Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Luca Albuquerque

[Resolvido] &nbspPC Reiniciando Sozinho

Recommended Posts

Bom pessoal, meu pc começou a reiniciar do nada sozinho, ou até mesmo desligar, não sei se é virus, se é a fonte ou cabiação, mas por via das duvidas, queria que alqm me ajudase a saber se é virus ou não, poir ai se não for virus eu ja troco a fonte.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom pessoal, meu pc começou a reiniciar do nada sozinho, ou até mesmo desligar, não sei se é virus, se é a fonte ou cabiação, mas por via das duvidas, queria que alqm me ajudase a saber se é virus ou não, poir ai se não for virus eu ja troco a fonte.

 

Olá!

 

|- Pelos sintomas pode ser a fonte!

 

-/-/-

 

|- Poste o log do HijackThis,segundo a REGRA N°02.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logs do HijackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:40:13, on 5/15/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe

C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\Arquivos de programas\IObit\Game Booster 3\gbtray.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE

c:\xampp\apache\bin\httpd.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\srvany.exe

C:\windows\KMService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe

c:\xampp\mysql\bin\mysqld.exe

C:\Arquivos de programas\AVG\AVG2012\avgtray.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\PnkBstrA.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\AVG Secure Search\vprot.exe

C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe

C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\xampp\apache\bin\httpd.exe

C:\windows\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\windows\Explorer.EXE

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={A7510A75-2AD6-4AE4-999D-7E21E77BDA1F}&mid=c6a733a43f8147d1a25fd1482a8d5192-9a17500a96d428a5cdb8b2643968b9a928fc107f〈=pt-br&ds=gm011&pr=sa&d=2012-04-27 20:25:01&v=11.0.0.9&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll

R3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - (no file)

R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll

R3 - URLSearchHook: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BittorrentBar_PT - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll

O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\BitTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O15 - Trusted Zone: http://www.itau.com.br

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=724

O17 - HKLM\System\CCS\Services\Tcpip\..\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150

O17 - HKLM\System\CCS\Services\Tcpip\..\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Arquivos de programas\Hi-Rez Studios\HiPatchService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe

O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

O24 - Desktop Component 0: (no name) - http://t1.gstatic.com/images?q=tbn:ANd9GcSjdVs-VtPjgFT5njpyKsotQIQvh4BKai-LOpgnIgHyGTO4jICwaw

 

--

End of file - 16199 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

|- Pelo que vi no log do HijackThis,seu problema é malwares.

 

-/-/-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Suppression.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-/-/-

 

|- Baixe: | ZHPDiag | *ºº* < NicolasCoolman.jpg > ( ... de Nicolas Coolman )

 

|- Estando na página,clique em: < Tlcharger_ZHPDiag.jpg >

 

|- Salve-o no desktop!

 

ZHPDiag2.jpg

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

ZHPDiag_Installation.jpg

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

ZHPDiag_MBRCheck.jpg

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

ZHPDiag_cones.jpg

 

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )

 

ZHPDiag_Update.jpg

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

ZHPDiag_All.jpg

 

|- Clique em All.

 

|- ZHPDiag_30days.jpg

 

|- Clique em "Calendar" e escolha 30 dias!

 

ZHPDiag_Lupa.jpg

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt.

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Recomendo compactá-lo e anexar em sua resposta!

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < ZHPDiag_Pjjoint-1.jpg >

 

|- Ou acesse: < wikisend.jpg >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

|- Ou acesse: < Cjoint_Logo.jpg > ( Tire-o do zip ao enviar! )

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, Segue o resultado do AdwCleaner e do ZHPDiag.

 

AdwCleaner:

 

 

# AdwCleaner v1.606 - Logfile created 05/15/2012 at 18:58:34

# Updated 10/05/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrador - PRIVE-BEF3B6042

# Running from : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\AskSearch

Folder Deleted : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\BabylonToolbar

Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\cacaoweb

Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\OpenCandy

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint

Folder Deleted : C:\Arquivos de programas\Ask.com

Folder Deleted : C:\Arquivos de programas\BabylonToolbar

Folder Deleted : C:\Arquivos de programas\cacaoweb

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Arquivos de programas\Viewpoint

Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\windows\Tasks\Scheduled Update for Ask Toolbar.job

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849856

Key Deleted : HKCU\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AskToolbar

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\cacaoweb

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\MetaStream

Key Deleted : HKLM\SOFTWARE\Viewpoint

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

*************************

 

AdwCleaner[s1].txt - [9620 octets] - [15/05/2012 18:58:34]

 

########## EOF - C:\AdwCleaner[s1].txt - [9748 octets] ##########

 

ZHPDiag:

 

ZHPDiag.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

|- Feche programas/pastas que estejam abertas.

 

ZHPFix_Logo.jpg

 

|- Dê um duplo clique em ZHPFix.

 

|- Clique no menu,H < PanelHelper.jpg >

 

R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com

R3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (No version) -- (.not file.)

R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll

R3 - URLSearchHook: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll

O2 - BHO: BittorrentBar_PT - {29acf17c-1713-4286-8f40-bfd05f1e70c8} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key

O3 - Toolbar: NCH EN Toolbar - [HKLM]{37483b40-c254-4a72-bda4-22ee90182c1e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll

O3 - Toolbar: BittorrentBar_PT Toolbar - [HKLM]{29acf17c-1713-4286-8f40-bfd05f1e70c8} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll

[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500Core] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500UA] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.)

O41 - Driver: (ttaddork) . (. - .) - C:\windows\system32\drivers\ttaddork.sys (.not file.)

O51 - MPSK:{85577a08-5963-11e1-8282-00038a000015}\AutoRun\command. (...) -- F:\Setup.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (...) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite [Key] . (...) -- C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\ddns_agent [Key] . (...) -- C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Dxtory Update Checker 2.0 [Key] . (...) -- C:\Arquivos de programas\Dxtory Software\Dxtory2.0\UpdateChecker.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Easy-PrintToolBox [Key] . (...) -- C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Free Download Manager [Key] . (...) -- C:\Arquivos de programas\Free Download Manager\fdm.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\GameTracker [Key] . (...) -- C:\Arquivos de programas\GameTracker\GTLite.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\HostManager [Key] . (...) -- C:\Arquivos de programas\Arquivos comuns\AOL\1327433684\ee\AOLSoftware.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\JTF Start [Key] . (...) -- C:\Arquivos de programas\JTF\JTF.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\LanguageShortcut [Key] . (...) -- C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\LiveZilla [Key] . (...) -- C:\Arquivos de programas\LiveZilla\LiveZilla.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\LogMeIn Hamachi Ui [Key] . (...) -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (...) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\qubnfe [Key] . (...) -- C:\Arquivos de programas\qubnfe\qubnfe.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (...) -- C:\Arquivos de programas\RaidCall\raidcall.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\RemoteControl [Key] . (...) -- C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\ROC_roc_dec12 [Key] . (...) -- C:\Arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe

O53 - SMSR:HKLM\...\startupreg\SlimDrivers [Key] . (...) -- C:\Arquivos de programas\SlimDrivers\SlimDrivers.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (...) -- C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Steam [Key] . (...) -- C:\Arquivos de programas\Steam\Steam.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (...) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\sXe Injected [Key] . (...) -- C:\Arquivos de programas\sXe Injected\sXe Injected.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\UVS10 Preload [Key] . (...) -- C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (.not file.)

O69 - SBI: SearchScopes [HKCU] {BE79B0AD-EE4C-4F7E-BA6E-15837550B72E} - (Ask Search) - http://websearch.ask.com

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer]

[HKLM\Software\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}]

[HKLM\Software\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}]

[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv]

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb]

[HKCU\Software\PopCap]

[HKLM\Software\PopCap]

[HKLM\Software\Trymedia Systems]

 

C:\Arquivos de programas\PopCap Games

C:\Documents and Settings\Administrador\Dados de aplicativos\iWin

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AskToolbar

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\OpenCandy

 

hostfix

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.

|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.

|- Clique em GO -> Oui.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapport de ZHPFix 1.2.05 par Nicolas Coolman, Update du 30/04/2012

Fichier d'export Registre :

Run by Administrador at 5/15/terça-feira 20:28:32

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

DELETED Key*: CLSID BHO: {29acf17c-1713-4286-8f40-bfd05f1e70c8}

DELETED Key*: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}

DELETED Driver Key: ttaddork

DELETED CLSID MPSK: {85577a08-5963-11e1-8282-00038a000015}

DELETED Key*: StartupReg: Adobe Reader Speed Launcher

DELETED Key*: StartupReg: cacaoweb

DELETED Key*: StartupReg: DAEMON Tools Lite

DELETED Key*: StartupReg: ddns_agent

DELETED Key*: StartupReg: Dxtory Update Checker 2.0

DELETED Key*: StartupReg: Easy-PrintToolBox

DELETED Key*: StartupReg: Free Download Manager

DELETED Key*: StartupReg: GameTracker

DELETED Key*: StartupReg: HostManager

DELETED Key*: StartupReg: JTF Start

DELETED Key*: StartupReg: LanguageShortcut

DELETED Key*: StartupReg: LiveZilla

DELETED Key*: StartupReg: LogMeIn Hamachi Ui

DELETED Key*: StartupReg: NeroFilterCheck

DELETED Key*: StartupReg: qubnfe

DELETED Key*: StartupReg: RaidCall

DELETED Key*: StartupReg: RemoteControl

DELETED Key*: StartupReg: ROC_roc_dec12

DELETED Key*: StartupReg: Skype

DELETED Key*: StartupReg: SlimDrivers

DELETED Key*: StartupReg: SpybotSD TeaTimer

DELETED Key*: StartupReg: Steam

DELETED Key*: StartupReg: swg

DELETED Key*: StartupReg: sXe Injected

DELETED Key*: StartupReg: uTorrent

DELETED Key*: StartupReg: UVS10 Preload

DELETED Key*: SearchScopes :{BE79B0AD-EE4C-4F7E-BA6E-15837550B72E}

DELETED Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

DELETED Key*: HKLM\Software\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

DELETED Key*: HKLM\Software\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

DELETED Key*: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}

DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

DELETED Key*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv

NOT FOUND Key: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb

DELETED Key*: HKCU\Software\PopCap

DELETED Key*: HKLM\Software\PopCap

DELETED Key*: HKLM\Software\Trymedia Systems

 

========== Registry Value ==========

DELETED URLSearchHook: {12fc3d37-2a42-4fe3-8489-81296878cba5}

DELETED URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e}

DELETED URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8}

DELETED Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e}

DELETED Toolbar: {29acf17c-1713-4286-8f40-bfd05f1e70c8}

NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (SP) : C:\GV250\BcastTcp.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Winco\Cliente DDNS\wizard.exe

DELETED FirewallRaz (SP) : C:\GV250\WebCamServer.exe

DELETED FirewallRaz (SP) : C:\GV250\DMWebCam.exe

DELETED FirewallRaz (SP) : C:\GV250\AudioServer.exe

DELETED FirewallRaz (SP) : C:\GV250\TCPsvr.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

DELETED FirewallRaz (SP) : C:\WINDOWS\system32\rundll32.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\TG510v6 firmware OIVelox 6.2.15.7\upgradeST\upgradeST.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Configurador SpeedTouch 510 v6-6.2.15.7\SetupWizard\stInstall.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Envio_Bios\upgradeST.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Site\sc_trans\sc_trans.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Arquivos\Site\sc_trans\sc_trans.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Cisco Packet Tracer 5.3.1\bin\PacketTracer5.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Pokemon\server Pokemon Flash\Pokemon Flash\Pokemon Flash\TheForgottenServer.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\FSHostClient1.2b2\FSHostClient.exe

DELETED FirewallRaz (SP) : C:\ongame\Pointblank\PointBlank.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\teamspeak3-server_win32\ts3server_win32.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Server TeamSpeak3\ts3server_win32.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\uTorrentPortable\App\utorrent\utorrent.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\uTorrentPortable\uTorrentPortable.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\GameSpy Arcade\Aphex.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\SimBin\RaceRoom The Game 2\RRG.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Sierra\SWAT 4\Content\System\Swat4.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Sierra\SWAT 4\Content\System\Swat4DedicatedServer.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\TeamSpeak3 Server\ts3server_win32.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe

DELETED FirewallRaz (SP) : C:\FreeStyler\FreeStyler512.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\MTA San Andreas\server\MTA Server.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Servidor SAMP\samp-server.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\TLC\samp-server.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\gm by master_pawn\Brasil Gold Revolution RP\samp-server.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\samp03csvr_win32\samp-server.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Server Samp\samp-server.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\samp03csvr_R2-2_win32\samp-server.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Cópia de Server Samp\samp-server.exe

DELETED FirewallRaz (SP) : C:\FreeStyler\EasyView.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\cacaoweb\cacaoweb.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Configurações locais\Temp\Rar$EX21.896\PortScan.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\CesarFTP\Server.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\CesarFTP\CesarFTP.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLDial.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLacsd.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\1327433684\ee\aolsoftware.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\AOL 9.5\waol.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\TopSpeed\3.0\aoltpsd3.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\Loader\aolload.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\System Information\sinf.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Gogrok\Gogrok.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\LanTool\LanTool.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\CounterStrikev47\cstrike.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Valve\hl.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Valve\hlds.exe

DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\cfPT_downloader.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Activision\Modern Warfare 2\iw4mp.dat

DELETED FirewallRaz (SP) : C:\Arquivos de programas\Steam\Steam.exe

DELETED FirewallRaz (SP) : c:\BrickForce\BfLauncher.exe

DELETED FirewallRaz (SP) : c:\BrickForce\BrickForce.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : C:\kos\game_sting_pak\sting.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Registry Data Items ==========

REMOVED R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page

 

========== Repertory ==========

DELETED Folder: c:\arquivos de programas\popcap games

DELETED Folder: c:\documents and settings\administrador\dados de aplicativos\iwin

DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\asktoolbar

DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\babylon

DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\conduit

DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\opencandy

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED File: c:\arquivos de programas\nch_en\prxtbnch_.dll

DELETED File: c:\arquivos de programas\bittorrentbar_pt\prxtbbitt.dll

NOT FOUND File: c:\arquivos de programas\bittorrentbar_pt\prxtbbitt.dll

NOT FOUND File: c:\arquivos de programas\nch_en\prxtbnch_.dll

NOT FOUND File: c:\arquivos de programas\adobe\reader 9.0\reader\reader_sl.exe

NOT FOUND File: c:\arquivos de programas\cacaoweb\cacaoweb.exe

NOT FOUND File: c:\arquivos de programas\daemon tools lite\dtlite.exe

NOT FOUND File: c:\arquivos de programas\winco\cliente ddns\ipcagent.exe

NOT FOUND File: c:\arquivos de programas\dxtory software\dxtory2.0\updatechecker.exe

NOT FOUND File: c:\arquivos de programas\canon\easy-printtoolbox\bjpsmain.exe

NOT FOUND File: c:\arquivos de programas\free download manager\fdm.exe

NOT FOUND File: c:\arquivos de programas\gametracker\gtlite.exe

NOT FOUND File: c:\arquivos de programas\arquivos comuns\aol\1327433684\ee\aolsoftware.exe

NOT FOUND File: c:\arquivos de programas\jtf\jtf.exe

NOT FOUND File: c:\arquivos de programas\cyberlink\powerdvd\language\language.exe

NOT FOUND File: c:\arquivos de programas\livezilla\livezilla.exe

NOT FOUND File: c:\arquivos de programas\logmein hamachi\hamachi-2-ui.exe

NOT FOUND File: c:\arquivos de programas\arquivos comuns\ahead\lib\nerocheck.exe

NOT FOUND File: c:\arquivos de programas\qubnfe\qubnfe.exe

NOT FOUND File: c:\arquivos de programas\raidcall\raidcall.exe

NOT FOUND File: c:\arquivos de programas\cyberlink\powerdvd\pdvdserv.exe

NOT FOUND File: c:\arquivos de programas\avg secure search\roc_roc_dec12.exe

DELETE on Reboot c:\arquivos de programas\skype\phone\skype.exe

NOT FOUND File: c:\arquivos de programas\slimdrivers\slimdrivers.exe

NOT FOUND File: c:\arquivos de programas\spybot - search & destroy\teatimer.exe

NOT FOUND File: c:\arquivos de programas\steam\steam.exe

NOT FOUND File: c:\arquivos de programas\google\googletoolbarnotifier\googletoolbarnotifier.exe

NOT FOUND File: c:\arquivos de programas\sxe injected\sxe injected.exe

NOT FOUND File: c:\arquivos de programas\utorrent\utorrent.exe

NOT FOUND File: c:\arquivos de programas\ulead systems\ulead videostudio se dvd\uvpl.exe

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: Ad-Aware Update (Weekly)

DELETED Task: GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500Core

DELETED Task: GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500UA

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

42 : Registry Key

76 : Registry Value

1 : Registry Data Items

8 : Repertory

32 : File

3 : Task

1 : Restoration

 

 

End of clean in 00mn 31s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 5/15/terça-feira 20:28:32 [12421]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

|- Baixe: < AD-Remover > ( ... de C-XX )

 

|- Ou... < Aqui! > <- Link!

 

|- Salve-o em C:\ ( Disco local )

|- Duplo clique em AD-R.exe

|- Para Windows Vista ou 7,dê clique direito no arquivo e execute-o como administrador!

 

AD-Remover_Clean.jpg

 

|- Aperte a opção "Clean".

|- Ao concluir,aceite/confirme o reboot,para que Adwares sejam removidos.

|- Ou seja,o computador irá reiniciar!

|- Poste o relatório: C:\Ad-Report-CLEAN[1].txt

 

-/-/-/-

 

|- Baixe: < RogueKiller > ( ... par tigzy )

 

|- Salve-o no desktop! RogueKiller_Logo.jpg

|- Feche aplicativos que estejam abertos!

 

RogueKiller_v733.jpg

 

|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.

|- Aguarde a finalização de seu Prescan.

|- Para antigas versões,clique em "Sim" para o update.

 

RogueKiller_Scan2.jpg

 

|- Dê início ao diagnóstico,clicando no botão "Verificar".

|- Exemplo: Mode: Verificar -- Date: mm/dd/2012 00:52:24

|- Poste o relatório: RKreport[1].txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ad-Report-CLEAN[2]:

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 20:45:49 on 15/05/2012, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Administrador@PRIVE-BEF3B6042 ( )

 

============== ACTION(S) ==============

 

 

Folder deleted: C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

 

(!) -- Temporary files deleted.

 

 

Key deleted: HKU\.DEFAULT\Software\Search Settings

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PopCap Games

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Google Chrome Version [18.0.1025.39] ****

 

Google Chrome\Shell\Open\Command - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe www.v9.com/iob/iob_1335575993_332147

Extension\aaaapoldfpilohhfkhihnhdckpackghi (C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\APN\GoogleCRXs\aaaapoldfpilohhfkhihnhdckpackghi_7.14.1.0.crx) (?)

Extension\dkdkpmmkgdbglmfmmmmehbkmnkopingb (C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx) (x)

Extension\jmfkcklnlgedgbglfkkgedjfmejoahla (C:\Arquivos de programas\AVG\AVG2012\Chrome\safesearch.crx) (?)

Extension\kejpcolehiecjkanilhmblkbndaomhpc (C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\ccex.crx) (x)

Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Arquivos de programas\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)

 

-- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Preferences - homepage: hxxp://www.google.com.br/

Preferences - homepage_is_newtabpage: false

Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x)

Plugin - "Remoting Viewer" (Enabled: true)

Plugin - Native Client (Enabled: true) (C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.39\ppGoogleNaClPluginChrome.dll) (x)

Plugin - "Native Client" (Enabled: true)

Plugin - Shockwave Flash (Enabled: false) (C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll) (x)

Plugin - "AVG SiteSafety plugin" (Enabled: true)

Plugin - "Java" (Enabled: true)

Plugin - Pando Web Plugin (Enabled: true) (C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll)

Plugin - "Pando Web Plugin" (Enabled: true)

Plugin - "Nexon Game Controller" (Enabled: true)

Plugin - "Zylom Plugin" (Enabled: true)

Plugin - "Silverlight" (Enabled: true)

Preferences - urls_to_restore_on_startup: hxxp://www.google.com.br/

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

IEXPLORE.EXE\Shell\Open\Command - C:\Arquivos de programas\Internet Explorer\iexplore.exe http://www.v9.com/?utm_source=b&utm_medium=fft

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - "IObit Toolbar" (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)

HKCU_SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Secure Search" (hxxp://isearch.avg.com/search?cid={A7510A75-2AD6-4AE4-999D-7E21E77BDA1F}&mid=c6a...)

HKCU_Toolbar\WebBrowser|{37483B40-C254-4A72-BDA4-22EE90182C1E} (x)

HKCU_Toolbar\WebBrowser|{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} (x)

HKCU_Toolbar\WebBrowser|{29ACF17C-1713-4286-8F40-BFD05F1E70C8} (x)

HKLM_Toolbar|{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)

HKLM_Toolbar|{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll)

HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\14.0.835.187\chrome_launcher.exe (x)

HKLM_ElevationPolicy\{048EFFE4-F1AD-408F-B21F-6DCAE7C4C9BB} - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit\CT2801948\NCH_ENAutoUpdateHelper.exe (x)

HKLM_ElevationPolicy\{0EA6D09D-3FAA-4580-B21C-2407CC359366} - C:\Arquivos de programas\BittorrentBar_PT\BittorrentBar_PTToolbarHelper.exe (?)

HKLM_ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5} - C:\Arquivos de programas\Free Download Manager\fdm.exe (x)

HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\javaws.exe (Oracle Corporation)

HKLM_ElevationPolicy\{7BB786C4-9715-43CD-893C-1C51B797AEE9} - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit\CT2849856\BittorrentBar_PTAutoUpdateHelper.exe (x)

HKLM_ElevationPolicy\{A221932B-DCC2-4987-AD37-12691B568C28} - C:\Arquivos de programas\NCH_EN\NCH_ENToolbarHelper.exe (?)

HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\ssvagent.exe (Oracle Corporation)

HKLM_ElevationPolicy\{E360A390-F564-48e6-B39A-E08C0D198288} - C:\windows\Downloaded Program Files\LMIGuardian.exe (LogMeIn, Inc.)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - "IObit Toolbar" (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)

BHO\{37483b40-c254-4a72-bda4-22ee90182c1e} (?)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Security Toolbar" (C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll)

BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540003} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540008} - "GbIehObj Class" (C:\ARQUIV~1\GbPlugin\gbiehUni.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 249 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

 

C:\Ad-Report-CLEAN[2].txt - 15/05/2012 20:45:59 (4834 Byte(s))

 

End at: 20:46:48, 15/05/2012

 

============== E.O.F ==============

 

 

RKreport[1]:

 

 

RogueKiller V7.4.4 [05/08/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario: Administrador [Privilegios de Admnistrador]

Modo: Verificar -- Data: 05/15/2012 20:56:15

 

¤¤¤ Entradas ruins: 2 ¤¤¤

[sUSP PATH] KMService.exe -- C:\windows\KMService.exe -> KILLED [TermProc]

[sUSP PATH] utt6C.tmp -- C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\utt6C.tmp -> KILLED [TermProc]

 

¤¤¤ Entradas do Registro: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI +++++

--- User ---

[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4

[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[1].txt >>

RKreport[1].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

|- Baixe: < MyHosts > ( ... par Jeanmimigab )

|- Salve-o no desktop!

 

MyHosts.jpg

 

|- Execute o arquivo MyHosts.exe,que está na área de trabalho.

|- Para Windows Vista ou 7,execute-o como administrador.

 

#######ººº#######

 

** Rapport MyHosts.txt **

 

MyHosts V.1.0.0.2 de jeanmimigab

 

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

 

Résultat de l'opération:restauration du fichier hosts réussi...

 

** Fin du rapport **

 

#######ººº#######

 

|- Poste o relatório: C:\MyHosts.txt

 

-/-/-/-

 

 

|- Abra,novamente,a ferramenta RogueKiller.

 

RogueKiller_Registry.jpg

 

|- Clique em "Verificar".

|- Clique em "Registro".

 

¤¤¤ Entradas do Registro: 1 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

 

|- Ps: Ao apresentar entradas assinalada(s) ( FOUND ),clique em "Deletar".

 

RogueKiller_Replaced.jpg

 

|- Exemplo: "Mode: Remove -- Date: mm/dd/2012 00:52:24"

|- Acesse a guia DNS -> Acione DNS_Raz <- Poste este relatório!

|- Poste o relatório ( RKreport[2].txt ),que estará em seu modo "Remove".

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatorio do MyHosts:

 

** Rapport MyHosts.txt **

 

MyHosts V.1.0.0.2 de jeanmimigab

 

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

 

Résultat de l'opération:restauration du fichier hosts réussi...

 

** Fin du rapport **

 

RKreport[2].txt:

 

 

RogueKiller V7.4.4 [05/08/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario: Administrador [Privilegios de Admnistrador]

Modo: Verificar -- Data: 05/15/2012 21:48:32

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI +++++

--- User ---

[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4

[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

|- Clicou em Deletar ao acessar as guias em RogueKiller.

|- Pois o relatório postado,não indica correção.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, fiz como pediu, tem que fazer isso em todas as guias dele?

 

Aqui uns logs que ele gerou a mais:

 

 

RogueKiller V7.4.4 [05/08/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario: Administrador [Privilegios de Admnistrador]

Modo: Remover -- Data: 05/15/2012 21:49:46

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> NOT REMOVED, USE DNSFIX

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI +++++

--- User ---

[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4

[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

 

RogueKiller V7.4.4 [05/08/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario: Administrador [Privilegios de Admnistrador]

Modo: DNSFix -- Data: 05/15/2012 21:50:23

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Driver: [Carregado] ¤¤¤

 

¤¤¤ Entradas do Registro: 2 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> REPLACED ()

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> REPLACED ()

 

Concluido : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

 

 

Colokei 2 logs ai.

 

Refiz todo o processo e o outro log ai:

 

 

RogueKiller V7.4.4 [05/08/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario: Administrador [Privilegios de Admnistrador]

Modo: Verificar -- Data: 05/15/2012 22:11:34

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 2 ¤¤¤

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI +++++

--- User ---

[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4

[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[5].txt >>

RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

Sim, fiz como pediu, tem que fazer isso em todas as guias dele?

|- Já é suficiente nas que executou!

 

-/-/-/-

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

 

|- Salve-o no desktop! < 98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg >

 

|- Duplo clique em OTL.exe --> Executar: c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

 

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )

|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".

|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )

|- Pode dispensar o relatório "Extras".

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ta ai:

 

 

OTL logfile created on: 5/15/terça-feira 22:23:57 - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: BRZ | Date Format: M/d/aaaa

 

3,24 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 73,16% Memory free

5,08 Gb Paging File | 4,19 Gb Available in Paging File | 82,46% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 465,75 Gb Total Space | 269,60 Gb Free Space | 57,89% Space Free | Partition Type: NTFS

 

Computer Name: PRIVE-BEF3B6042 | User Name: Administrador | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/05/15 22:22:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

PRC - [2012/04/27 20:24:56 | 000,932,736 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

PRC - [2012/04/27 20:24:53 | 001,116,544 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe

PRC - [2012/03/19 08:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/02/21 14:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Arquivos de programas\IObit\Game Booster 3\gbtray.exe

PRC - [2012/01/24 16:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgtray.exe

PRC - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2011/11/28 00:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/24 20:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/09/10 06:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe

PRC - [2011/09/10 06:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe

PRC - [2011/09/09 14:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/11 20:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe

PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2008/04/13 14:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/26 08:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/04/27 20:24:58 | 000,130,944 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll

MOD - [2012/04/27 20:24:56 | 000,932,736 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

MOD - [2012/04/27 20:24:53 | 001,116,544 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe

MOD - [2011/12/15 15:16:32 | 000,516,440 | ---- | M] () -- C:\Arquivos de programas\IObit\Game Booster 3\sqlite3.dll

MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll

MOD - [2011/09/09 14:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe

MOD - [2011/09/05 14:05:00 | 000,300,544 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

MOD - [2011/07/18 18:04:08 | 000,296,448 | ---- | M] () -- C:\Arquivos de programas\Notepad++\NppShell_04.dll

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2011/03/02 11:40:52 | 000,140,288 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2008/04/13 14:20:34 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2012/04/27 20:24:56 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)

SRV - [2012/03/19 08:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/20 23:26:32 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Arquivos de programas\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2012/02/04 02:01:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/10/24 20:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/09/10 06:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)

SRV - [2011/09/09 14:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)

SRV - [2011/08/11 20:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/07/07 16:28:00 | 004,132,200 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)

SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/10/26 08:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (KMService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva397.sys -- (XDva397)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\sXe Injected\ddsxei.sys -- (ddsxeiservice)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/05/15 20:54:39 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKslaa1c8a59.sys -- (MpKslaa1c8a59)

DRV - [2012/01/16 02:03:26 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)

DRV - [2012/01/11 14:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/22 13:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/21 20:49:35 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)

DRV - [2011/07/12 18:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/06/07 09:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2011/05/24 20:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)

DRV - [2010/06/07 16:02:28 | 001,579,144 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini)

DRV - [2009/06/05 04:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/03/04 06:58:34 | 005,045,760 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/08/05 09:10:12 | 001,684,736 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2006/09/26 22:21:10 | 000,021,920 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)

DRV - [2006/01/04 04:41:48 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2005/08/18 18:04:10 | 000,052,895 | ---- | M] (GeoVision Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GV250.sys -- (GV250)

DRV - [2005/08/18 18:04:00 | 000,085,678 | R--- | M] (GeoVision Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGV250.sys -- (AGV250)

DRV - [2001/08/17 20:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)

DRV - [2001/08/17 18:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [1999/01/10 13:00:00 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\windows\System32\drivers\dlportio.sys -- (DLPortIO)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolTB50CL-chromesbox-en-us

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minituner.org/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = ${searchCLSID}

IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=pt-br&FORM=IE0000

IE - HKCU\..\SearchScopes\{200D0764-9616-4C51-A812-B39F10D75DFB}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}

IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolTB50CL-chromesbox-en-us

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A7510A75-2AD6-4AE4-999D-7E21E77BDA1F}&mid=c6a733a43f8147d1a25fd1482a8d5192-9a17500a96d428a5cdb8b2643968b9a928fc107f〈=pt-br&ds=gm011&pr=sa&d=2012-04-27 20:25:01&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\ARQUIV~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\ARQUIV~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Arquivos de programas\AVG\AVG2012\Firefox4\ [2012/02/01 12:47:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search\11.0.0.9\ [2012/04/27 20:25:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/18 14:29:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/18 14:29:41 | 000,000,000 | ---D | M]

 

[2012/02/25 13:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\extensions

[2012/02/25 13:50:15 | 000,000,000 | ---D | M] (BittorrentBar_PT Community Toolbar) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.39\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.39\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\ARQUIV~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\ARQUIV~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll

CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\windows\system32\npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Ask Toolbar = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.14.1.0_0\

CHR - Extension: Desprotetor de Links = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\1.2.8.1_0\

CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

 

O1 HOSTS File: ([2012/05/15 21:46:06 | 000,000,905 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [vProt] C:\Arquivos de programas\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [bitTorrent] C:\Arquivos de programas\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108800

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Se&nd to OneNote - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: caixa.gov.br ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)

O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] https in Trusted sites)

O15 - HKCU\..Trusted Domains: itau.com.br ([www] http in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} http://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab (OCXDownloadChecker Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4,208.67.222.222

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehCef.dll) - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\ARQUIV~1\GbPlugin\gbiehUni.dll) - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL) - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:0 () - http://t1.gstatic.com/images?q=tbn:ANd9GcSjdVs-VtPjgFT5njpyKsotQIQvh4BKai-LOpgnIgHyGTO4jICwaw

O24 - Desktop Components:1 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/15 22:22:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2012/05/15 21:46:06 | 000,000,000 | ---D | C] -- C:\MyHosts

[2012/05/15 20:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\RK_Quarantine

[2012/05/15 20:45:25 | 001,327,512 | ---- | C] (C_XX) -- C:\Documents and Settings\Administrador\Desktop\C_XX_AD-R.exe

[2012/05/15 20:44:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Ad-Remover

[2012/05/15 19:11:34 | 000,000,000 | ---D | C] -- C:\ZHP

[2012/05/15 19:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP

[2012/05/15 19:09:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ZHPDiag

[2012/05/15 19:09:05 | 004,675,745 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe

[2012/05/14 19:15:56 | 000,021,768 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\windows\System32\drivers\PROCEXP141.SYS

[2012/05/13 20:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\cerasus.media

[2012/05/13 16:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Funlinker

[2012/05/10 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Untitled

[2012/05/08 22:15:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft XNA

[2012/05/05 22:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\MumboJumbo

[2012/05/04 11:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Servidores

[2012/05/04 11:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Videos

[2012/05/03 19:29:23 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\System32\pncrt.dll

[2012/05/02 19:03:22 | 000,000,000 | ---D | C] -- C:\BrickForce

[2012/04/28 21:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GarenaPlus

[2012/04/28 21:05:55 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Garena Plus

[2012/04/28 21:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\GarenaMessenger

[2012/04/28 21:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Left 4 Dead 2

[2012/04/27 22:20:35 | 000,567,200 | ---- | C] (FOF_SILENT

Beijing Elex Technology Co., Ltd) -- C:\windows\System32\v9-toolbar.dll

[2012/04/27 22:20:35 | 000,093,088 | ---- | C] (Beijing Elex Technology Co., Ltd) -- C:\windows\System32\v9loader.dll

[2012/04/27 22:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Game Booster 3

[2012/04/27 22:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Youtube Downloader HD

[2012/04/27 20:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GRETECH

[2012/04/27 20:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AVG Secure Search

[2012/04/27 20:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\GOM Player

[2012/04/27 20:24:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\AVG Secure Search

[2012/04/27 20:22:38 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GRETECH

[2012/04/25 19:20:27 | 000,000,000 | ---D | C] -- C:\windows\A6W_DATA

[2012/04/25 11:46:23 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Wisdom-soft AutoScreenRecorder 3.1 Free

[2012/04/24 19:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Dxtory Software

[2012/04/24 19:18:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Dxtory Software

[2012/04/24 18:56:08 | 000,000,000 | ---D | C] -- C:\Fraps

[2012/04/22 16:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TitanicMystery

[2012/04/22 01:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Notepad++

[2012/04/22 01:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Notepad++

[2012/04/21 13:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\My Games

[2012/04/21 11:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PopCapY

[2012/04/20 15:28:07 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Steam

[2012/04/19 16:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\EMDM

[2012/04/18 19:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Plano

[2012/04/18 18:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GO Games

[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[22 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/15 22:29:00 | 000,000,470 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{F079F6E0-5CE6-4881-A991-5A72F3D9666B}.job

[2012/05/15 22:22:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2012/05/15 22:01:00 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/15 21:46:06 | 000,000,905 | RHS- | M] () -- C:\windows\System32\drivers\etc\hosts

[2012/05/15 21:42:32 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\MyHosts.exe

[2012/05/15 21:30:30 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/05/15 20:53:05 | 000,000,440 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job

[2012/05/15 20:50:42 | 000,002,284 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2012/05/15 20:48:04 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/15 20:48:04 | 000,000,284 | ---- | M] () -- C:\windows\tasks\Game_Booster_Startup.job

[2012/05/15 20:47:54 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2012/05/15 20:45:48 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\AD-R.lnk

[2012/05/15 20:45:33 | 001,327,512 | ---- | M] (C_XX) -- C:\Documents and Settings\Administrador\Desktop\C_XX_AD-R.exe

[2012/05/15 20:43:55 | 001,420,288 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\RogueKiller.exe

[2012/05/15 19:34:11 | 000,000,000 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2012/05/15 19:10:01 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk

[2012/05/15 19:10:00 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk

[2012/05/15 19:09:59 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk

[2012/05/15 19:09:37 | 004,675,745 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe

[2012/05/15 18:57:53 | 000,581,983 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

[2012/05/15 18:23:31 | 000,118,517 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\planeta[1].jpg

[2012/05/15 17:55:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2012/05/15 13:59:13 | 098,203,570 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm

[2012/05/15 13:58:46 | 000,325,162 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm

[2012/05/15 11:27:31 | 000,021,768 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\windows\System32\drivers\PROCEXP141.SYS

[2012/05/13 16:50:38 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Mystery Stories - Mountains of Madness.lnk

[2012/05/13 16:44:28 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Celtic Lore - Sidhe Hills.lnk

[2012/05/13 14:39:13 | 007,188,074 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Ludovico-Einaudi-I-Giorni.mp3

[2012/05/13 02:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\AdobeAAMUpdater-1.0-PRIVE-BEF3B6042-Administrador.job

[2012/05/12 15:13:13 | 005,227,019 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\namebench-1.3.1-Windows.exe

[2012/05/12 14:46:35 | 003,806,696 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012/05/12 02:50:11 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK

[2012/05/11 20:10:00 | 000,000,300 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job

[2012/05/05 22:09:39 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Midnight Mysteries - Devil on the Mississippi.lnk

[2012/04/28 21:23:15 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\room_v3.dat

[2012/04/27 22:27:14 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Google Chrome.lnk

[2012/04/27 22:27:14 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Internet Explorer.lnk

[2012/04/27 22:19:55 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster 3.lnk

[2012/04/25 19:20:28 | 000,000,035 | ---- | M] () -- C:\windows\A6W.INI

[2012/04/25 11:45:35 | 000,001,119 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\AltarsoftVideoCapture.ini

[2012/04/23 16:57:41 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Behind the Reflection.lnk

[2012/04/22 16:00:20 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\1912 Titanic Mystery.lnk

[2012/04/21 11:57:48 | 000,000,000 | ---- | M] () -- C:\windows\popcreg.dat

[2012/04/21 11:57:48 | 000,000,000 | ---- | M] () -- C:\windows\popcinfot.dat

[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[22 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/05/15 21:42:37 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MyHosts.exe

[2012/05/15 20:44:26 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\AD-R.lnk

[2012/05/15 20:43:43 | 001,420,288 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\RogueKiller.exe

[2012/05/15 19:34:11 | 000,000,000 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2012/05/15 19:10:00 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk

[2012/05/15 19:10:00 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk

[2012/05/15 19:09:59 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk

[2012/05/15 18:57:46 | 000,581,983 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

[2012/05/15 18:23:33 | 000,118,517 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\planeta[1].jpg

[2012/05/13 16:50:38 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Mystery Stories - Mountains of Madness.lnk

[2012/05/13 16:44:28 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Celtic Lore - Sidhe Hills.lnk

[2012/05/13 14:38:36 | 007,188,074 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Ludovico-Einaudi-I-Giorni.mp3

[2012/05/12 15:12:59 | 005,227,019 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\namebench-1.3.1-Windows.exe

[2012/05/11 21:54:20 | 000,713,085 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\background.jpg

[2012/05/05 22:09:39 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Midnight Mysteries - Devil on the Mississippi.lnk

[2012/04/29 22:25:37 | 000,000,284 | ---- | C] () -- C:\windows\tasks\Game_Booster_Startup.job

[2012/04/28 21:23:15 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\room_v3.dat

[2012/04/27 22:19:55 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster 3.lnk

[2012/04/25 19:20:28 | 000,000,035 | ---- | C] () -- C:\windows\A6W.INI

[2012/04/25 11:45:35 | 000,001,119 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\AltarsoftVideoCapture.ini

[2012/04/24 23:53:41 | 000,569,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1390067357-1993962763-682003330-500-0.dat

[2012/04/24 23:53:38 | 000,421,670 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat

[2012/04/23 16:57:41 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Behind the Reflection.lnk

[2012/04/22 16:00:20 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\1912 Titanic Mystery.lnk

[2012/04/21 11:57:48 | 000,000,000 | ---- | C] () -- C:\windows\popcreg.dat

[2012/04/21 11:57:48 | 000,000,000 | ---- | C] () -- C:\windows\popcinfot.dat

[2012/03/20 23:13:55 | 000,084,616 | ---- | C] () -- C:\windows\StkUnist.exe

[2012/03/20 23:13:45 | 000,025,608 | ---- | C] () -- C:\windows\System32\drivers\StkCSam.sys

[2012/03/20 23:13:43 | 000,197,648 | ---- | C] () -- C:\windows\System32\drivers\StkCSF.sys

[2012/02/22 19:48:54 | 000,008,192 | ---- | C] () -- C:\windows\System32\srvany.exe

[2012/02/22 19:48:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe

[2012/02/22 19:27:13 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini

[2012/02/18 14:32:40 | 000,000,385 | ---- | C] () -- C:\windows\hpwmdl27.dat.temp

[2012/02/18 14:23:12 | 000,187,931 | ---- | C] () -- C:\windows\hpwins27.dat

[2012/02/18 14:23:12 | 000,000,385 | ---- | C] () -- C:\windows\hpwmdl27.dat

[2012/02/17 14:01:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\steam_md4.dat

[2012/02/16 17:07:06 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll

[2012/01/24 16:27:09 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat

[2012/01/24 14:01:22 | 000,004,100 | ---- | C] () -- C:\windows\System32\hdvirffo.dll

[2012/01/22 15:28:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{5CC623D5-9C7C-4840-86AF-4E246796B2A8}

[2011/12/12 08:45:29 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\fusioncache.dat

[2011/11/22 10:49:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\winscp.rnd

[2011/11/18 22:53:59 | 000,340,480 | ---- | C] () -- C:\windows\System32\K8062e.exe

[2011/11/18 22:53:59 | 000,322,048 | ---- | C] () -- C:\windows\System32\Easylase.dll

[2011/11/18 22:53:59 | 000,301,056 | ---- | C] () -- C:\windows\System32\usbdmxfs.dll

[2011/11/18 22:53:59 | 000,110,592 | ---- | C] () -- C:\windows\System32\usb_dll.dll

[2011/11/18 22:53:59 | 000,084,992 | ---- | C] () -- C:\windows\System32\DMX510Vb.dll

[2011/11/18 22:53:59 | 000,049,152 | ---- | C] () -- C:\windows\System32\EspionDll.dll

[2011/11/18 22:53:59 | 000,042,496 | ---- | C] () -- C:\windows\System32\K8062D.dll

[2011/11/18 22:53:59 | 000,037,888 | ---- | C] () -- C:\windows\System32\LPT_dmx.dll

[2011/11/18 22:53:59 | 000,032,768 | ---- | C] () -- C:\windows\System32\MPUSBAPI.DLL

[2011/11/18 22:53:59 | 000,017,920 | ---- | C] () -- C:\windows\System32\usbdmxsi.dll

[2011/11/18 22:53:59 | 000,016,384 | ---- | C] () -- C:\windows\System32\FASTTime32.dll

[2011/11/18 22:53:58 | 000,003,584 | ---- | C] () -- C:\windows\System32\drivers\dlportio.sys

[2011/11/18 22:53:57 | 000,077,824 | ---- | C] () -- C:\windows\System32\dashardvb.dll

[2011/11/18 22:53:57 | 000,044,544 | ---- | C] () -- C:\windows\System32\dmx60.dll

[2011/11/18 22:53:57 | 000,044,544 | ---- | C] () -- C:\windows\System32\dmx120.dll

[2011/11/12 09:35:54 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll

[2011/11/01 17:33:02 | 000,003,248 | ---- | C] () -- C:\windows\System32\svcproxy.ini

[2011/11/01 17:33:02 | 000,001,976 | ---- | C] () -- C:\windows\System32\SVCProxyOff.ini

[2011/10/21 10:05:25 | 000,055,808 | ---- | C] () -- C:\windows\System32\zlib1.dll

[2011/10/19 09:48:52 | 000,090,112 | ---- | C] () -- C:\windows\LL.exe

[2011/09/27 11:04:38 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys

[2011/09/05 14:48:23 | 000,000,032 | ---- | C] () -- C:\windows\eurogunzstartgame.INI

[2011/08/30 22:24:35 | 000,002,373 | ---- | C] () -- C:\windows\mozver.dat

[2011/08/27 14:41:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{E65A4328-CABC-496B-89C7-D594F7274169}

[2011/08/27 14:40:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{68FCD3BE-03F4-4861-B7A0-8E279B3B466C}

[2011/08/13 15:57:34 | 000,010,752 | ---- | C] () -- C:\windows\System32\BASSMOD.dll

[2011/08/09 19:39:22 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\X-Plane Installer.prf

[2011/08/07 01:07:19 | 000,122,881 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\debuggee.mdmp

[2011/07/31 00:05:46 | 000,004,105 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\opbcsaty.nwk

[2011/07/30 14:53:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{6C578CD8-D0D5-40C8-9DB3-876AEA8CFC05}

[2011/07/30 14:53:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{BCD54316-226A-4F91-BA5D-9E5F905D3B5D}

[2011/07/19 21:12:53 | 000,001,536 | ---- | C] () -- C:\windows\System32\bcevent.dll

[2011/07/19 13:24:19 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI

[2011/07/16 13:16:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{863B7850-7710-4E33-8EED-2E49BE45EED2}

[2011/07/14 13:50:28 | 000,056,532 | -H-- | C] () -- C:\windows\System32\mlfcache.dat

[2011/07/04 02:34:59 | 000,138,264 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys

[2011/07/04 02:34:59 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys

[2011/07/04 02:34:38 | 000,234,768 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe

[2011/07/04 02:34:34 | 000,075,136 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe

[2011/06/11 21:26:25 | 000,006,912 | ---- | C] () -- C:\windows\System32\drivers\impressorax.sys.off

[2011/06/11 21:18:06 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\placax.sys

[2011/05/25 18:29:49 | 000,000,130 | ---- | C] () -- C:\windows\EQUALIZER.INI

[2011/05/17 00:22:29 | 002,015,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2011/05/16 11:31:44 | 000,008,592 | ---- | C] () -- C:\windows\System32\ractrlkeyhook.dll

[2011/05/15 16:12:24 | 000,004,935 | ---- | C] () -- C:\windows\wininit.ini

[2011/04/29 22:35:43 | 000,069,632 | ---- | C] () -- C:\windows\System32\MSJCE.dll

[2011/04/11 21:15:35 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat

[2011/04/02 12:03:08 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/02 08:56:05 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini

[2011/04/01 19:46:09 | 000,147,456 | R--- | C] () -- C:\windows\System32\igfxCoIn_v5016.dll

[2011/04/01 19:27:55 | 000,001,100 | ---- | C] () -- C:\windows\System32\d3d8caps.dat

[2011/04/01 16:23:04 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat

[2011/04/01 15:16:41 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll

[2011/03/31 14:31:02 | 000,001,080 | ---- | C] () -- C:\windows\geohealth-03.ini

[2010/08/27 18:46:24 | 000,000,119 | ---- | C] () -- C:\windows\geohealth-08.ini

[2010/06/23 11:58:35 | 000,034,816 | ---- | C] () -- C:\windows\System32\~bwcrc32.dll

[2010/06/11 05:38:56 | 000,000,893 | ---- | C] () -- C:\windows\GeoRIOM.ini

[2010/06/08 09:01:58 | 000,000,128 | ---- | C] () -- C:\windows\GeoImageProcess.ini

[2010/06/08 08:40:32 | 000,000,136 | ---- | C] () -- C:\windows\multiview.ini

[2010/06/08 08:37:54 | 000,000,015 | ---- | C] () -- C:\windows\geonet.ini

[2010/06/08 08:28:30 | 000,000,335 | ---- | C] () -- C:\windows\geoRepair.ini

[2010/06/08 08:28:24 | 000,000,028 | ---- | C] () -- C:\windows\geomcast.ini

[2010/06/08 08:28:24 | 000,000,025 | ---- | C] () -- C:\windows\geoat.ini

[2010/06/08 08:28:23 | 000,009,737 | ---- | C] () -- C:\windows\GeoPTZ.ini

[2010/06/08 08:28:23 | 000,000,113 | ---- | C] () -- C:\windows\Geo6cam.ini

[2010/06/08 08:28:20 | 000,000,000 | ---- | C] () -- C:\windows\Upload.ini

[2010/06/08 08:28:19 | 000,005,588 | ---- | C] () -- C:\windows\PelcoSpectra3_U.ini

[2010/06/08 08:28:19 | 000,000,112 | ---- | C] () -- C:\windows\PTU_U.ini

[2010/06/08 08:28:19 | 000,000,022 | ---- | C] () -- C:\windows\geobcast.ini

[2010/06/08 08:28:19 | 000,000,020 | ---- | C] () -- C:\windows\GEO_CS.ini

[2010/06/08 08:28:18 | 000,005,639 | ---- | C] () -- C:\windows\KenKo_DMP23H1_U.ini

[2010/06/08 08:28:17 | 000,005,661 | ---- | C] () -- C:\windows\SAE_U.ini

[2010/06/08 08:28:10 | 000,000,458 | ---- | C] () -- C:\windows\GeoDebug61.ini

[2010/06/08 08:28:10 | 000,000,370 | ---- | C] () -- C:\windows\GeoRuntime.ini

[2010/06/08 08:28:09 | 000,000,026 | ---- | C] () -- C:\windows\GeoMpeg4.ini

[2010/06/08 08:26:06 | 000,003,555 | ---- | C] () -- C:\windows\GeoMulti.ini

[2010/06/08 08:26:06 | 000,000,060 | ---- | C] () -- C:\windows\GeoDxDraw.ini

[2010/06/08 08:26:05 | 000,139,264 | ---- | C] () -- C:\windows\System32\GXGM20.dll

[2010/06/08 08:25:35 | 000,000,125 | ---- | C] () -- C:\windows\GeoHealth.ini

[2010/06/08 08:25:35 | 000,000,094 | ---- | C] () -- C:\windows\GeoPAL.ini

[2010/05/17 11:30:42 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI

[2010/05/17 11:28:03 | 003,806,696 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2010/05/17 10:48:06 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll

[2010/05/17 09:41:37 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat

[2010/05/17 09:38:10 | 000,021,844 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

 

========== LOP Check ==========

 

[2012/01/21 19:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.craftbukkit

[2012/05/04 22:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.minecraft

[2012/01/17 19:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.minecraft_xray

[2012/04/23 16:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Alawar

[2012/01/26 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Alawar Entertainment

[2011/05/22 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Anabel

[2012/04/12 00:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Arduino

[2011/09/05 19:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ashampoo

[2012/05/12 21:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Audacity

[2011/11/07 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Auslogics

[2011/04/01 12:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk

[2011/11/07 18:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AVG Secure Search

[2011/11/07 18:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AVG2012

[2012/01/02 19:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Awem

[2011/10/31 17:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\b2gmailnotifier.1E5171DA61AE26F47CB00A9AB285CC8775905A13.1

[2011/12/04 09:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Big Finish

[2012/05/15 21:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

[2012/02/08 17:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer Pro

[2011/06/10 18:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\CadSoft

[2012/05/13 20:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\cerasus.media

[2011/10/24 09:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/12/19 17:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Clickteam

[2011/07/14 13:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/08/17 20:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

[2012/02/22 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

[2011/10/16 22:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DarkParablesBriarRose_BFG

[2011/12/23 16:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Dev-Cpp

[2011/09/17 22:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoft

[2011/11/06 16:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ElevatedDiagnostics

[2012/02/26 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\FileZilla

[2011/08/31 14:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\flightgear.org

[2011/09/02 12:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\fltk.org

[2012/02/16 16:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Friday's games

[2012/04/11 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Fritzing

[2012/01/04 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Frogwares

[2012/05/13 16:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Funlinker

[2011/11/16 20:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Funswitch

[2012/01/03 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GameHousev1002

[2012/04/28 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GarenaPlus

[2011/07/27 16:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GestaltGames

[2012/04/28 01:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo

[2012/04/18 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GO Games

[2011/12/19 15:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Gogii

[2012/02/03 21:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\gtk-2.0

[2011/11/02 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GuardiansOfMagic

[2011/08/30 20:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Hide IP NG

[2011/09/16 18:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\HiFi

[2012/04/11 12:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ijjigame

[2011/10/20 15:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\iMaxGen

[2011/08/04 11:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\IObit

[2011/10/10 14:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Islands2

[2011/10/06 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ISTool

[2011/06/07 21:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LogoMaker

[2012/01/15 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\MagicIndie

[2011/07/23 17:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Magnet's Story

[2011/07/14 16:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Matrix Y2K

[2012/02/20 17:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Merscom

[2012/05/05 22:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\MumboJumbo

[2011/08/26 16:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\NCH Swift Sound

[2012/01/09 19:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Need for Speed World

[2012/04/22 01:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Notepad++

[2011/07/13 22:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Nvu

[2012/01/15 22:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Oracle

[2012/01/04 16:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Paige Harper and the Tome of Mystery

[2011/10/06 21:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PE Explorer

[2011/10/04 16:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PeaceCraft3

[2011/06/07 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PhotoScape

[2011/08/26 16:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PingTesterDataBas

[2011/09/17 23:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PointBlank

[2011/08/07 01:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Prive

[2011/06/21 19:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers

[2012/04/13 21:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\raidcall

[2012/01/23 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Screaming Bee

[2011/08/09 20:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SecondLife

[2011/11/23 14:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SecretIslandEng

[2011/10/31 13:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Silverback Productions

[2011/06/23 11:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony

[2011/12/27 14:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SpinTop Games

[2011/09/04 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\sqlitestudio

[2011/08/16 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/01/08 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TeamViewer

[2011/07/13 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Thunderbird

[2011/09/04 18:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia

[2012/04/22 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TitanicMystery

[2011/11/27 16:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TOMI2.THE GATES OF FATE

[2011/09/20 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TOMI3

[2011/11/10 10:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TS3Client

[2011/10/09 16:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ts3overlay

[2012/03/21 11:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ulead Systems

[2011/07/14 12:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

[2011/12/27 18:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ValuSoft

[2011/09/26 18:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Video DVD Maker FREE

[2011/07/28 21:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\VitySoft

[2011/10/18 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\YoudaGames

[2012/04/27 22:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Youtube Downloader HD

[2011/03/16 15:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Zylom

[2011/11/13 15:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alawar

[2010/05/17 12:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2011/08/11 17:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ashampoo

[2011/07/28 20:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

[2011/12/05 14:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avalon-Legends-Solitaire

[2012/04/27 20:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search

[2011/11/07 18:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG2012

[2011/12/04 09:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Big Finish

[2011/11/16 10:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess

[2011/07/19 13:23:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\CanonBJ

[2011/11/07 17:53:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files

[2011/11/05 18:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2011/08/02 20:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Farm Fishes

[2011/07/23 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\FarmFrenzy3_America

[2012/04/13 17:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Fenomen Games

[2011/08/13 15:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\firebird

[2012/01/03 15:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Fugazo

[2011/03/16 15:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GameHouse

[2012/04/28 21:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GarenaMessenger

[2012/02/12 11:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2011/07/27 16:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GestaltGames

[2011/07/23 19:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Gogii

[2012/03/28 18:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Hi-Rez Studios

[2011/11/04 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\interapp

[2011/04/27 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IObit

[2011/11/04 15:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\iWin

[2012/02/22 19:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

[2012/02/20 17:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Merscom

[2012/05/15 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

[2012/01/08 11:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MTA San Andreas All

[2011/08/26 16:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

[2011/07/29 08:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nexon

[2012/01/24 20:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

[2011/11/05 15:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Oi

[2011/06/06 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pinnacle

[2012/05/01 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

[2012/04/21 11:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PopCapY

[2011/08/17 20:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe

[2012/01/23 21:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Screaming Bee

[2011/06/21 18:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

[2011/08/14 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERSetup

[2011/11/08 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith

[2011/09/05 20:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2012/04/11 10:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

[2011/03/16 15:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

[2011/12/31 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/05/15 20:48:04 | 000,000,284 | ---- | M] () -- C:\windows\Tasks\Game_Booster_Startup.job

[2012/05/15 20:53:05 | 000,000,440 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

[2012/05/15 22:29:00 | 000,000,470 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{F079F6E0-5CE6-4881-A991-5A72F3D9666B}.job

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2011/09/27 23:12:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrador\Meus documentos\?? ???) -- C:\Documents and Settings\Administrador\Meus documentos\넥슨 플러그

[2011/09/27 23:12:50 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrador\Meus documentos\?? ???) -- C:\Documents and Settings\Administrador\Meus documentos\넥슨 플러그

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 412 bytes -> C:\windows\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\windows\system32:46EC5CC3_Uni.gbp

@Alternate Data Stream - 2 bytes -> C:\windows\system32:46EC5CC3_Cef.gbp

@Alternate Data Stream - 2 bytes -> C:\windows\system32:46EC5CC3_Bb.gbp

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva397.sys -- (XDva397)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\sXe Injected\ddsxei.sys -- (ddsxeiservice)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108800

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[22 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[2012/02/22 19:48:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8

 

:Files

C:\windows\KMService.exe

ipconfig /registerdns /c

ipconfig /flushdns /c

%systemroot%\prefetch\*.*

C:\WINDOWS\tasks\*.job

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

 

:Commands

[CLEARALLRESTOREPOINTS]

[purity]

[resethosts]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

e agora? oque eu faço?

 

Não tem essa opção CONCERTAR. CleanUP? É ISSO?

Olá!

 

|- Não é CleanUP e se está em Inglês,a opção seria "Run Fix".

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz todo o procedimento, mas, quando ele reiniciou o OTL.exe não estava mais lá no desktop. vou repetir o procedimento.

 

Baixei ele de novo, e quando executei ele deu os seguintes logs:

 

 

All processes killed

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva397.sys -- (XDva397)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\sXe Injected\ddsxei.sys -- (ddsxeiservice)> in the current context!

Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (Changer)> in the current context!

Error: Unable to interpret <FF - user.js - File not found> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!

Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.> in the current context!

Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108800> in the current context!

Error: Unable to interpret <O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found> in the current context!

Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)> in the current context!

Error: Unable to interpret <[6 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]> in the current context!

Error: Unable to interpret <[22 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]> in the current context!

Error: Unable to interpret <[2012/02/22 19:48:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe> in the current context!

Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2> in the current context!

Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8> in the current context!

========== FILES ==========

File\Folder C:\windows\KMService.exe not found.

< ipconfig /registerdns /c >

Configuração de IP do Windows

O registro dos registros de recursos DNS para todos os adaptadores deste computador foi iniciado. Quaisquer erros serão relatados no Visualizador de eventos em 15 minutos..

C:\Documents and Settings\Administrador\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Administrador\Desktop\cmd.txt deleted successfully.

< ipconfig /flushdns /c >

Configuração de IP do Windows

Liberação do cache do DNS Resolver bem-sucedida.

C:\Documents and Settings\Administrador\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Administrador\Desktop\cmd.txt deleted successfully.

File/Folder C:\windows\prefetch\*.* not found.

C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.

File\Folder C:\WINDOWS\System32\*.tmp not found.

File\Folder C:\WINDOWS\*.tmp not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 232515497 bytes

->Temporary Internet Files folder emptied: 27442346 bytes

->Java cache emptied: 1050730 bytes

->Google Chrome cache emptied: 357594667 bytes

->Flash cache emptied: 66853 bytes

 

User: All Users

->Flash cache emptied: 43 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

 

User: LocalService

->Temp folder emptied: 82513 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 2247378 bytes

->Temporary Internet Files folder emptied: 33237 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1009544 bytes

RecycleBin emptied: 49498 bytes

 

Total Files Cleaned = 593,00 mb

 

 

OTL by OldTimer - Version 3.2.43.0 log created on 05162012_180717

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Luca Albuquerque

 

|- Baixe: |DelFix| ( ... de Xplode )

 

DelFix_V88.jpg

 

|- Estando na página,clique na seta verde,para o download. ( Seta verde! )

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

 

DelFix_Suppression.jpg

 

|- Clique em "Suppression".

|- Poste o relatório! ( C:\DelFixSuppr.txt )

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

 

|- Baixe: < desktopicon.png > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Ps: Esteja conectado(a) à Internet.

|- Execute ComboFix.exe,com um duplo clique.

|- Ps: Instale o "Console de Recuperação",caso seja solicitado!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

|- Abrir-se-á a janela Auto Scan.

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.