyberLink

O43 - CFD: 22/01/2012 - 17:28:16 - [0,095] ----D C:\Program Files\Common Files\DESIGNER

O43 - CFD: 11/05/2012 - 12:34:45 - [0,507] ----D C:\Program Files\Common Files\Hewlett-Packard

O43 - CFD: 11/05/2012 - 12:35:07 - [3,052] ----D C:\Program Files\Common Files\HP

O43 - CFD: 15/04/2012 - 21:37:23 - [0] ----D C:\Program Files\Common Files\INCA Shared

O43 - CFD: 21/01/2012 - 16:42:42 - [5,114] ----D C:\Program Files\Common Files\InstallShield

O43 - CFD: 18/02/2012 - 18:16:35 - [46,407] ----D C:\Program Files\Common Files\microsoft shared

O43 - CFD: 21/01/2012 - 16:42:44 - [4,403] ----D C:\Program Files\Common Files\Samsung

O43 - CFD: 13/07/2009 - 23:37:05 - [0,003] ----D C:\Program Files\Common Files\Services

O43 - CFD: 21/01/2012 - 17:16:23 - [0] ----D C:\Program Files\Common Files\Sistema

O43 - CFD: 21/01/2012 - 16:42:44 - [2,036] ----D C:\Program Files\Common Files\Skype

O43 - CFD: 13/07/2009 - 23:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 14/04/2012 - 08:46:40 - [9,748] ----D C:\Program Files\Common Files\System

O43 - CFD: 21/01/2012 - 16:42:45 - [0] ----D C:\Program Files\Common Files\Windows Live

O43 - CFD: 21/01/2012 - 16:51:23 - [0,001] ----D C:\ProgramData\Adobe

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Application Data

O43 - CFD: 21/01/2012 - 16:51:23 - [0,019] ----D C:\ProgramData\Atheros

O43 - CFD: 21/01/2012 - 16:51:23 - [0,000] ----D C:\ProgramData\ATI

O43 - CFD: 27/07/2012 - 12:47:31 - [18,745] ----D C:\ProgramData\AVAST Software

O43 - CFD: 18/07/2012 - 02:53:04 - [0,000] --H-D C:\ProgramData\Common Files

O43 - CFD: 23/01/2012 - 12:35:21 - [0,042] ----D C:\ProgramData\CyberLink

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Dados de aplicativos

O43 - CFD: 16/04/2012 - 15:11:36 - [0,002] ----D C:\ProgramData\DatacardService

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Desktop

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Documents

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Favorites

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Favoritos

O43 - CFD: 17/03/2012 - 17:55:38 - [0,072] ----D C:\ProgramData\Hewlett-Packard

O43 - CFD: 11/05/2012 - 12:57:44 - [15,818] ----D C:\ProgramData\HP

O43 - CFD: 11/05/2012 - 12:36:42 - [0,009] ----D C:\ProgramData\HP Product Assistant

O43 - CFD: 28/07/2012 - 13:15:22 - [0,000] ----D C:\ProgramData\Lightcomm

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Menu Iniciar

O43 - CFD: 28/02/2012 - 14:49:16 - [1927,314] -S--D C:\ProgramData\Microsoft

O43 - CFD: 06/06/2012 - 11:57:02 - [0,048] ----D C:\ProgramData\Microsoft Help

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Modelos

O43 - CFD: 05/05/2012 - 09:04:08 - [0,007] ----D C:\ProgramData\Mozilla

O43 - CFD: 23/07/2012 - 12:35:17 - [0,743] ----D C:\ProgramData\Oi

O43 - CFD: 26/07/2012 - 23:34:25 - [0,846] ----D C:\ProgramData\PSafe

O43 - CFD: 21/01/2012 - 16:51:39 - [0,514] ----D C:\ProgramData\SAMSUNG

O43 - CFD: 21/01/2012 - 16:51:40 - [19,596] ----D C:\ProgramData\Skype

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Start Menu

O43 - CFD: 21/01/2012 - 16:51:40 - [0,293] ----D C:\ProgramData\Temp

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Templates

O43 - CFD: 18/07/2012 - 02:54:23 - [3,959] ----D C:\ProgramData\TuneUp Software

O43 - CFD: 23/01/2012 - 21:05:02 - [0] ----D C:\ProgramData\VirtualizedApplications

O43 - CFD: 11/05/2012 - 12:57:56 - [0,000] ----D C:\ProgramData\WEBREG

O43 - CFD: 21/01/2012 - 16:51:40 - [18,616] ----D C:\ProgramData\WinClon

O43 - CFD: 18/07/2012 - 02:53:04 - [22,938] -SH-D C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

O43 - CFD: 23/01/2012 - 12:30:06 - [3,026] ----D C:\Users\Soraya\AppData\Roaming\Adobe

O43 - CFD: 21/01/2012 - 17:02:21 - [0] ----D C:\Users\Soraya\AppData\Roaming\ATI

O43 - CFD: 01/02/2012 - 15:46:00 - [0,705] ----D C:\Users\Soraya\AppData\Roaming\COWON

O43 - CFD: 23/01/2012 - 14:01:48 - [3,599] ----D C:\Users\Soraya\AppData\Roaming\CyberLink

O43 - CFD: 01/02/2012 - 15:49:05 - [0,127] ----D C:\Users\Soraya\AppData\Roaming\GRETECH

O43 - CFD: 27/06/2012 - 21:57:37 - [0,130] ----D C:\Users\Soraya\AppData\Roaming\HP

O43 - CFD: 18/05/2012 - 15:48:50 - [0,000] ----D C:\Users\Soraya\AppData\Roaming\HpUpdate

O43 - CFD: 01/03/2012 - 18:35:46 - [0] ----D C:\Users\Soraya\AppData\Roaming\Identities

O43 - CFD: 21/01/2012 - 17:02:21 - [302,926] ----D C:\Users\Soraya\AppData\Roaming\Macromedia

O43 - CFD: 20/02/2012 - 20:03:49 - [0,000] ----D C:\Users\Soraya\AppData\Roaming\Media Player Classic

O43 - CFD: 23/06/2012 - 17:54:00 - [11,780] -S--D C:\Users\Soraya\AppData\Roaming\Microsoft

O43 - CFD: 25/01/2012 - 15:54:49 - [21,972] ----D C:\Users\Soraya\AppData\Roaming\Mozilla

O43 - CFD: 09/02/2012 - 01:18:54 - [2,202] ----D C:\Users\Soraya\AppData\Roaming\RGE

O43 - CFD: 21/03/2012 - 01:39:05 - [0,132] ----D C:\Users\Soraya\AppData\Roaming\Skype

O43 - CFD: 30/07/2012 - 00:56:15 - [0,842] ----D C:\Users\Soraya\AppData\Roaming\SoftGrid Client

O43 - CFD: 28/07/2012 - 13:17:32 - [0] ----D C:\Users\Soraya\AppData\Roaming\TP

O43 - CFD: 27/07/2012 - 00:34:36 - [1,505] ----D C:\Users\Soraya\AppData\Roaming\uTorrent

O43 - CFD: 05/04/2012 - 16:29:01 - [19,708] ----D C:\Users\Soraya\AppData\Roaming\WinRAR

O43 - CFD: 12/05/2012 - 18:38:22 - [0,368] ----D C:\Users\Soraya\AppData\Local\Adobe

O43 - CFD: 26/07/2012 - 22:28:56 - [0] ----D C:\Users\Soraya\AppData\Local\Apps

O43 - CFD: 05/04/2012 - 16:44:12 - [10,279] ----D C:\Users\Soraya\AppData\Local\assembly

O43 - CFD: 26/07/2012 - 22:26:15 - [0,064] ----D C:\Users\Soraya\AppData\Local\ATI

O43 - CFD: 05/02/2012 - 22:57:21 - [0] ----D C:\Users\Soraya\AppData\Local\Broadcom

O43 - CFD: 29/07/2012 - 19:59:21 - [42,798] ----D C:\Users\Soraya\AppData\Local\CrashDumps

O43 - CFD: 26/05/2012 - 19:44:30 - [0,848] ----D C:\Users\Soraya\AppData\Local\CRE

O43 - CFD: 25/05/2012 - 00:32:50 - [0,173] ----D C:\Users\Soraya\AppData\Local\CyberLink

O43 - CFD: 26/07/2012 - 22:37:54 - [3,200] ----D C:\Users\Soraya\AppData\Local\Diagnostics

O43 - CFD: 26/07/2012 - 22:38:54 - [1,167] ----D C:\Users\Soraya\AppData\Local\ElevatedDiagnostics

O43 - CFD: 02/06/2012 - 13:31:45 - [7,395] ----D C:\Users\Soraya\AppData\Local\Facebook

O43 - CFD: 11/07/2012 - 23:25:17 - [408,681] ----D C:\Users\Soraya\AppData\Local\Google

O43 - CFD: 25/05/2012 - 23:26:41 - [0,249] ----D C:\Users\Soraya\AppData\Local\HP

O43 - CFD: 23/06/2012 - 17:54:00 - [0] ----D C:\Users\Soraya\AppData\Local\Macromedia

O43 - CFD: 17/07/2012 - 00:48:30 - [311,712] ----D C:\Users\Soraya\AppData\Local\Microsoft

O43 - CFD: 27/01/2012 - 23:38:10 - [1,379] ----D C:\Users\Soraya\AppData\Local\Microsoft Games

O43 - CFD: 06/06/2012 - 11:57:01 - [0] ----D C:\Users\Soraya\AppData\Local\Microsoft Help

O43 - CFD: 25/01/2012 - 15:54:33 - [60,136] ----D C:\Users\Soraya\AppData\Local\Mozilla

O43 - CFD: 21/01/2012 - 17:02:21 - [0,504] ----D C:\Users\Soraya\AppData\Local\Power2Go

O43 - CFD: 27/07/2012 - 13:58:10 - [0,449] ----D C:\Users\Soraya\AppData\Local\SoftGrid Client

O43 - CFD: 30/07/2012 - 13:46:52 - [6,100] ----D C:\Users\Soraya\AppData\Local\Temp

O43 - CFD: 18/07/2012 - 03:07:13 - [0] ----D C:\Users\Soraya\AppData\Local\Unity

O43 - CFD: 27/07/2012 - 11:56:22 - [0,653] ----D C:\Users\Soraya\AppData\Local\VirtualStore

O43 - CFD: 25/07/2012 - 17:46:17 - [0,086] ----D C:\Users\Soraya\AppData\Local\Windows Live

O43 - CFD: 28/07/2012 - 20:33:35 - [0] ----D C:\Users\Soraya\AppData\Local\{ADF4E7A1-EBFA-4413-8846-7A0AB03EFADA}

O43 - CFD: 29/07/2012 - 23:52:40 - [0] ----D C:\Users\Soraya\AppData\Local\{EBA544A8-F8EA-4DC3-AE9D-6EA5E15AF2FB}

O43 - CFD: 14/07/2009 - 01:42:04 - [0,014] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 27/07/2012 - 10:51:15 - [0,000] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 27/07/2012 - 12:20:21 - [0,008] ----D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth

O43 - CFD: 16/05/2012 - 17:18:26 - [0] ----D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

O43 - CFD: 14/07/2009 - 01:37:42 - [0,001] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 27/07/2012 - 10:51:15 - [0,000] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 05/04/2012 - 16:28:26 - [0,003] ----D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

~ Scan Program Folder in 00mn 36s

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.476D148041CF13AF12209D8596E3F67D] - 30/07/2012 - 13:43:18 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1117310]

O44 - LFC:[MD5.7D0B5DD03DD20EC1443D3349A2FA69D5] - 30/07/2012 - 13:39:56 ---A- . (...) -- C:\Windows\setupact.log [1767419]

O44 - LFC:[MD5.0E6E8832A9D7D44FF9B0E6F66D2AB8AA] - 30/07/2012 - 13:39:54 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.5FDB3DA6790C2B183FC11705EC5F76F2] - 30/07/2012 - 13:38:12 ---A- . (...) -- C:\AdwCleaner[s1].txt [30757]

O44 - LFC:[MD5.9A38F04FD9688A4BBF4024DD848C354E] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1518542]

O44 - LFC:[MD5.F2E4FA71C1EAE804B69562B112E693BC] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\perfc009.dat [106574]

O44 - LFC:[MD5.707AC0095EFD05653D7A643289360263] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\perfh009.dat [616452]

O44 - LFC:[MD5.56E1D51B73318273477DDB6B2FABB811] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128280]

O44 - LFC:[MD5.10279F6E4B8CFE0114810CF952332CDE] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [664248]

O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 27/07/2012 - 12:56:55 ---A- . (...) -- C:\Windows\System32\config.nt [2577]

O44 - LFC:[MD5.D06FB90E0BE856DF74917361C58464FA] - 27/07/2012 - 12:41:43 ---A- . (...) -- C:\Windows\PFRO.log [261692]

O44 - LFC:[MD5.FBB9B35A154BF57ED4CA61A71C675606] - 27/07/2012 - 10:58:45 ---A- . (...) -- C:\Windows\System32\oem25.inf [698444]

O44 - LFC:[MD5.55AE1BE11C2C99FA1647103852E716C1] - 27/07/2012 - 10:50:00 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [275936]

O44 - LFC:[MD5.FF1A8E913B015EE02265D8C34382BDF6] - 27/07/2012 - 10:16:16 ---A- . (...) -- C:\Windows\IE9_main.log [4143]

O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 27/07/2012 - 10:14:56 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]

O44 - LFC:[MD5.35BD57166F920558651BA26F865F101F] - 27/07/2012 - 10:03:17 ---A- . (...) -- C:\Windows\msxml4-KB954430-enu.LOG [286742]

O44 - LFC:[MD5.AF2A17DF515AA5B75737FBE469EEEE6A] - 27/07/2012 - 10:02:57 ---A- . (...) -- C:\Windows\msxml4-KB973688-enu.LOG [289934]

O44 - LFC:[MD5.D320BF87125326F996D4904FE24300FC] - 27/07/2012 - 09:53:45 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [80256]

O44 - LFC:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 27/07/2012 - 09:53:45 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [22400]

O44 - LFC:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 27/07/2012 - 09:53:45 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332160]

O44 - LFC:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 27/07/2012 - 09:53:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117120]

O44 - LFC:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 27/07/2012 - 09:53:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [143744]

O44 - LFC:[MD5.46F04D43FBF20BC3E2FB6F3A1FC4C6DE] - 26/07/2012 - 23:08:49 ---A- . (...) -- C:\user.js [1997]

O44 - LFC:[MD5.852BC11C23B7104443FC74EC7AD79158] - 26/07/2012 - 21:54:49 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerApp.exe [426184]

O44 - LFC:[MD5.A9D264526FBA70238969FF29AE3723EF] - 26/07/2012 - 21:54:49 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [70344]

O44 - LFC:[MD5.45ADC884F83A5D7D2F19672825D72F9E] - 25/07/2012 - 23:58:24 ---A- . (...) -- C:\Windows\System32\InstallUtil.InstallLog [830]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/07/2012 - 03:40:19 ---A- . (...) -- C:\Windows\System32\sho420D.tmp [0]

O44 - LFC:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 18/07/2012 - 02:50:13 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]

O44 - LFC:[MD5.4CDB39659C17FAA5BE56AC4F89387520] - 18/07/2012 - 02:50:12 R--A- . (.360???? - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]

O44 - LFC:[MD5.092E3658FC760F3D9694A848CAB1E43E] - 18/07/2012 - 02:49:30 R--A- . (.360???? - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]

O44 - LFC:[MD5.793FE87864DF96B611F3481CCA66A801] - 14/07/2012 - 03:04:58 ---A- . (...) -- C:\Windows\System32\shortcut_ex.dat [17]

O44 - LFC:[MD5.7109A9AA551F37CD168C02368465957E] - 03/07/2012 - 13:21:54 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\System32\Drivers\aswTdi.sys [54232]

O44 - LFC:[MD5.1C1F3D6DDDC046C920C493A779649F66] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\System32\Drivers\aswFsBlk.sys [21256]

O44 - LFC:[MD5.A48D8015AF2A0D8B4937613FFBFD28DE] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [57656]

O44 - LFC:[MD5.73DBCF808E00580F2A47F93DD9B03876] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswSnx.sys [721000]

O44 - LFC:[MD5.4A951BEBA9E49410CDE478B6F6ABB252] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [44784]

O44 - LFC:[MD5.6CBD7D3A33F498D09C831CDD732DA2E0] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\Drivers\aswSP.sys [353688]

O44 - LFC:[MD5.7946D9F881715414B9F5D80D16752664] - 03/07/2012 - 13:21:32 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [41224]

O44 - LFC:[MD5.011A849235BACE60852566530B52AF91] - 03/07/2012 - 13:21:28 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe [227648]

~ Scan Files in 00mn 17s

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll

~ Scan Keys in 00mn 00s

---\\ Safe Boot Control (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

---\\ MountPoints2 Shell Key (MPKS) (O51)

O51 - MPSK:{0ba90a7e-8687-11e1-826b-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)

O51 - MPSK:{76c1273b-751e-11e1-ab6c-e0ca94459065}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)

O51 - MPSK:{b4ef2c16-444e-11e1-b963-e0ca94459065}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)

O51 - MPSK:{f342be35-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)

O51 - MPSK:{f342be45-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)

~ Scan Keys in 00mn 00s

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\Windows\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Intel® Corporation - No comment.) -- C:\Windows\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Intel® Corporation - No comment.) -- C:\Windows\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\Windows\System32\ir41_32.ax

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

~ Scan Keys in 00mn 00s

---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (None)

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

~ Scan Keys in 00mn 00s

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ Scan Keys in 00mn 00s

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

~ Scan Drivers in 00mn 00s

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

~ Scan Keys in 00mn 00s

---\\ Search Svchost Services (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168960]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168960]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [674304]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473600]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [286208]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [242176]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [521216]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [499712]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [47104]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164352]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [750592]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [750592]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [113664]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102400]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]

~ Scan Services in 00mn 00s

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.6D9E5361414A404F62DC249F2AADC327] [sPRF][31/01/2008] (.Unknown owner - 7-zip32.) -- C:\Users\Soraya\AppData\Local\Temp\7-zip32.dll [506880]

[MD5.4526194087DA1573C107A6F0CD2C285C] [sPRF][16/07/2009] (...) -- C:\Users\Soraya\AppData\Local\Temp\SysConfig.dat [934]

[MD5.879711A3BE601A66E88FE5DFACC9BE66] [sPRF][30/07/2012] (...) -- C:\Users\Soraya\AppData\Local\Temp\Uninst.bat [626]

[MD5.07DA6C9C3547C38BBA12E63F54FD9B00] [sPRF][30/07/2012] (...) -- C:\Users\Soraya\Desktop\adwcleaner.exe [632049]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][30/07/2012] (...) -- C:\Users\Soraya\Desktop\ZHPDiag_silent.exe [794216]

[MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Users\Soraya\Desktop\ZHP_uninstall.exe [344187]

[MD5.80F4A456633F78A26A3C6B16E64EFEC5] [sPRF][28/09/2007] (.Microsoft - Uno Messenger.) -- C:\Windows\Downloaded Program Files\GAME_UNO1.dll [381960]

[MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [sPRF][22/02/2007] (.Microsoft Corporation - Zone.com Stats Client for MSN Messenger.) -- C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll [304544]

[MD5.1E5CFDF9AEBDD84305A4C8154277A269] [sPRF][28/02/2007] (.Microsoft Corporation - Zone.com Checkers for MSN Messenger.) -- C:\Windows\Downloaded Program Files\msgrchkr.dll [131472]

~ Scan Files in 00mn 00s

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "{4359F0C2-76DF-4DC9-AFC8-98AB01159C16}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O87 - FAEL: "{C5F40DA8-45D0-46BA-A823-5658F880498D}" | In - Public - P17 - TRUE | .(.Samsung Electronics CO., LTD. - Samsung UPD Service.) -- C:\Windows\System32\SUPDSvc.exe

O87 - FAEL: "{987AA0E7-33B7-4AF2-AFA6-F5642B395436}" | In - Public - P6 - TRUE | .(.Samsung Electronics CO., LTD. - Samsung UPD Service.) -- C:\Windows\System32\SUPDSvc.exe

O87 - FAEL: "{267C77D1-C978-4E53-8086-6AAA02420625}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe (.not file.)

O87 - FAEL: "{55B8C3D6-F8DB-4D2B-8DB4-7444C6311ED2}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe (.not file.)

O87 - FAEL: "{6C54CB1D-8B7B-49C7-B961-131F2A48F4BE}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe (.not file.)

O87 - FAEL: "{7FA622AD-273A-4D14-84BF-2CE0F9C51CBF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe (.not file.)

O87 - FAEL: "{E4B6DCC3-034D-4C0B-9DC9-81779C126B38}" | In - None - P6 - TRUE | .(.CyberLink Corp. - PowerDirector.) -- C:\Program Files\CyberLink\PowerDirector\PDR8.exe

O87 - FAEL: "{B95FBA52-7E4D-4E3D-8E49-CBA6BAD11086}" | In - None - P6 - TRUE | .(.CyberLink Corp. - Media+Player 10.0.) -- C:\Program Files\CyberLink\Media+Player10\Media+Player10.exe

O87 - FAEL: "TCP Query User{1AC41A68-7C18-4696-8FD7-2C1E67DE217A}C:\program files\ncsoft\lineage ii\system\l2.bin" |In - Public - P6 - TRUE | .(...) -- C:\program files\ncsoft\lineage ii\system\l2.bin (.not file.)

O87 - FAEL: "UDP Query User{D4C73D00-E8BC-4BA8-A834-29E8488A3E2D}C:\program files\ncsoft\lineage ii\system\l2.bin" |In - Public - P17 - TRUE | .(...) -- C:\program files\ncsoft\lineage ii\system\l2.bin (.not file.)

O87 - FAEL: "{DDDFC4CF-7FD3-4F28-AB1E-19F00B10DE4F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\HP\hp software update\hpwucli.exe (.not file.)

O87 - FAEL: "{F88F768A-0EF0-4A9C-B2E3-172D4D7B2265}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{3DBEFCC1-F154-4B2D-96C3-CF685AE868B8}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{44BF6846-2C99-403E-BCA7-8C208D00EE6A}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{A488EB14-A432-4320-8E53-FB3EBE5CDCAE}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{80AB83D1-337B-4478-890B-6A54F01E663B}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

O87 - FAEL: "{BF448C02-CC11-41EF-A5C0-E49817BEF6D9}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{B0A6C149-65CE-4691-954A-3E6DFDE5F235}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{96191D35-6820-40BF-8D55-0E2FD4A5DCF3}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{BA58D1B5-6D38-4992-BE17-FE10016CC93D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{B22A0344-DC2D-4ECC-B26B-80D5EB6884A9}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{CCE143DB-5A6A-4148-ADF4-31649EDCDDDF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{32F0DA55-7A04-43C1-B9C9-D8A19094223E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{6772E526-AFBC-4003-BD30-51E3BFB0CBA8}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{FC0BDC60-BADE-4C3F-BFDA-53EE743603E6}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{754AC230-D596-44B4-8792-BF847CDE9A3F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

~ Scan Firewall in 00mn 02s

---\\ Router Hijack DNS (O89) (None)

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 26/07/2012 250056 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 10/08/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 03/07/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 25/03/2011 660768 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Demand 29/07/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SS - | Demand 28/03/2011 4323256 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des

SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 244904 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

SS - | Demand 09/08/2010 131888 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe

SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Scan Services in 00mn 04s

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Run by Soraya at 30/07/2012 13:52:03

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys ndis.sys bcmwl6.sys dxgmms1.sys watchdog.sys dxgkrnl.sys atikmpag.sys atikmdag.sys

C:\Windows\system32\drivers\amd_xata.sys Advanced Micro Devices Stor Filter Driver

C:\Windows\system32\drivers\amd_sata.sys Advanced Micro Devices AHCI 1.2 Device Driver

C:\Windows\system32\DRIVERS\bcmwl6.sys Broadcom Corporation Broadcom 802.11 Network Adapter wireless driver

C:\Windows\system32\DRIVERS\atikmpag.sys Advanced Micro Devices, Inc. AMD driver

C:\Windows\system32\DRIVERS\atikmdag.sys ATI Technologies Inc. ATI Radeon Family

1 ntkrnlpa!IofCallDriver[0x8305555A] -> \Device\Harddisk0\DR0[0x862B9030]

3 CLASSPNP[0x8899459E] -> ntkrnlpa!IofCallDriver[0x8305555A] -> [0x861F4020]

5 amd_xata[0x83D5D9D6] -> ntkrnlpa!IofCallDriver[0x8305555A] -> \Device\0000006d[0x85C08260]

kernel: MBR read successfully

user & kernel MBR OK

~ Scan MBR in 00mn 02s

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Soraya at 30/07/2012 13:52:06

******* Dump file Name *******

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

End of the scan (1039 lines in 01mn 49s)(0)

Posso deletar os programas?

Obrigado pela ajuda!

Abraço!

Boa Tarde! Soraya Lourenço

|- Se não lhe for importante,pode desinstalar!

|- C:\Program Files\uTorrent

-/-

|- Baixe: < createsrp > ( ... by Ramesh Srinivasan )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/createsrp_DFH.jpg&key=8e18659a2777b97aa3bb043269e65ae4b52043e0fdb8abba0e85f84237f053d1" alt="createsrp_DFH.jpg" /> ( Clique Here )

|- Salve-o no desktop!

|- Execute o createsrp.vbs < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/createsrp_vbs.jpg&key=486c29f16d2df97bf4d0b44baa27a02a366e77eab0f6719e4817755d73377eda" alt="createsrp_vbs.jpg" /> >

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/createsrp_novocomp.jpg&key=8b0f0d7b2e3427aba524fdef178ee40af486b85e719bbce5964cfa1410582eec" alt="createsrp_novocomp.jpg" />

|- Clique OK,na caixa de mensagem.

|- Ps: Este ponto de restauração terá a seguinte descrição: "Novo Computador"

-/-

|- Baixe: < ZHPFix.zip >

|- Descompacte-o para o desktop.

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_logo.jpg&key=36deb1b56d9a268ad62852103ef8ad3d00908949d89c903217f56b8157856234" alt="ZHPFix_logo.jpg" /> >> /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/Administrador_Exec.jpg&key=6383735763baddc27c0800e42b63f7bbbf0cb0264f60771d83de22295ca319e5" alt="Administrador_Exec.jpg" />

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

>
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll (.not file.)

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} . (...) (No version) -- (.not file.)

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} . (...) -- mscoree.dll (.not file.)

[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) => Infection Diverse (Trojan.Keygen)

[MD5.00000000000000000000000000000000] [APT] [AutoKMSDaily] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) => Infection Diverse (Trojan.Keygen)

[MD5.00000000000000000000000000000000] [APT] [EasyPartitionManager] (...) -- C:\Windows\MSetup\BA46-12225A02\EPM.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{53EEF08F-89DC-4315-A7F0-AB77D49C080B}] (...) -- D:\DL\Aquivos\Nero 9.0.9.4d.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{7043BCA5-7860-46C9-9E1C-CD1CEBB3A720}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{EE204AB3-7858-4613-B445-EEEB6BBB5A8B}] (...) -- C:\Program Files\VIVO INTERNET\uninst.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{F4170393-8CE2-4639-848D-C4EF364526B7}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job => Infection Diverse (Trojan.Keygen)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMSDaily.job => Infection Diverse (Trojan.Keygen)

O43 - CFD: 28/07/2012 - 20:33:35 - [0] ----D C:\Users\Soraya\AppData\Local\{ADF4E7A1-EBFA-4413-8846-7A0AB03EFADA}

O43 - CFD: 29/07/2012 - 23:52:40 - [0] ----D C:\Users\Soraya\AppData\Local\{EBA544A8-F8EA-4DC3-AE9D-6EA5E15AF2FB}

O44 - LFC:[MD5.46F04D43FBF20BC3E2FB6F3A1FC4C6DE] - 26/07/2012 - 23:08:49 ---A- . (...) -- C:\user.js [1997]

O51 - MPSK:{76c1273b-751e-11e1-ab6c-e0ca94459065}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)

O51 - MPSK:{0ba90a7e-8687-11e1-826b-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{b4ef2c16-444e-11e1-b963-e0ca94459065}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{f342be35-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{f342be45-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O87 - FAEL: "{F88F768A-0EF0-4A9C-B2E3-172D4D7B2265}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{3DBEFCC1-F154-4B2D-96C3-CF685AE868B8}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{BF448C02-CC11-41EF-A5C0-E49817BEF6D9}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{B0A6C149-65CE-4691-954A-3E6DFDE5F235}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{96191D35-6820-40BF-8D55-0E2FD4A5DCF3}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{BA58D1B5-6D38-4992-BE17-FE10016CC93D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{B22A0344-DC2D-4ECC-B26B-80D5EB6884A9}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{CCE143DB-5A6A-4148-ADF4-31649EDCDDDF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{32F0DA55-7A04-43C1-B9C9-D8A19094223E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{6772E526-AFBC-4003-BD30-51E3BFB0CBA8}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{FC0BDC60-BADE-4C3F-BFDA-53EE743603E6}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{754AC230-D596-44B4-8792-BF847CDE9A3F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

C:\user.js

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abraços!

Segue o relatorio:

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-30-07-2012-15-51-08.txt

Run by Soraya at 30/07/2012 15:51:08

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

========== Registry Key ==========

DELETED Key*: Mozilla Plugin: vitzo.com/VDownloader

DELETED Key*: CLSID BHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1}

DELETED CLSID MPSK: {76c1273b-751e-11e1-ab6c-e0ca94459065}

DELETED CLSID MPSK: {0ba90a7e-8687-11e1-826b-e0ca94459065}

DELETED CLSID MPSK: {b4ef2c16-444e-11e1-b963-e0ca94459065}

DELETED CLSID MPSK: {f342be35-4798-11e1-8c21-e0ca94459065}

DELETED CLSID MPSK: {f342be45-4798-11e1-8c21-e0ca94459065}

DELETED Key*: HKLM\Software\360Safe

========== Registry Value ==========

DELETED URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03}

DELETED {F88F768A-0EF0-4A9C-B2E3-172D4D7B2265}

DELETED {3DBEFCC1-F154-4B2D-96C3-CF685AE868B8}

DELETED {BF448C02-CC11-41EF-A5C0-E49817BEF6D9}

DELETED {B0A6C149-65CE-4691-954A-3E6DFDE5F235}

DELETED {96191D35-6820-40BF-8D55-0E2FD4A5DCF3}

DELETED {BA58D1B5-6D38-4992-BE17-FE10016CC93D}

DELETED {B22A0344-DC2D-4ECC-B26B-80D5EB6884A9}

DELETED {CCE143DB-5A6A-4148-ADF4-31649EDCDDDF}

DELETED {32F0DA55-7A04-43C1-B9C9-D8A19094223E}

DELETED {6772E526-AFBC-4003-BD30-51E3BFB0CBA8}

DELETED {FC0BDC60-BADE-4C3F-BFDA-53EE743603E6}

DELETED {754AC230-D596-44B4-8792-BF847CDE9A3F}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (Public) : {267C77D1-C978-4E53-8086-6AAA02420625}

DELETED FirewallRaz (Public) : {55B8C3D6-F8DB-4D2B-8DB4-7444C6311ED2}

DELETED FirewallRaz (Public) : {6C54CB1D-8B7B-49C7-B961-131F2A48F4BE}

DELETED FirewallRaz (Public) : {7FA622AD-273A-4D14-84BF-2CE0F9C51CBF}

DELETED FirewallRaz (Public) : TCP Query User{1AC41A68-7C18-4696-8FD7-2C1E67DE217A}C:\program files\ncsoft\lineage ii\system\l2.bin

DELETED FirewallRaz (Public) : UDP Query User{D4C73D00-E8BC-4BA8-A834-29E8488A3E2D}C:\program files\ncsoft\lineage ii\system\l2.bin

DELETED FirewallRaz (None) : {D77644A3-9724-42D4-AB2B-4A662EDA725E}

DELETED FirewallRaz (None) : {A9422443-991C-4470-B8D2-92027A58C27A}

DELETED FirewallRaz (None) : {77350FC7-A6F3-4049-9859-9AD8E97A2429}

DELETED FirewallRaz (None) : {5EF5B424-C2DE-4246-9EA9-6F3CB2E01728}

DELETED FirewallRaz (None) : {DDDFC4CF-7FD3-4F28-AB1E-19F00B10DE4F}

========== Registry Data Items ==========

REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page

REMOVED StartMenuInternet: C:\Program Files\Opera Next\Opera.exe

========== Repertory ==========

DELETED Folder: C:\Users\Soraya\AppData\Local\{ADF4E7A1-EBFA-4413-8846-7A0AB03EFADA}

DELETED Folder: C:\Users\Soraya\AppData\Local\{EBA544A8-F8EA-4DC3-AE9D-6EA5E15AF2FB}

DELETED Window Temporary:

DELETED Flash Cookies:

========== File ==========

NOT FOUND File: c:\program files\vdownloader\addons\npvdownloader.dll

NOT FOUND File: mscoree.dll

NOT FOUND File: c:\windows\tasks\autokms.job

NOT FOUND File: c:\windows\tasks\autokmsdaily.job

DELETED c:\user.js

NOT FOUND Folder/File: c:\user.js

DELETED Window Temporary:

DELETED Flash Cookies:

========== Task ==========

DELETED Task: AutoKMS

DELETED Task: AutoKMSDaily

DELETED Task: EasyPartitionManager

DELETED Task: {53EEF08F-89DC-4315-A7F0-AB77D49C080B}

DELETED Task: {7043BCA5-7860-46C9-9E1C-CD1CEBB3A720}

DELETED Task: {EE204AB3-7858-4613-B445-EEEB6BBB5A8B}

DELETED Task: {F4170393-8CE2-4639-848D-C4EF364526B7}

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

8 : Registry Key

32 : Registry Value

2 : Registry Data Items

4 : Repertory

8 : File

7 : Task

1 : Restoration

End of clean in 01mn 00s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 30/07/2012 15:51:08 [4080]

Além do utorrent devo desinstalar o HiJackThis, adwcleaner, MBRCheck,ZHP diversos (ZHP Fix, ZHPDiag, ...) entre outros?

O que esses programas removem? Sei que eles retiraram toolbars que estou a um tempo tentando me livrar, mas fizeram mais o que? Desculpe é que gosto de saber o "porquê" ou o "pra que" das coisas. Claro que, se isso for possível.

Um abraço!

Boa Tarde! Soraya Lourenço

Além do utorrent devo deletar o HiJackThis, adwcleaner, MBRCheck,ZHP diversos (ZHP Fix, ZHPDiag, ...)?O que esses programas removem? Sei que eles retiraram toolbars que estou a um tempo tentando me livrar, mas fizeram mais o que? Desculpe é que gosto de saber o "porquê" ou o "pra que" das coisas. Claro que isso for possível.

|- Não delete o HijackThis,pois necessito de outro log do mesmo na comprovação de entradas do Cacaoweb.

|- Quanto à explicação do que as ferramentas removem,depende da elaboração do script para instruí-las nesse propósito.

|- Diferindo,apenas,o AdwCleaner que teve execução automática na remoção de Adwares e suas entradas ao registro.

|- Poste,então,relatório atualizado,do HijackThis.

|- Ps: Logo após,farei a remoção de todas as ferramentas que foram empregadas em seu PC.

Abraços!

Segue o log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:24:10, on 30/07/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe

--

End of file - 6690 bytes

Boa Tarde! Soraya Lourenço

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s

|- Abra o HijackThis -> Clique: Do a system scan only

|- Marque as caixinhas das entradas,logo àcima,e clique em "Fix Checked".

|- Ps: Marque,apenas,as que encontrar!

|- Poste,à seguir,HijackThis atualizado! ( Do a system scan and save a logfile )

Abraços!

Ok! Dei FixCheked no que foi pedido.

Abaixo segue o novo log do HiJackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:48:13, on 30/07/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Windows\system32\taskhost.exe

C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe

--

End of file - 7037 bytes

Ah, e obrigado o LapTop já não está tão lento. Melhorou significativamente. Uhu!

E notei que enquando digito o cursor se move sozinho. Estou digitando em uma linha e de repente ele vai pra outra linha sozinho, sem explicação. Pode ser problema de hardware ou algum malware ainda oculto?

Abraço!

Boa Tarde! Soraya Lourenço

Ah, e obrigado o LapTop já não está tão lento. Melhorou significativamente. Uhu!E notei que enquando digito o cursor se move sozinho. Estou digitando em uma linha e de repente ele vai pra outra linha sozinho, sem explicação. Pode ser problema de hardware ou algum malware ainda oculto?

|- Faça um simples teste,onde pequenas vibrações elétricas ou mecânicas,no suporte do mouse,podem produzir esses sintomas.

|- Segure firmemente o mouse e verifique se ocorre esses deslocamentos do cursor.

|- Ps: Caso não ocorra,substitua a "base deslizante" ou acessório que utiliza.

-/-

|- O log do HijackThis está limpo!

|- Desinstale as ferramentas empregadas,com o DelFix.

-/-

|- Baixe: |DelFix| ( ... de Xplode )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />

|- Estando na página,clique na seta verde para o download. ( Seta verde! )

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_Suppression.jpg&key=504213ed0fd7c7ffdd71bbc9a8ecfed75d167e84deb27fd5dfec08c0104c80c3" alt="DelFix_Suppression.jpg" />

|- Clique em "Suppression".

|- Poste o relatório! ( C:\DelFixSuppr.txt )

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

Abraços!

Segue o relatorio:

DelFix v8.9 - Rapport créé le 30/07/2012 à 21:24:28

Mis à jour le 27/07/12 par Xplode

Système d'exploitation : Windows 7 Starter Service Pack 1 (32 bits)

Nom d'utilisateur : Soraya - LOURENÇO-PC (Administrateur)

Exécuté depuis : C:\Users\Soraya\Desktop\delfix.exe

Option [suppression]

~~~~~~ Dossiers(s) ~~~~~~

Supprimé : C:\ZHP

Supprimé : C:\Program Files\ZHPDiag

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\AdwCleaner[s1].txt

Supprimé : C:\PhysicalDisk0_MBR.bin

Supprimé : C:\Users\Soraya\Desktop\adwcleaner.exe

Supprimé : C:\Users\Soraya\Desktop\MBRCheck.lnk

Supprimé : C:\Users\Soraya\Desktop\ZHPDiag.lnk

Supprimé : C:\Users\Soraya\Desktop\ZHPDiag.txt

Supprimé : C:\Users\Soraya\Desktop\ZHPDiag_silent.exe

Supprimé : C:\Users\Soraya\Desktop\ZHPFix.lnk

Supprimé : C:\Users\Soraya\Desktop\ZHPFix.zip

Supprimé : C:\Users\Soraya\Desktop\ZHPFixReport.txt

Supprimé : C:\Users\Soraya\Desktop\ZHP_uninstall.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKLM\SOFTWARE\AdwCleaner

Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis

~~~~~~ Autres ~~~~~~

-> Prefetch Vidé

*************************

DelFix[s1].txt - [1143 octets] - [30/07/2012 21:24:28]

########## EOF - C:\DelFix[s1].txt - [1267 octets] ##########

Um abraço!

Boa Noite! Soraya Lourenço

E notei que enquando digito o cursor se move sozinho. Estou digitando em uma linha e de repente ele vai pra outra linha sozinho, sem explicação. Pode ser problema de hardware ou algum malware ainda oculto?

|- Outra possibilidade,seria problemas com o Avast,especificamente,o Sf.bin.

|- Desabilite o Avast,momentaneamente,e verifique se desaparece esse sintoma com o cursor.

|- < Sf.bin usando muito processador >

|- Maiores informações!

##########

|- Tudo Ok?

Abraços!

Boa tarde!

Dig Ram, o Avast não esta funcionando normalmente.

Ele sequer inicializa junto com o laptop.

Toda vez que inicializo o laptop tenho que inicializa-lo.

E sua configuração esta para que ele inicialize junto com o sistema operacional.

Por isso que acho que deve ser um malware oculto ou algum tipo de rootkit.

E não uso mouse. Simplesmente o cursor intermitente sai da linha onde estou digitando sozinho, sem ter algum mouse que se mova ou o retire da posição em questão.

Abraço!

>
Boa tarde!

Dig Ram, o Avast não esta funcionando normalmente.

Ele sequer inicializa junto com o laptop.

Toda vez que inicializo o laptop tenho que inicializa-lo.

E sua configuração esta para que ele inicialize junto com o sistema operacional.

Por isso que acho que deve ser um malware oculto ou algum tipo de rootkit.

E não uso mouse. Simplesmente o cursor intermitente sai da linha onde estou digitando sozinho, sem ter algum mouse que se mova ou o retire da posição em questão.

Abraço!

Boa Tarde! Soraya Lourenço

|- Desinstale o Avast e instale-o novamente,ou mude de antivírus.

Abs!

Boa tarde, DigRam!

Bom não consigo desistalar o Avast. Pois os programas instalados no laptop sumiram do painel de controle. Entro em painel de controle -> desinstalar programas e não aparece relacionados os programas que tenho instalados no micro.

Vou tentar reinstala-lo manualmente e depois desinstala-lo.

Vou ver se dá certo.

No aguardo!

Boa noite,DigRam!

Consegui desinstalar o avast.

Instalei o avg.

Veja o resultado do scan.

Verificação "Verificar todo o computador" foi concluída.

Infecções;"2";"2";"0"

Spyware;"1";"1";"0"

Rootkits;"1";"0";"1"

Pastas selecionadas:;"Verificar todo o computador"

Verificação iniciada: ;"Wednesday, 1 de August de 2012, 11:22:27 PM"

Teste concluído:;"Thursday, 2 de August de 2012, 12:09:13 AM (46 minuto(s) 45 segundo(s))"

Total de objetos verificados:;"1021260"

Usuário que iniciou o teste:;"Soraya"

Infecções

;"Arquivo";"Infecção";"Resultado"

;"D:\DL\Aquivos\Winrar\SFX-Tools\RecoverEXE10.exe";"Vírus encontrado Win32/Heur";"Movido para a Quarentena de Vírus"

;"D:\DL\Aquivos\Winrar\SFX-Tools\RecoverEXE10.exe:\RecoverEXE.exe";"Vírus encontrado Win32/Heur";"Movido para a Quarentena de Vírus"

Spyware

;"Arquivo";"Infecção";"Resultado"

;"C:\Windows\KMSEmulator.exe";"Programa potencialmente nocivo Crack.CO";"Movido para a Quarentena de Vírus"

Rootkits

;"Arquivo";"Infecção";"Resultado"

;"C:\Windows\system32\drivers\360HookOem.sys";"Hook de entrada ntkrnlpa.exe ZwYieldExecution+0xB20 -> 360HookOem.sys +0x9284";"O objeto está oculto"

Boa noite!

Bom Dia! Soraya Lourenço

>
/applications/core/interface/imageproxy/imageproxy.php?img=http://forum.imasters.com.br/public/style_images/imasters-2011/snapback.png&key=6c4595d94bb1086600237aa9845db775ed272665f16a239c5c53fcdbbbb6a3c3" alt="snapback.png" /> Soraya Lourenço, em 02 de agosto 2012 - 01:34 , disse:Consegui desinstalar o avast.

Instalei o avg.

Veja o resultado do scan.

|- E com essas detecções,pelo AVG,seus problemas foram solucionados?

Abraços!

Boa tarde!

O AVG não conseguiu acessar o rootkit. Não conseguiu deleta-lo. Avisa que o arquivo está oculto.

O cursor continua com problemas e o Painel de controle continua sem mostrar os programas que estão instalados.

Devo excluir os arquivos que estão na quarentena?

Como faço pra excluir esse rootkit?

Um abraço e OBrigado pela ajuda!

>
Boa tarde!

O AVG não conseguiu acessar o rootkit. Não conseguiu deleta-lo. Avisa que o arquivo está oculto.

O cursor continua com problemas e o Painel de controle continua sem mostrar os programas que estão instalados.

Devo excluir os arquivos que estão na quarentena?

Como faço pra excluir esse rootkit?

Um abraço e OBrigado pela ajuda!

Boa Tarde! Soraya Lourenço

|- Mantenha-os na quarentena do AVG.

|- Quanto ao 'rootkit',tenho minhas dúvidas se o ficheiro é mesmo um rootkit. ( FP )

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador.

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img375.imageshack.us/img375/6271/etapas.jpg&key=886faf50f6e4a02cfc852e77d70bb52b257bfe1b6dfadc5fb94284cceb208d2e" alt="etapas.jpg" />

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

|- *"**ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** de analistas de segurança."*

Abraços!

Boa tarde, DigRam!

Desculpe a demora.

Segue o relatorio

ComboFix 12-08-07.03 - Soraya 07/08/2012 15:35:16.1.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1788.1194 [GMT -3:00]

Executando de: c:\users\Soraya\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 Disabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 Disabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\DealPly

c:\program files\DealPly\DealPlyTune.dll

c:\users\Soraya\AppData\Local\assembly\tmp

c:\windows\system32\oem25.inf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))

.

.

2012-08-07 18:45 . 2012-08-07 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-04 19:52 . 2012-08-04 19:54 -------- d-----w- c:\users\Soraya\AppData\Roaming\GetRightToGo

2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Soraya\PSafe

2012-08-04 19:37 . 2012-08-04 19:37 -------- d-----w- c:\users\Soraya\AppData\Roaming\VDownloader

2012-08-04 19:36 . 2012-08-04 19:36 -------- d-----w- c:\users\Soraya\AppData\Roaming\OpenCandy

2012-08-04 19:36 . 2012-08-04 19:52 -------- d-----w- c:\users\Soraya\AppData\Local\VDownloader

2012-08-04 19:36 . 2010-01-26 14:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2012-08-04 19:36 . 2012-08-04 19:37 -------- d-----w- c:\program files\VDownloader

2012-08-04 19:29 . 2012-08-04 19:29 317 ----a-w- C:\user.js

2012-08-04 19:29 . 2012-07-29 04:00 829920 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll

2012-08-04 19:28 . 2012-08-04 19:28 -------- d-----w- c:\programdata\Babylon

2012-08-04 19:28 . 2012-08-04 19:28 -------- d-----w- c:\users\Soraya\AppData\Roaming\Babylon

2012-08-02 02:13 . 2012-08-02 02:13 -------- d-----w- c:\users\Soraya\AppData\Roaming\AVG2012

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\users\Soraya\AppData\Local\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\programdata\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\program files\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-08-02 02:10 . 2012-08-02 02:10 -------- d-----w- C:\$AVG

2012-08-02 02:10 . 2012-08-07 12:19 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-02 02:10 . 2012-08-02 02:27 -------- d-----w- c:\programdata\AVG2012

2012-08-02 02:09 . 2012-08-02 02:09 -------- d-----w- c:\program files\AVG

2012-08-02 02:02 . 2012-08-07 12:19 -------- d-----w- c:\programdata\MFAData

2012-07-31 15:47 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AED15800-E9DD-4C01-8144-8C8E62033EFB}\mpengine.dll

2012-07-28 16:16 . 2012-07-28 16:17 -------- d-----w- c:\users\Soraya\AppData\Roaming\TP

2012-07-28 16:09 . 2012-07-28 16:09 -------- d-----w- c:\program files\Oi

2012-07-27 16:58 . 2012-07-27 16:58 -------- d-----w- c:\users\Soraya\AppData\Local\SoftGrid Client

2012-07-27 16:57 . 2012-08-05 02:05 -------- d-----w- c:\users\Soraya\AppData\Roaming\SoftGrid Client

2012-07-27 13:56 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-07-27 13:50 . 2012-07-27 13:50 -------- d-----w- c:\windows\Panther

2012-07-27 13:16 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-27 13:16 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-27 13:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-07-27 13:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-27 13:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-27 13:02 . 2012-07-27 13:02 -------- d-----w- c:\program files\MSXML 4.0

2012-07-27 12:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-27 12:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-27 12:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-27 12:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-27 12:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-07-27 12:52 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-27 12:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-07-27 12:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-07-27 12:52 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-07-27 12:50 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-07-27 12:50 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-07-27 12:50 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-07-27 12:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-07-27 01:28 . 2012-07-27 01:28 -------- d-----w- c:\users\Soraya\AppData\Local\Apps

2012-07-27 01:26 . 2012-07-27 01:26 -------- d-----w- c:\users\Soraya\AppData\Local\ATI

2012-07-26 03:51 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-26 03:51 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-26 03:51 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-26 03:51 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-26 03:51 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-26 03:51 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-26 03:51 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-26 03:50 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-26 03:50 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-24 18:48 . 2012-07-28 16:15 -------- d-----w- c:\programdata\Lightcomm

2012-07-23 15:35 . 2012-07-23 15:35 -------- d-----w- c:\programdata\Oi

2012-07-18 06:40 . 2012-07-18 06:40 0 ----a-w- c:\windows\system32\sho420D.tmp

2012-07-18 05:53 . 2012-07-18 05:54 -------- d-----w- c:\programdata\TuneUp Software

2012-07-18 05:53 . 2012-07-18 05:53 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-07-18 05:53 . 2012-07-18 05:53 -------- d--h--w- c:\programdata\Common Files

2012-07-18 05:50 . 2012-06-01 00:21 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2012-07-18 05:50 . 2012-06-01 00:21 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2012-07-18 05:49 . 2012-06-01 00:21 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2012-07-17 02:37 . 2012-07-18 06:07 -------- d-----w- c:\users\Soraya\AppData\Local\Unity

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 18:53 . 2012-05-02 20:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-04 18:53 . 2012-01-28 12:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 15:25 . 2012-01-30 16:18 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-29 04:00 . 2012-06-19 22:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-02 02:12 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-02 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OiVelox"="c:\program files\Oi\Programmer\OiVeloxCheck.exe" [2011-07-20 614400]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-02 1147488]

"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2012-07-17 881664]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

• c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 12:46]

.

2012-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000Core.job

- c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 22:34]

.

2012-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000UA.job

- c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 22:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.babylon.com/?affID=113480&tt=010812_hpdel_3112_6&babsrc=HP_ss&mntrId=d47eecd5000000000000e0ca9478f907

mStart Page = hxxp://www.google.com

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.254.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

FF - ProfilePath - c:\users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B2f010106-f734-4489-80e7-48293eda4da7%7D&mid=0da03d91c6a747d0ab243183d2a17996-308ca89a0655160c05dcfa20e2aa9263276bc729&ds=AVG&v=12.1.0.21〈=pt-br&pr=fr&d=2012-08-01%2023%3A12%3A08&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23900293429171670743002012080417283720');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '0');

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_hpdel_3112_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - d47eecd5000000000000e0ca9478f907

FF - user.js: extensions.BabylonToolbar.instlDay - 15556

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.116:29

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

• - - - ORFÃOS REMOVIDOS - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-08-07 15:48:40

ComboFix-quarantined-files.txt 2012-08-07 18:48

.

Pré-execução: 157.222.744.064 bytes disponíveis

Pós execução: 157.279.571.968 bytes disponíveis

.

• - End Of File - - AA6C46D0E2D0402849C4E0C9E7D34275

Abraços!

Boa Tarde! Soraya Lourenço

|- Somente uma pergunta! Nessa movimentação espontânea do cursor,você está com o Firefox aberto?

-/-

|- Baixe: < AD-Remover > ( ... de C-XX )

|- Ou... < Aqui! > <- Link!

|- Salve-o em C:\ ( Disco local )

|- Duplo clique em AD-R.exe

|- Para Windows Vista ou 7,dê clique direito no arquivo e execute-o como administrador!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/AD-Remover_Clean.jpg&key=abfe621eb8868ac7d78ccebf62882d75d6029448b252b85a53ae405544b2b55f" alt="AD-Remover_Clean.jpg" />

|- Aperte a opção "Clean".

|- Ao concluir,aceite/confirme o reboot,para que Adwares sejam removidos.

|- Ou seja,o computador irá reiniciar!

|- Poste o relatório: C:\Ad-Report-CLEAN[1].txt

-/-

|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.

|- Salve-o,no desktop,com o nome: CFScript <-- Texto!

#########

RegLock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Firefox::

FF - prefs.js: network.proxy.type - 0

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23900293429171670743002012080417283720');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '0');

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_hpdel_3112_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - d47eecd5000000000000e0ca9478f907

FF - user.js: extensions.BabylonToolbar.instlDay - 15556

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.116:29

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

File::

C:\user.js

Folder::

c:\programdata\Babylon

c:\users\Soraya\AppData\Roaming\Babylon

#########

|- Ps: Desabilite,temporariamente,seu antivírus.

|- Ps: Não utilizem este script em outra máquina!

|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.

|- Veja a demonstração!

/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />

|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )

|- Concluindo,poste: C:\ComboFix.txt

Abraços!

Boa tarde, DigRam!

O movimento do mouse acontece com qualquer programa que estiver aberto.

Vou fazer os procedimentos e depois vou posta-los.

Um abraço!

Não estou conseguindo salvar o AD_Remover no drive c:. O que faço?

Agora o AVG travou o escaneamento do AD-Remover. Vou ter que refazer o ascaneamento.

Segue o primeiro scan:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 15:31:11 on 09/08/2012, Normal boot

Microsoft Windows 7 Starter Service Pack 1 (X86)

Soraya@LOURENÇO-PC (SAMSUNG ELECTRONICS CO., LTD. RV415/RV515)

============== ACTION(S) ==============

Folder deleted: C:\Users\Soraya\AppData\Roaming\OpenCandy

(!) -- Temporary files deleted.

Key deleted: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [14.0.1 (pt-BR)] **

HKLM_MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin (x)

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)

HKLM_MozillaPlugins\Adobe Reader (x)

HKCU_MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin (x)

Searchplugins\avg-secure-search.xml ( hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0da03d91c6a747d0ab243183d2a17996-308ca89a0655160c05dcfa20e2aa9263276bc729&ds=AVG&lang=pt-br&v=12.1.0.21&pr=fr&d=&sap=dsp&q={searchTerms}/)

Searchplugins\babylon.xml (hxxp://search.babylon.com/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\twitter.xml (hxxps://twitter.com/search/{searchTerms})

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

HKLM_Extensions|support@vdownloader.com - C:\Program Files\VDownloader\Addons\FireFox (x)

HKLM_Extensions|{F53C93F1-07D5-430c-86D4-C9531B27DFAF} - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\

HKLM_Extensions|avg@toolbar - C:\ProgramData\AVG Secure Search\12.1.0.21\

HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

-- C:\Users\Soraya\AppData\Roaming\Mozilla\FireFox\Profiles\d9gpgnfs.default --

Extensions\staged (?)

Searchplugins\Search.xml (?)

Prefs.js - browser.download.lastDir, C:\\Users\\Soraya\\Desktop

Prefs.js - browser.search.defaultenginename, AVG Secure Search

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.buildID, 20120713134347

Prefs.js - browser.startup.homepage_override.mstone, 14.0.1

Prefs.js - keyword.URL, hxxps://isearch.avg.com/search?cid=%7B2f010106-f734-4489-80e7-48293eda4da7%7D&mid=0da03d91c6a747d0ab243183d...

========================================

** Internet Explorer Version [9.0.8112.16421] **

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} - "?" (?)

HKCU_SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Secure Search" (hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0d...)

HKLM_Toolbar|{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

HKCU_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\symerr.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{4E4F55C7-1B5E-448d-97DD-78B719829E0D} - C:\windows\system32\spool\drivers\w32x86\3\spd__sm.exe (Samsung Electronics)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{8DDBEC40-04EE-40E2-9AA5-AFE0025E0339} - C:\Program Files\Samsung AnyWeb Print\W2PServer.exe (?)

HKLM_ElevationPolicy\{C804A76B-FC71-47f6-B8B2-7D83C520864F} - C:\Program Files\Samsung AnyWeb Print\GwHH.exe (?)

HKLM_ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - C:\Program Files\AVG Secure Search\lip.exe (?)

HKLM_ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} - C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.5\ScriptHelper.exe (?)

HKLM_Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E} - "Samsung AnyWeb Print" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll,300)

HKLM_Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll,202)

HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)

BHO\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll)

BHO\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Security Toolbar" (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

BHO\{AA609D72-8482-4076-8991-8CDAE5B93BCB} - "Samsung BHO Class" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 File(s)

C:\Program Files\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 09/08/2012 15:32:01 (6636 Byte(s))

End at: 15:34:25, 09/08/2012

============== E.O.F ==============

>
Boa tarde, DigRam!

O movimento do mouse acontece com qualquer programa que estiver aberto.

Vou fazer os procedimentos e depois vou posta-los.

Um abraço!

Não estou conseguindo salvar o AD_Remover no drive c:. O que faço?

Olá!

|- Pode salvá-lo no desktop!

Abs!

Já fiz isso.

Salvei no DeskTop e depois transferi para o C: .

Segue o Scan feito depois que desativei o AVG:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 15:42:14 on 09/08/2012, Normal boot

Microsoft Windows 7 Starter Service Pack 1 (X86)

Soraya@LOURENÇO-PC (SAMSUNG ELECTRONICS CO., LTD. RV415/RV515)

============== ACTION(S) ==============

(!) -- Temporary files deleted.

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [14.0.1 (pt-BR)] **

HKLM_MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin (x)

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)

HKLM_MozillaPlugins\Adobe Reader (x)

HKCU_MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin (x)

Searchplugins\avg-secure-search.xml ( hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0da03d91c6a747d0ab243183d2a17996-308ca89a0655160c05dcfa20e2aa9263276bc729&ds=AVG&lang=pt-br&v=12.1.0.21&pr=fr&d=&sap=dsp&q={searchTerms}/)

Searchplugins\babylon.xml (hxxp://search.babylon.com/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\twitter.xml (hxxps://twitter.com/search/{searchTerms})

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

HKLM_Extensions|support@vdownloader.com - C:\Program Files\VDownloader\Addons\FireFox (x)

HKLM_Extensions|{F53C93F1-07D5-430c-86D4-C9531B27DFAF} - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\

HKLM_Extensions|avg@toolbar - C:\ProgramData\AVG Secure Search\12.1.0.21\

HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

-- C:\Users\Soraya\AppData\Roaming\Mozilla\FireFox\Profiles\d9gpgnfs.default --

Searchplugins\Search.xml (?)

Prefs.js - browser.download.lastDir, C:\\Users\\Soraya\\Desktop

Prefs.js - browser.search.defaultenginename, AVG Secure Search

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.buildID, 20120713134347

Prefs.js - browser.startup.homepage_override.mstone, 14.0.1

Prefs.js - keyword.URL, hxxps://isearch.avg.com/search?cid=%7B2f010106-f734-4489-80e7-48293eda4da7%7D&mid=0da03d91c6a747d0ab243183d...

========================================

** Internet Explorer Version [9.0.8112.16421] **

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} - "?" (?)

HKCU_SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Secure Search" (hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0d...)

HKLM_Toolbar|{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

HKCU_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\symerr.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{4E4F55C7-1B5E-448d-97DD-78B719829E0D} - C:\windows\system32\spool\drivers\w32x86\3\spd__sm.exe (Samsung Electronics)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{8DDBEC40-04EE-40E2-9AA5-AFE0025E0339} - C:\Program Files\Samsung AnyWeb Print\W2PServer.exe (?)

HKLM_ElevationPolicy\{C804A76B-FC71-47f6-B8B2-7D83C520864F} - C:\Program Files\Samsung AnyWeb Print\GwHH.exe (?)

HKLM_ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - C:\Program Files\AVG Secure Search\lip.exe (?)

HKLM_ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} - C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.5\ScriptHelper.exe (?)

HKLM_Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E} - "Samsung AnyWeb Print" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll,300)

HKLM_Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll,202)

HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)

BHO\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll)

BHO\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Security Toolbar" (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

BHO\{AA609D72-8482-4076-8991-8CDAE5B93BCB} - "Samsung BHO Class" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 File(s)

C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 09/08/2012 15:32:01 (6775 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 09/08/2012 15:42:37 (6318 Byte(s))

End at: 15:44:49, 09/08/2012

============== E.O.F ==============

LOG do ComboFix:

ComboFix 12-08-09.01 - Soraya 09/08/2012 15:58:13.2.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1788.1123 [GMT -3:00]

Executando de: c:\users\Soraya\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Soraya\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 Disabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 Disabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Babylon

c:\users\Soraya\AppData\Roaming\Babylon

c:\users\Soraya\AppData\Roaming\Babylon\log_file.txt

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-09 to 2012-08-09 ))))))))))))))))))))))))))))

.

.

2012-08-09 19:15 . 2012-08-09 19:15 -------- d-----w- c:\users\Soraya\AppData\Local\temp

2012-08-09 19:15 . 2012-08-09 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-09 18:31 . 2012-08-09 18:31 -------- d-----w- c:\program files\Ad-Remover

2012-08-04 19:52 . 2012-08-04 19:54 -------- d-----w- c:\users\Soraya\AppData\Roaming\GetRightToGo

2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Soraya\PSafe

2012-08-04 19:36 . 2012-08-07 18:52 -------- d-----w- c:\program files\VDownloader

2012-08-04 19:29 . 2012-08-04 19:29 317 ----a-w- C:\user.js

2012-08-04 19:29 . 2012-07-29 04:00 829920 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll

2012-08-02 02:13 . 2012-08-02 02:13 -------- d-----w- c:\users\Soraya\AppData\Roaming\AVG2012

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\users\Soraya\AppData\Local\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\programdata\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\program files\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-08-02 02:10 . 2012-08-02 02:10 -------- d-----w- C:\$AVG

2012-08-02 02:10 . 2012-08-09 12:53 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-02 02:10 . 2012-08-02 02:27 -------- d-----w- c:\programdata\AVG2012

2012-08-02 02:09 . 2012-08-02 02:09 -------- d-----w- c:\program files\AVG

2012-08-02 02:02 . 2012-08-09 12:53 -------- d-----w- c:\programdata\MFAData

2012-07-31 15:47 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AED15800-E9DD-4C01-8144-8C8E62033EFB}\mpengine.dll

2012-07-28 16:16 . 2012-07-28 16:17 -------- d-----w- c:\users\Soraya\AppData\Roaming\TP

2012-07-28 16:09 . 2012-07-28 16:09 -------- d-----w- c:\program files\Oi

2012-07-27 16:58 . 2012-07-27 16:58 -------- d-----w- c:\users\Soraya\AppData\Local\SoftGrid Client

2012-07-27 16:57 . 2012-08-09 18:34 -------- d-----w- c:\users\Soraya\AppData\Roaming\SoftGrid Client

2012-07-27 13:56 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-07-27 13:50 . 2012-07-27 13:50 -------- d-----w- c:\windows\Panther

2012-07-27 13:16 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-27 13:16 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-27 13:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-07-27 13:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-27 13:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-27 13:02 . 2012-07-27 13:02 -------- d-----w- c:\program files\MSXML 4.0

2012-07-27 12:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-27 12:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-27 12:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-27 12:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-27 12:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-07-27 12:52 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-27 12:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-07-27 12:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-07-27 12:52 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-07-27 12:50 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-07-27 12:50 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-07-27 12:50 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-07-27 12:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-07-27 01:28 . 2012-07-27 01:28 -------- d-----w- c:\users\Soraya\AppData\Local\Apps

2012-07-27 01:26 . 2012-07-27 01:26 -------- d-----w- c:\users\Soraya\AppData\Local\ATI

2012-07-26 03:51 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-26 03:51 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-26 03:51 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-26 03:51 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-26 03:51 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-26 03:51 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-26 03:51 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-26 03:50 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-26 03:50 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-24 18:48 . 2012-07-28 16:15 -------- d-----w- c:\programdata\Lightcomm

2012-07-23 15:35 . 2012-07-23 15:35 -------- d-----w- c:\programdata\Oi

2012-07-18 06:40 . 2012-07-18 06:40 0 ----a-w- c:\windows\system32\sho420D.tmp

2012-07-18 05:53 . 2012-07-18 05:54 -------- d-----w- c:\programdata\TuneUp Software

2012-07-18 05:53 . 2012-07-18 05:53 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-07-18 05:53 . 2012-07-18 05:53 -------- d--h--w- c:\programdata\Common Files

2012-07-18 05:50 . 2012-06-01 00:21 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2012-07-18 05:50 . 2012-06-01 00:21 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2012-07-18 05:49 . 2012-06-01 00:21 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2012-07-17 02:37 . 2012-07-18 06:07 -------- d-----w- c:\users\Soraya\AppData\Local\Unity

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 18:53 . 2012-05-02 20:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-04 18:53 . 2012-01-28 12:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 15:25 . 2012-01-30 16:18 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-29 04:00 . 2012-06-19 22:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-02 02:12 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-02 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OiVelox"="c:\program files\Oi\Programmer\OiVeloxCheck.exe" [2011-07-20 614400]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-02 1147488]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job

• c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 12:46]

.

2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000Core.job

- c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 22:34]

.

2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000UA.job

- c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 22:34]

.

.

------- Scan Suplementar -------

.

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.254.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

FF - ProfilePath - c:\users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B2f010106-f734-4489-80e7-48293eda4da7%7D&mid=0da03d91c6a747d0ab243183d2a17996-308ca89a0655160c05dcfa20e2aa9263276bc729&ds=AVG&v=12.1.0.21〈=pt-br&pr=fr&d=2012-08-01%2023%3A12%3A08&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23900293429171670743002012080417283720');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '0');

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_hpdel_3112_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - d47eecd5000000000000e0ca9478f907

FF - user.js: extensions.BabylonToolbar.instlDay - 15556

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.116:29

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Tempo para conclusão: 2012-08-09 16:19:26

ComboFix-quarantined-files.txt 2012-08-09 19:19

ComboFix2.txt 2012-08-07 18:48

.

Pré-execução: 155.406.258.176 bytes disponíveis

Pós execução: 155.853.803.520 bytes disponíveis

.

• - End Of File - - 889BFEE3FA8BF62DD8582B459BF6E950

Abraço!

Boa Tarde! Soraya Lourenço

|- Execute escaneamento online em | Eset |

|- Utilize o navegador "Internet Explorer",para essa tarefa!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1158.photobucket.com/albums/p604/slackwings/th_Nod32.gif&key=c4397e7681bbeefed43d8e7d4a6f8d2c4bec2c6859e58614694a7d384f75ca6b" alt="th_Nod32.gif" />

|- Siga,conforme a imagem,essa verificação ou scan.

|- Ao concluir,marque a caixa "Delete Quarantined files".

|- Clique em "Finish".

|- <1> C:\Arquivos de programas\EsetOnlineScanner\log.txt

|- <2> C:\Arquivos de programas\ESET\EsetOnlineScanner\log.txt

|- Poste o relatório que estará em um destes caminhos.

|- Faça novo scan com ZHPDiag,e poste seu link ao relatório.

Abraços!

Boa noite, DigRam!

Esse é o log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Achei estranho. Só isso? O que aconteceu? Ele encontrou um virus. Mas não entendi.

Log ZHPDiag:

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120817_g6p7h9j5x7

Abraço!