[Resolvido] &nbspLentidão do micro

Soraya Lourenço · Julho 27, 2012

Boa tarde!

Antivirus nao funciona normalmente, nem inicia quando ligamos o pc.

windows defender desativado sozinho.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:57:39, on 27/07/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0TzutBtDtCtBtDyCtCzy&cr=200577644

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Soraya\AppData\Roaming\Complitly\Complitly.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe

--

End of file - 7297 bytes

Um abraço!

DigRam · Julho 27, 2012

Boa Noite! Soraya Lourenço

|- Baixe: < AdwCleaner > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

|- Baixe: < > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

Abraços!

Soraya Lourenço · Julho 30, 2012

Segue o log:

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 13:37:54

# Updated 20/07/2012 by Xplode

# Operating system : Windows 7 Starter Service Pack 1 (32 bits)

# User : Soraya - LOURENÇO-PC

# Running from : C:\Users\Soraya\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Soraya\AppData\Local\Conduit

Folder Deleted : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Folder Deleted : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk

Folder Deleted : C:\Users\Soraya\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Soraya\AppData\Roaming\Complitly

Folder Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\ConduitCommon

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Program Files\Complitly

Folder Deleted : C:\Program Files\Conduit

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\funmoods.xml

File Deleted : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\SweetIm.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\SweetIM

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0TzutBtDtCtBtDyCtCzy&cr=200577644 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.babylon.com/?affID=113480&tt=060612_5_&babsrc=HP_ss&mntrId=d47eecd5000000000000e0ca9478f907 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (pt-BR)

Profile name : default

File : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js

C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);

Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);

Deleted : user_pref("CT3072253.CTID", "CT3072253");

Deleted : user_pref("CT3072253.CurrentServerDate", "24-7-2012");

Deleted : user_pref("CT3072253.DSInstall", true);

Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Tue Jul 24 2012 11:04:49 GMT-0300 (Hora oficial d[...]

Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");

Deleted : user_pref("CT3072253.FirstServerDate", "24-7-2012");

Deleted : user_pref("CT3072253.FirstTime", true);

Deleted : user_pref("CT3072253.FirstTimeFF3", true);

Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);

Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3072253.HPInstall", false);

Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);

Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com.br/");

Deleted : user_pref("CT3072253.Initialize", true);

Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);

Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 2);

Deleted : user_pref("CT3072253.InstallationType", "Unknown");

Deleted : user_pref("CT3072253.InstalledDate", "Tue Jul 24 2012 11:04:52 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);

Deleted : user_pref("CT3072253.IsGrouping", false);

Deleted : user_pref("CT3072253.IsInitSetupIni", true);

Deleted : user_pref("CT3072253.IsMulticommunity", false);

Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);

Deleted : user_pref("CT3072253.IsOpenUninstallPage", true);

Deleted : user_pref("CT3072253.IsProtectorsInit", true);

Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Jul 24 2012 11:04:52 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Jul 24 2012 11:06:18 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT3072253.Locale", "en");

Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);

Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.14.1.0");

Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]

Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Jul 24 2012 11:04:53 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3072253.SearchProtectorEnabled", true);

Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Jul 24 2012 11:04:46 GMT-0300 (Hora oficial do B[...]

Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Tue Jul 24 2012 11:04:46 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT3072253.SettingsLastUpdate", "1342354602");

Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Tue Jul 24 2012 11:04:46 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");

Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3072253.UserID", "UN83582594931646696");

Deleted : user_pref("CT3072253.alertChannelId", "1463702");

Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4252");

Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20323420323031322031313A30343A35372[...]

Deleted : user_pref("CT3072253.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]

Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Tue Jul 24 2012 11:04:48 GMT-0300 (Hora ofi[...]

Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.initDone", true);

Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3072253.myStuffEnabled", true);

Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3072253.revertSettingsEnabled", true);

Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.testingCtid", "");

Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Jul 24 2012 11:04:47 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Tue Jul 24 2012 11:04:51 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3072253.usagesFlag", 1);

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/BR", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Soraya\\AppData\\Roaming\\Mozilla\\[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");

Deleted : user_pref("CommunityToolbar.globalUserId", "f10e06c7-4841-485a-b6ce-e158a4dff984");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jul 24 2012 11:04:5[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 24 2012 11:04:52 GMT-030[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 24 2012 11:04:47 GMT-0300 (H[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "0d068552-f176-4b8f-955a-07ea205139ab");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.br/");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Deleted : user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://search.babylon.com/?affID=113480&tt=3012_8&[...]

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=3012_8&babsrc=NT_ss&mntr[...]

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15548");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=3012_1");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15539");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=3012_[...]

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.123:08:32");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.Softonic.admin", false);

Deleted : user_pref("extensions.Softonic.aflt", "SD");

Deleted : user_pref("extensions.Softonic.cntry", "BR");

Deleted : user_pref("extensions.Softonic.dfltSrch", false);

Deleted : user_pref("extensions.Softonic.dfltlng", "en");

Deleted : user_pref("extensions.Softonic.dfltsrch", "false");

Deleted : user_pref("extensions.Softonic.envrmnt", "production");

Deleted : user_pref("extensions.Softonic.hdrMd5", "E6352C170EDD7A7200CDAC4F18B9D1DF");

Deleted : user_pref("extensions.Softonic.hmpg", false);

Deleted : user_pref("extensions.Softonic.hrdid", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.Softonic.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.Softonic.instlday", "");

Deleted : user_pref("extensions.Softonic.instlref", "");

Deleted : user_pref("extensions.Softonic.isdcmntcmplt", "false");

Deleted : user_pref("extensions.Softonic.keywordurl", "");

Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.017:30:02");

Deleted : user_pref("extensions.Softonic.logicsmngrdailyreporttime", "11-06-2012");

Deleted : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.Softonic.newTab", false);

Deleted : user_pref("extensions.Softonic.newtab", "false");

Deleted : user_pref("extensions.Softonic.newtaburl", "");

Deleted : user_pref("extensions.Softonic.prdct", "Softonic");

Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");

Deleted : user_pref("extensions.Softonic.prtnrid", "softonic");

Deleted : user_pref("extensions.Softonic.savedVrsnTs", "1");

Deleted : user_pref("extensions.Softonic.sg", "az");

Deleted : user_pref("extensions.Softonic.similarsitesstorage-pid2", "5e7cda79789861b");

Deleted : user_pref("extensions.Softonic.smplGrp", "none");

Deleted : user_pref("extensions.Softonic.smplgrp", "none");

Deleted : user_pref("extensions.Softonic.srch", "");

Deleted : user_pref("extensions.Softonic.srchprvdr", "");

Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...]

Deleted : user_pref("extensions.Softonic.tlbrid", "base");

Deleted : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...]

Deleted : user_pref("extensions.Softonic.vrsn", "");

Deleted : user_pref("extensions.Softonic.vrsnTs", "1.5.21.017:30:02");

Deleted : user_pref("extensions.Softonic.vrsni", "1.5.21.0");

Deleted : user_pref("extensions.Softonic.vrsnts", "1.5.21.017:30:02");

Deleted : user_pref("extensions.Softonic_i.newTab", false);

Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");

Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.017:30:02");

Deleted : user_pref("extensions.funmoods.admin", false);

Deleted : user_pref("extensions.funmoods.aflt", "iron2");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.cntry", "BR");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "55B0F2732E139AA003C197ACFDDC095E");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzut[...]

Deleted : user_pref("extensions.funmoods.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.funmoods.instlDay", "15510");

Deleted : user_pref("extensions.funmoods.instlRef", "iron2");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:22:46");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]

Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:22:46");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.aflt", "orgnl");

Deleted : user_pref("extensions.funmoods_i.dfltLng", "");

Deleted : user_pref("extensions.funmoods_i.excTlbr", false);

Deleted : user_pref("extensions.funmoods_i.hmpg", true);

Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=vsl");

Deleted : user_pref("extensions.funmoods_i.id", "d47eecd5000000000000e0ca9478f907");

Deleted : user_pref("extensions.funmoods_i.instlDay", "15511");

Deleted : user_pref("extensions.funmoods_i.instlRef", "");

Deleted : user_pref("extensions.funmoods_i.newTab", false);

Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");

Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=orgnl&q=[...]

Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1614:04:32");

Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113480&tt=3012_8&babsrc=KW_ss&mntrId=d47e[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [30626 octets] - [30/07/2012 13:37:54]

########## EOF - C:\AdwCleaner[s1].txt - [30755 octets] ##########

O link gerado foi

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120730_j8r813f13z7

E o relatorio foi:

Rapport de ZHPDiag v1.31.105 par Nicolas Coolman, Update du 25/06/2012

Run by Soraya at 30/07/2012 13:50:16

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Web site : http://nicolascoolman.skyrock.com/

State :

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 14.0.1 v14.0.1 (Defaut)

---\\ Windows Product Information

~ Langage: Anglais

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ System Information

~ Processor: x86 Family 20 Model 1 Stepping 0, AuthenticAMD

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1788 MB (46% free)

System Restore: Activé (Enable)

System drive C: has 144 GB (80%) free of 180 GB

---\\ Logged in mode

~ Computer Name: LOURENÇO-PC

~ User Name: Soraya

~ All Users Names: Soraya, Convidado, Administrador,

~ Unselected Option: O45,O61,O62,O65,O82

Logged in as Administrator

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Soraya\AppData\Roaming\

~ %Desktop% : C:\Users\Soraya\Desktop\

~ %Favorites% : C:\Users\Soraya\Favorites\

~ %LocalAppData% : C:\Users\Soraya\AppData\Local\

~ %StartMenu% : C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 144 Go of 180 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 248 Go of 268 Go)

E:\ CD-ROM drive (Not Inserted)

Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

~ Scan Security Center in 00mn 00s

---\\ Search Generic System Files

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.27/07/2012 - 10:14:56.) -- C:\Windows\System32\wininet.dll [1129472]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]

[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:39:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]

[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]

~ Scan Generic Processes in 00mn 01s

---\\ Hidden files state (Hidden/Total)

~ Mes musiques (My Musics) : 41/450

~ Mes Videos (My Videos) : 1/2

~ Mes Favoris (My Favorites) : 1/4

~ Mes Documents (My Documents) : 2/115

~ Mon Bureau (My Desktop) : 2/85

~ Menu demarrer (Programs) : 1/30

~ Scan Hidden Files in 00mn 01s

---\\ Running Processes

[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Facebook Installer.) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3636]

[MD5.19CB8B3851F40518DC639C0613273122] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [840992] [PID.3688]

[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3716]

[MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.3780]

[MD5.8A9FACCB684500829F7D0BCC67B386CC] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.1152]

[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.3700]

[MD5.D6C4B257BBD494F08B2984E533B072A0] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [945232] [PID.3280]

[MD5.CAF103ABAE8D7AC48C6283C9EA0C942F] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe [7060560] [PID.3272]

[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.2056]

[MD5.1D721C0A479F378326EA770B3E6FABEE] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2852128] [PID.3092]

[MD5.3F677172F23FC17283D9BCE4B42E3F65] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [913888] [PID.672]

[MD5.A06AB1550658A19E871A6FD7FF1C2CDB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16864] [PID.4476]

[MD5.7DD731B5B95D5B8D14DC4E1468EB09E3] - (.Adobe Systems, Inc. - Adobe Flash Player 11.3 r300.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe [1536712] [PID.4512]

[MD5.EE34DEB598BFB6E0FAF3C483AA3E73F8] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4399696] [PID.4956]

[MD5.D9C70E8552670E7A67778ED238C18975] - (.Samsung Electronics Co., Ltd. - Smart Restarter Program.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2208624] [PID.5636]

[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.5812]

[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.5884]

[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.5972]

[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775848] [PID.6136]

[MD5.1E20F1E969193B6763630EAC6CFDC2EB] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [1757264] [PID.3316]

[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.5012]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Users\Soraya\Desktop\ZHPDiag_silent.exe [794216] [PID.3752]

[MD5.BE955BAB4EFC2A28BE2692D102FFC85A] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3838464] [PID.3744]

~ Scan Processes Running in 00mn 01s

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)

C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences

~ Scan Google Browser in 00mn 00s

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js

M3 - MFPP: Plugins - [soraya] -- C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\searchplugins\Search.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\twitter.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml

M0 - MFSP: prefs.js [soraya - d9gpgnfs.default] http://www.google.com

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.10411.0.) -- C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)

P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.450] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.448] - (.RealNetworks, Inc. - 6.0.12.448.) -- C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll (.not file.)

~ Scan Firefox Browser in 00mn 00s

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} . (...) (No version) -- (.not file.)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ Scan IE Browser in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects (O2)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} . (...) -- mscoree.dll (.not file.)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

~ Scan BHO in 00mn 00s

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

~ Scan Toolbar in 00mn 00s

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [OiVelox] . (...) -- C:\Program Files\Oi\Programmer\OiVeloxCheck.exe

O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-1980178241-1392328930-356032191-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

---\\ Other User Links (O4)

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Adobe Reader.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\DL.lnk . (...) -- D:\DL

O4 - Global Startup: C:\Users\Soraya\Desktop\MBRCheck.lnk . (...) -- C:\Program Files\ZHPDiag\mbrcheck.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Media Player Classic.lnk . (.MPC-HC Team.) -- C:\Program Files\Essentials Codec Pack\MPC\mpc-hc.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\MsPaint.lnk . (.Microsoft Corporation.) -- C:\Windows\System32\mspaint.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Oi Velox.lnk . (.LightComm Tecnologia.) -- C:\Program Files\Oi\Programmer\OiVelox.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\StarterBackgroundChanger.lnk . (.RGE.) -- C:\Program Files\StarterBackgroundChanger\StarterBackgroundChanger.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Windows Defender.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Defender\MSASCui.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\ZHPDiag.lnk . (...) -- C:\Program Files\ZHPDiag\ZHPDiags.exe

O4 - Global Startup: C:\Users\Soraya\Desktop\ZHPFix.lnk . (...) -- C:\Program Files\ZHPDiag\ZHPFix.exe

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk . (.Gretech Corp..) -- C:\Program Files\GRETECH\GomPlayer\GOM.EXE

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jetAudio.lnk . (.JetAudio, Inc..) -- C:\Program Files\JetAudio\JetAudio.exe

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files\uTorrent\uTorrent.exe

~ Scan Global Startup in 00mn 00s

---\\ Extra items in the IE right-click menu (O8)

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

~ Scan IE Menu Contextuel in 00mn 00s

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBro

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {328ECD19-C167-40eb-A0C7-16FE7634105E} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Prin

~ Scan IE Extra Buttons in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll

~ Scan Winsock in 00mn 00s

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

~ Scan Objets ActiveX in 00mn 00s

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254

~ Scan Domain in 00mn 00s

---\\ Extra protocols (O18)

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --

O18 - Handler: dvd - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: its - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: mhtml - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: ms-its - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

~ Scan Protocole Additionnel in 00mn 00s

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe

O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Unknown owner - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

~ Scan Services in 00mn 00s

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

---\\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ Scan Keys in 00mn 00s

---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMSDaily.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000UA.job

[MD5.6C40D5ED8951AB7B90D08AF655224EE4] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[MD5.EE34DEB598BFB6E0FAF3C483AA3E73F8] [APT] [advSRS5] (.SEC.) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [AutoKMSDaily] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.)

[MD5.5A7E85100ACB28FBA8A81181A06C52D7] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

[MD5.37293B4DBC673DFC3CA4DAF8A52F575D] [APT] [batteryLifeExtender] (.Samsung Electronics. Co. Ltd..) -- C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe

[MD5.D6C4B257BBD494F08B2984E533B072A0] [APT] [EasyDisplayMgr] (.Samsung Electronics Co., Ltd..) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

[MD5.00000000000000000000000000000000] [APT] [EasyPartitionManager] (...) -- C:\Windows\MSetup\BA46-12225A02\EPM.exe (.not file.)

[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000Core] (.Facebook Inc..) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000UA] (.Facebook Inc..) -- C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

[MD5.B00F98FF6FE8682FF941BEB2559BF191] [APT] [MirageAgent] (.CyberLink.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe

[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] [APT] [MovieColorEnhancer] (.Samsung Electronics Co., Ltd..) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

[MD5.5C7686EBAA8F27437C6F2C33F08768F5] [APT] [Windows Codec Update Service] (.MediaCodec.Org.) -- C:\Program Files\Essentials Codec Pack\WECPUpdate.exe

[MD5.3F677172F23FC17283D9BCE4B42E3F65] [APT] [{269378BC-338E-486C-9712-8CD4EE96E606}] (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

[MD5.00000000000000000000000000000000] [APT] [{53EEF08F-89DC-4315-A7F0-AB77D49C080B}] (...) -- D:\DL\Aquivos\Nero 9.0.9.4d.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{7043BCA5-7860-46C9-9E1C-CD1CEBB3A720}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{EE204AB3-7858-4613-B445-EEEB6BBB5A8B}] (...) -- C:\Program Files\VIVO INTERNET\uninst.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{F4170393-8CE2-4639-848D-C4EF364526B7}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

~ Scan Scheduled Task in 00mn 05s

---\\ ActiveSetup Installed Components (O40)

O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll

O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe

O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

~ Scan Active Setup in 00mn 00s

---\\ Drivers launched at startup (O41)

O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys

O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\Drivers\aswrdr2.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: (SABI) . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - C:\windows\system32\Drivers\SABI.sys

O41 - Driver: (SamSs) . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - C:\windows\system32\Drivers\SABI.sys

O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys

O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

---\\ Software installed (O42)

O42 - Logiciel: Microsoft Office Starter 2010 - Português (Brasil) - (.Microsoft Corporation.) [HKLM] -- {90140011-0066-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office com Clique para Executar 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.Click2Run

O42 - Logiciel: Mozilla Firefox 14.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 14.0.1 (x86 pt-BR)

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService

O42 - Logiciel: Oi Velox - (.LightComm Tecnologia.) [HKLM] -- programmeroi_is1

---\\ HKCU & HKLM Software Keys

[HKCU\Software\ATI]

[HKCU\Software\AVAST Software]

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Crossrider]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software\Unity]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Baixaki]

[HKCU\Software\BitTorrent]

[HKCU\Software\Bugsplat]

[HKCU\Software\COWON]

[HKCU\Software\ClassesB]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\CyberLink]

[HKCU\Software\Elantech]

[HKCU\Software\Facebook]

[HKCU\Software\GNU]

[HKCU\Software\GRETECH]

[HKCU\Software\Gabest]

[HKCU\Software\Google]

[HKCU\Software\HP]

[HKCU\Software\Haali]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\I.R.I.S.]

[HKCU\Software\IM Providers]

[HKCU\Software\INCAInternet]

[HKCU\Software\InstallCore]

[HKCU\Software\InstantStormSavers]

[HKCU\Software\Intel]

[HKCU\Software\Iris]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Macromedia]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\Norton]

[HKCU\Software\OCNS]

[HKCU\Software\Opera Software]

[HKCU\Software\Pando Networks]

[HKCU\Software\Policies]

[HKCU\Software\RealNetworks]

[HKCU\Software\Realtek]

[HKCU\Software\RegisteredApplications]

[HKCU\Software\SSPrint]

[HKCU\Software\Samsung]

[HKCU\Software\SkypeRS]

[HKCU\Software\Skype]

[HKCU\Software\StarterBackgroundChanger]

[HKCU\Software\Trolltech]

[HKCU\Software\TuneUp]

[HKCU\Software\Unity]

[HKCU\Software\Video Player]

[HKCU\Software\Webzen]

[HKCU\Software\Widcomm]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Wow6432Node]

[HKLM\Software\360Safe]

[HKLM\Software\AMD]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\AVAST Software]

[HKLM\Software\Adobe]

[HKLM\Software\AdwCleaner]

[HKLM\Software\Ahead]

[HKLM\Software\Atheros]

[HKLM\Software\BcmSetup]

[HKLM\Software\Broadcom]

[HKLM\Software\Bunndle]

[HKLM\Software\CBSTEST]

[HKLM\Software\COWON]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\CyberLink]

[HKLM\Software\DTS]

[HKLM\Software\Dolby]

[HKLM\Software\Essentials Codec Pack]

[HKLM\Software\GNU]

[HKLM\Software\GRETECH]

[HKLM\Software\Gabest]

[HKLM\Software\Google]

[HKLM\Software\HaaliMkx]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\Huawei technologies]

[HKLM\Software\ICE]

[HKLM\Software\Intel]

[HKLM\Software\Jodix]

[HKLM\Software\Khronos]

[HKLM\Software\Knowles]

[HKLM\Software\Macromedia]

[HKLM\Software\Megacubo]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\My Company Name]

[HKLM\Software\NCsoft]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\Oceanis]

[HKLM\Software\Opera Software]

[HKLM\Software\Pando Networks]

[HKLM\Software\Policies]

[HKLM\Software\RTLSetup]

[HKLM\Software\RealAlternative]

[HKLM\Software\RealNetworks]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SRS Labs]

[HKLM\Software\SSPrint]

[HKLM\Software\SSScan]

[HKLM\Software\Samsung Electronics Co., Ltd.]

[HKLM\Software\Samsung Printers]

[HKLM\Software\Samsung]

[HKLM\Software\Skype]

[HKLM\Software\SonicFocus]

[HKLM\Software\StarterBackgroundChanger]

[HKLM\Software\SuppHelpDir]

[HKLM\Software\Symantec]

[HKLM\Software\TuneUp]

[HKLM\Software\V9Software]

[HKLM\Software\VDownloader]

[HKLM\Software\Volatile]

[HKLM\Software\WOW6432Node]

[HKLM\Software\Waves Audio]

[HKLM\Software\Widcomm]

[HKLM\Software\WinRAR]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 21/01/2012 - 16:42:33 - [195,732] ----D C:\Program Files\Adobe

O43 - CFD: 21/01/2012 - 16:42:36 - [1,863] ----D C:\Program Files\AMD APP

O43 - CFD: 21/01/2012 - 17:16:23 - [0] ----D C:\Program Files\Arquivos Comuns

O43 - CFD: 21/01/2012 - 16:42:36 - [0,034] ----D C:\Program Files\Atheros

O43 - CFD: 21/01/2012 - 16:42:36 - [16,785] ----D C:\Program Files\ATI

O43 - CFD: 21/01/2012 - 16:42:37 - [63,068] ----D C:\Program Files\ATI Technologies

O43 - CFD: 27/07/2012 - 12:47:31 - [237,340] ----D C:\Program Files\AVAST Software

O43 - CFD: 21/01/2012 - 16:42:42 - [11,073] ----D C:\Program Files\Broadcom

O43 - CFD: 26/07/2012 - 23:27:42 - [124,790] ----D C:\Program Files\Common Files

O43 - CFD: 21/01/2012 - 16:45:35 - [1083,925] ----D C:\Program Files\CyberLink

O43 - CFD: 14/04/2012 - 08:46:41 - [3,997] ----D C:\Program Files\DVD Maker

O43 - CFD: 21/01/2012 - 16:38:26 - [16,208] ----D C:\Program Files\Elantech

O43 - CFD: 16/05/2012 - 17:18:50 - [35,859] ----D C:\Program Files\Essentials Codec Pack

O43 - CFD: 27/07/2012 - 11:37:42 - [0] ----D C:\Program Files\Google

O43 - CFD: 01/02/2012 - 15:47:56 - [20,364] ----D C:\Program Files\GRETECH

O43 - CFD: 18/05/2012 - 23:39:06 - [215,640] ----D C:\Program Files\HP

O43 - CFD: 21/05/2012 - 20:34:29 - [145,398] --H-D C:\Program Files\InstallShield Installation Information

O43 - CFD: 27/07/2012 - 10:47:57 - [4,929] ----D C:\Program Files\Internet Explorer

O43 - CFD: 01/02/2012 - 15:44:38 - [69,302] ----D C:\Program Files\JetAudio

O43 - CFD: 28/02/2012 - 14:49:16 - [0] ----D C:\Program Files\Microsoft

O43 - CFD: 27/07/2012 - 10:23:43 - [10,731] ----D C:\Program Files\Microsoft Application Virtualization Client

O43 - CFD: 14/07/2009 - 01:52:30 - [44,793] ----D C:\Program Files\Microsoft Games

O43 - CFD: 22/01/2012 - 17:28:15 - [7,525] ----D C:\Program Files\Microsoft Office

O43 - CFD: 19/06/2012 - 19:32:15 - [40,838] ----D C:\Program Files\Microsoft Silverlight

O43 - CFD: 21/01/2012 - 16:47:59 - [1,745] ----D C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 07/06/2012 - 22:01:35 - [0,015] ----D C:\Program Files\Microsoft.NET

O43 - CFD: 29/07/2012 - 01:00:17 - [36,321] ----D C:\Program Files\Mozilla Firefox

O43 - CFD: 29/07/2012 - 10:46:13 - [0,195] ----D C:\Program Files\Mozilla Maintenance Service

O43 - CFD: 14/07/2009 - 01:52:30 - [0,025] ----D C:\Program Files\MSBuild

O43 - CFD: 27/07/2012 - 10:02:50 - [0] ----D C:\Program Files\MSXML 4.0

O43 - CFD: 28/07/2012 - 13:09:14 - [6,211] ----D C:\Program Files\Oi

O43 - CFD: 26/07/2012 - 23:32:53 - [0,000] ----D C:\Program Files\Opera Next

O43 - CFD: 20/02/2012 - 19:48:33 - [21,706] ----D C:\Program Files\Real Alternative

O43 - CFD: 21/01/2012 - 16:48:18 - [20,260] ----D C:\Program Files\Realtek

O43 - CFD: 14/07/2009 - 01:52:30 - [37,262] ----D C:\Program Files\Reference Assemblies

O43 - CFD: 21/01/2012 - 16:48:34 - [973,600] ----D C:\Program Files\Samsung

O43 - CFD: 21/01/2012 - 16:50:47 - [14,041] ----D C:\Program Files\Samsung AnyWeb Print

O43 - CFD: 21/01/2012 - 16:50:47 - [1,863] ----D C:\Program Files\SamsungPrinterLiveUpdate

O43 - CFD: 21/01/2012 - 16:50:48 - [1,747] ----D C:\Program Files\SamsungPrinterLiveUpdateInstaller

O43 - CFD: 21/01/2012 - 16:50:48 - [28,905] R---D C:\Program Files\Skype

O43 - CFD: 09/02/2012 - 01:31:10 - [0,987] ----D C:\Program Files\StarterBackgroundChanger

O43 - CFD: 24/08/2011 - 02:46:08 - [0] --H-D C:\Program Files\Temp

O43 - CFD: 14/07/2009 - 01:53:23 - [0] --H-D C:\Program Files\Uninstall Information

O43 - CFD: 26/05/2012 - 19:43:10 - [0,840] ----D C:\Program Files\uTorrent

O43 - CFD: 21/01/2012 - 16:50:48 - [112,527] ----D C:\Program Files\WIDCOMM

O43 - CFD: 14/04/2012 - 08:46:39 - [2,897] ----D C:\Program Files\Windows Defender

O43 - CFD: 21/01/2012 - 16:51:08 - [515,990] ----D C:\Program Files\Windows Live

O43 - CFD: 14/04/2012 - 08:46:42 - [5,870] ----D C:\Program Files\Windows Mail

O43 - CFD: 14/04/2012 - 08:46:41 - [6,286] ----D C:\Program Files\Windows Media Player

O43 - CFD: 21/01/2012 - 17:16:23 - [11,630] ----D C:\Program Files\Windows NT

O43 - CFD: 14/04/2012 - 08:46:41 - [4,210] ----D C:\Program Files\Windows Photo Viewer

O43 - CFD: 20/11/2010 - 18:33:48 - [0,181] ----D C:\Program Files\Windows Portable Devices

O43 - CFD: 14/04/2012 - 08:46:42 - [10,029] ----D C:\Program Files\Windows Sidebar

O43 - CFD: 20/06/2012 - 13:24:03 - [3,952] ----D C:\Program Files\WinRAR

O43 - CFD: 30/07/2012 - 13:50:32 - [13,194] ----D C:\Program Files\ZHPDiag

O43 - CFD: 21/01/2012 - 16:42:42 - [3,636] ----D C:\Program Files\Common Files\Adobe

O43 - CFD: 01/02/2012 - 15:44:35 - [10,590] ----D C:\Program Files\Common Files\COWON

O43 - CFD: 21/01/2012 - 16:42:42 - [0] ----D C:\Program Files\Common Files\CyberLink

O43 - CFD: 22/01/2012 - 17:28:16 - [0,095] ----D C:\Program Files\Common Files\DESIGNER

O43 - CFD: 11/05/2012 - 12:34:45 - [0,507] ----D C:\Program Files\Common Files\Hewlett-Packard

O43 - CFD: 11/05/2012 - 12:35:07 - [3,052] ----D C:\Program Files\Common Files\HP

O43 - CFD: 15/04/2012 - 21:37:23 - [0] ----D C:\Program Files\Common Files\INCA Shared

O43 - CFD: 21/01/2012 - 16:42:42 - [5,114] ----D C:\Program Files\Common Files\InstallShield

O43 - CFD: 18/02/2012 - 18:16:35 - [46,407] ----D C:\Program Files\Common Files\microsoft shared

O43 - CFD: 21/01/2012 - 16:42:44 - [4,403] ----D C:\Program Files\Common Files\Samsung

O43 - CFD: 13/07/2009 - 23:37:05 - [0,003] ----D C:\Program Files\Common Files\Services

O43 - CFD: 21/01/2012 - 17:16:23 - [0] ----D C:\Program Files\Common Files\Sistema

O43 - CFD: 21/01/2012 - 16:42:44 - [2,036] ----D C:\Program Files\Common Files\Skype

O43 - CFD: 13/07/2009 - 23:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 14/04/2012 - 08:46:40 - [9,748] ----D C:\Program Files\Common Files\System

O43 - CFD: 21/01/2012 - 16:42:45 - [0] ----D C:\Program Files\Common Files\Windows Live

O43 - CFD: 21/01/2012 - 16:51:23 - [0,001] ----D C:\ProgramData\Adobe

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Application Data

O43 - CFD: 21/01/2012 - 16:51:23 - [0,019] ----D C:\ProgramData\Atheros

O43 - CFD: 21/01/2012 - 16:51:23 - [0,000] ----D C:\ProgramData\ATI

O43 - CFD: 27/07/2012 - 12:47:31 - [18,745] ----D C:\ProgramData\AVAST Software

O43 - CFD: 18/07/2012 - 02:53:04 - [0,000] --H-D C:\ProgramData\Common Files

O43 - CFD: 23/01/2012 - 12:35:21 - [0,042] ----D C:\ProgramData\CyberLink

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Dados de aplicativos

O43 - CFD: 16/04/2012 - 15:11:36 - [0,002] ----D C:\ProgramData\DatacardService

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Desktop

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Documents

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Favorites

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Favoritos

O43 - CFD: 17/03/2012 - 17:55:38 - [0,072] ----D C:\ProgramData\Hewlett-Packard

O43 - CFD: 11/05/2012 - 12:57:44 - [15,818] ----D C:\ProgramData\HP

O43 - CFD: 11/05/2012 - 12:36:42 - [0,009] ----D C:\ProgramData\HP Product Assistant

O43 - CFD: 28/07/2012 - 13:15:22 - [0,000] ----D C:\ProgramData\Lightcomm

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Menu Iniciar

O43 - CFD: 28/02/2012 - 14:49:16 - [1927,314] -S--D C:\ProgramData\Microsoft

O43 - CFD: 06/06/2012 - 11:57:02 - [0,048] ----D C:\ProgramData\Microsoft Help

O43 - CFD: 21/01/2012 - 17:16:23 - [0] --H-D C:\ProgramData\Modelos

O43 - CFD: 05/05/2012 - 09:04:08 - [0,007] ----D C:\ProgramData\Mozilla

O43 - CFD: 23/07/2012 - 12:35:17 - [0,743] ----D C:\ProgramData\Oi

O43 - CFD: 26/07/2012 - 23:34:25 - [0,846] ----D C:\ProgramData\PSafe

O43 - CFD: 21/01/2012 - 16:51:39 - [0,514] ----D C:\ProgramData\SAMSUNG

O43 - CFD: 21/01/2012 - 16:51:40 - [19,596] ----D C:\ProgramData\Skype

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Start Menu

O43 - CFD: 21/01/2012 - 16:51:40 - [0,293] ----D C:\ProgramData\Temp

O43 - CFD: 14/07/2009 - 01:53:55 - [0] --H-D C:\ProgramData\Templates

O43 - CFD: 18/07/2012 - 02:54:23 - [3,959] ----D C:\ProgramData\TuneUp Software

O43 - CFD: 23/01/2012 - 21:05:02 - [0] ----D C:\ProgramData\VirtualizedApplications

O43 - CFD: 11/05/2012 - 12:57:56 - [0,000] ----D C:\ProgramData\WEBREG

O43 - CFD: 21/01/2012 - 16:51:40 - [18,616] ----D C:\ProgramData\WinClon

O43 - CFD: 18/07/2012 - 02:53:04 - [22,938] -SH-D C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

O43 - CFD: 23/01/2012 - 12:30:06 - [3,026] ----D C:\Users\Soraya\AppData\Roaming\Adobe

O43 - CFD: 21/01/2012 - 17:02:21 - [0] ----D C:\Users\Soraya\AppData\Roaming\ATI

O43 - CFD: 01/02/2012 - 15:46:00 - [0,705] ----D C:\Users\Soraya\AppData\Roaming\COWON

O43 - CFD: 23/01/2012 - 14:01:48 - [3,599] ----D C:\Users\Soraya\AppData\Roaming\CyberLink

O43 - CFD: 01/02/2012 - 15:49:05 - [0,127] ----D C:\Users\Soraya\AppData\Roaming\GRETECH

O43 - CFD: 27/06/2012 - 21:57:37 - [0,130] ----D C:\Users\Soraya\AppData\Roaming\HP

O43 - CFD: 18/05/2012 - 15:48:50 - [0,000] ----D C:\Users\Soraya\AppData\Roaming\HpUpdate

O43 - CFD: 01/03/2012 - 18:35:46 - [0] ----D C:\Users\Soraya\AppData\Roaming\Identities

O43 - CFD: 21/01/2012 - 17:02:21 - [302,926] ----D C:\Users\Soraya\AppData\Roaming\Macromedia

O43 - CFD: 20/02/2012 - 20:03:49 - [0,000] ----D C:\Users\Soraya\AppData\Roaming\Media Player Classic

O43 - CFD: 23/06/2012 - 17:54:00 - [11,780] -S--D C:\Users\Soraya\AppData\Roaming\Microsoft

O43 - CFD: 25/01/2012 - 15:54:49 - [21,972] ----D C:\Users\Soraya\AppData\Roaming\Mozilla

O43 - CFD: 09/02/2012 - 01:18:54 - [2,202] ----D C:\Users\Soraya\AppData\Roaming\RGE

O43 - CFD: 21/03/2012 - 01:39:05 - [0,132] ----D C:\Users\Soraya\AppData\Roaming\Skype

O43 - CFD: 30/07/2012 - 00:56:15 - [0,842] ----D C:\Users\Soraya\AppData\Roaming\SoftGrid Client

O43 - CFD: 28/07/2012 - 13:17:32 - [0] ----D C:\Users\Soraya\AppData\Roaming\TP

O43 - CFD: 27/07/2012 - 00:34:36 - [1,505] ----D C:\Users\Soraya\AppData\Roaming\uTorrent

O43 - CFD: 05/04/2012 - 16:29:01 - [19,708] ----D C:\Users\Soraya\AppData\Roaming\WinRAR

O43 - CFD: 12/05/2012 - 18:38:22 - [0,368] ----D C:\Users\Soraya\AppData\Local\Adobe

O43 - CFD: 26/07/2012 - 22:28:56 - [0] ----D C:\Users\Soraya\AppData\Local\Apps

O43 - CFD: 05/04/2012 - 16:44:12 - [10,279] ----D C:\Users\Soraya\AppData\Local\assembly

O43 - CFD: 26/07/2012 - 22:26:15 - [0,064] ----D C:\Users\Soraya\AppData\Local\ATI

O43 - CFD: 05/02/2012 - 22:57:21 - [0] ----D C:\Users\Soraya\AppData\Local\Broadcom

O43 - CFD: 29/07/2012 - 19:59:21 - [42,798] ----D C:\Users\Soraya\AppData\Local\CrashDumps

O43 - CFD: 26/05/2012 - 19:44:30 - [0,848] ----D C:\Users\Soraya\AppData\Local\CRE

O43 - CFD: 25/05/2012 - 00:32:50 - [0,173] ----D C:\Users\Soraya\AppData\Local\CyberLink

O43 - CFD: 26/07/2012 - 22:37:54 - [3,200] ----D C:\Users\Soraya\AppData\Local\Diagnostics

O43 - CFD: 26/07/2012 - 22:38:54 - [1,167] ----D C:\Users\Soraya\AppData\Local\ElevatedDiagnostics

O43 - CFD: 02/06/2012 - 13:31:45 - [7,395] ----D C:\Users\Soraya\AppData\Local\Facebook

O43 - CFD: 11/07/2012 - 23:25:17 - [408,681] ----D C:\Users\Soraya\AppData\Local\Google

O43 - CFD: 25/05/2012 - 23:26:41 - [0,249] ----D C:\Users\Soraya\AppData\Local\HP

O43 - CFD: 23/06/2012 - 17:54:00 - [0] ----D C:\Users\Soraya\AppData\Local\Macromedia

O43 - CFD: 17/07/2012 - 00:48:30 - [311,712] ----D C:\Users\Soraya\AppData\Local\Microsoft

O43 - CFD: 27/01/2012 - 23:38:10 - [1,379] ----D C:\Users\Soraya\AppData\Local\Microsoft Games

O43 - CFD: 06/06/2012 - 11:57:01 - [0] ----D C:\Users\Soraya\AppData\Local\Microsoft Help

O43 - CFD: 25/01/2012 - 15:54:33 - [60,136] ----D C:\Users\Soraya\AppData\Local\Mozilla

O43 - CFD: 21/01/2012 - 17:02:21 - [0,504] ----D C:\Users\Soraya\AppData\Local\Power2Go

O43 - CFD: 27/07/2012 - 13:58:10 - [0,449] ----D C:\Users\Soraya\AppData\Local\SoftGrid Client

O43 - CFD: 30/07/2012 - 13:46:52 - [6,100] ----D C:\Users\Soraya\AppData\Local\Temp

O43 - CFD: 18/07/2012 - 03:07:13 - [0] ----D C:\Users\Soraya\AppData\Local\Unity

O43 - CFD: 27/07/2012 - 11:56:22 - [0,653] ----D C:\Users\Soraya\AppData\Local\VirtualStore

O43 - CFD: 25/07/2012 - 17:46:17 - [0,086] ----D C:\Users\Soraya\AppData\Local\Windows Live

O43 - CFD: 28/07/2012 - 20:33:35 - [0] ----D C:\Users\Soraya\AppData\Local\{ADF4E7A1-EBFA-4413-8846-7A0AB03EFADA}

O43 - CFD: 29/07/2012 - 23:52:40 - [0] ----D C:\Users\Soraya\AppData\Local\{EBA544A8-F8EA-4DC3-AE9D-6EA5E15AF2FB}

O43 - CFD: 14/07/2009 - 01:42:04 - [0,014] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 27/07/2012 - 10:51:15 - [0,000] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 27/07/2012 - 12:20:21 - [0,008] ----D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth

O43 - CFD: 16/05/2012 - 17:18:26 - [0] ----D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

O43 - CFD: 14/07/2009 - 01:37:42 - [0,001] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 27/07/2012 - 10:51:15 - [0,000] R---D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 05/04/2012 - 16:28:26 - [0,003] ----D C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

~ Scan Program Folder in 00mn 36s

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.476D148041CF13AF12209D8596E3F67D] - 30/07/2012 - 13:43:18 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1117310]

O44 - LFC:[MD5.7D0B5DD03DD20EC1443D3349A2FA69D5] - 30/07/2012 - 13:39:56 ---A- . (...) -- C:\Windows\setupact.log [1767419]

O44 - LFC:[MD5.0E6E8832A9D7D44FF9B0E6F66D2AB8AA] - 30/07/2012 - 13:39:54 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.5FDB3DA6790C2B183FC11705EC5F76F2] - 30/07/2012 - 13:38:12 ---A- . (...) -- C:\AdwCleaner[s1].txt [30757]

O44 - LFC:[MD5.9A38F04FD9688A4BBF4024DD848C354E] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1518542]

O44 - LFC:[MD5.F2E4FA71C1EAE804B69562B112E693BC] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\perfc009.dat [106574]

O44 - LFC:[MD5.707AC0095EFD05653D7A643289360263] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\perfh009.dat [616452]

O44 - LFC:[MD5.56E1D51B73318273477DDB6B2FABB811] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128280]

O44 - LFC:[MD5.10279F6E4B8CFE0114810CF952332CDE] - 28/07/2012 - 13:44:46 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [664248]

O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 27/07/2012 - 12:56:55 ---A- . (...) -- C:\Windows\System32\config.nt [2577]

O44 - LFC:[MD5.D06FB90E0BE856DF74917361C58464FA] - 27/07/2012 - 12:41:43 ---A- . (...) -- C:\Windows\PFRO.log [261692]

O44 - LFC:[MD5.FBB9B35A154BF57ED4CA61A71C675606] - 27/07/2012 - 10:58:45 ---A- . (...) -- C:\Windows\System32\oem25.inf [698444]

O44 - LFC:[MD5.55AE1BE11C2C99FA1647103852E716C1] - 27/07/2012 - 10:50:00 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [275936]

O44 - LFC:[MD5.FF1A8E913B015EE02265D8C34382BDF6] - 27/07/2012 - 10:16:16 ---A- . (...) -- C:\Windows\IE9_main.log [4143]

O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 27/07/2012 - 10:14:56 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]

O44 - LFC:[MD5.35BD57166F920558651BA26F865F101F] - 27/07/2012 - 10:03:17 ---A- . (...) -- C:\Windows\msxml4-KB954430-enu.LOG [286742]

O44 - LFC:[MD5.AF2A17DF515AA5B75737FBE469EEEE6A] - 27/07/2012 - 10:02:57 ---A- . (...) -- C:\Windows\msxml4-KB973688-enu.LOG [289934]

O44 - LFC:[MD5.D320BF87125326F996D4904FE24300FC] - 27/07/2012 - 09:53:45 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [80256]

O44 - LFC:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 27/07/2012 - 09:53:45 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [22400]

O44 - LFC:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 27/07/2012 - 09:53:45 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332160]

O44 - LFC:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 27/07/2012 - 09:53:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117120]

O44 - LFC:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 27/07/2012 - 09:53:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [143744]

O44 - LFC:[MD5.46F04D43FBF20BC3E2FB6F3A1FC4C6DE] - 26/07/2012 - 23:08:49 ---A- . (...) -- C:\user.js [1997]

O44 - LFC:[MD5.852BC11C23B7104443FC74EC7AD79158] - 26/07/2012 - 21:54:49 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerApp.exe [426184]

O44 - LFC:[MD5.A9D264526FBA70238969FF29AE3723EF] - 26/07/2012 - 21:54:49 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [70344]

O44 - LFC:[MD5.45ADC884F83A5D7D2F19672825D72F9E] - 25/07/2012 - 23:58:24 ---A- . (...) -- C:\Windows\System32\InstallUtil.InstallLog [830]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/07/2012 - 03:40:19 ---A- . (...) -- C:\Windows\System32\sho420D.tmp [0]

O44 - LFC:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 18/07/2012 - 02:50:13 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]

O44 - LFC:[MD5.4CDB39659C17FAA5BE56AC4F89387520] - 18/07/2012 - 02:50:12 R--A- . (.360???? - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]

O44 - LFC:[MD5.092E3658FC760F3D9694A848CAB1E43E] - 18/07/2012 - 02:49:30 R--A- . (.360???? - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]

O44 - LFC:[MD5.793FE87864DF96B611F3481CCA66A801] - 14/07/2012 - 03:04:58 ---A- . (...) -- C:\Windows\System32\shortcut_ex.dat [17]

O44 - LFC:[MD5.7109A9AA551F37CD168C02368465957E] - 03/07/2012 - 13:21:54 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\System32\Drivers\aswTdi.sys [54232]

O44 - LFC:[MD5.1C1F3D6DDDC046C920C493A779649F66] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\System32\Drivers\aswFsBlk.sys [21256]

O44 - LFC:[MD5.A48D8015AF2A0D8B4937613FFBFD28DE] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [57656]

O44 - LFC:[MD5.73DBCF808E00580F2A47F93DD9B03876] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswSnx.sys [721000]

O44 - LFC:[MD5.4A951BEBA9E49410CDE478B6F6ABB252] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [44784]

O44 - LFC:[MD5.6CBD7D3A33F498D09C831CDD732DA2E0] - 03/07/2012 - 13:21:53 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\Drivers\aswSP.sys [353688]

O44 - LFC:[MD5.7946D9F881715414B9F5D80D16752664] - 03/07/2012 - 13:21:32 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [41224]

O44 - LFC:[MD5.011A849235BACE60852566530B52AF91] - 03/07/2012 - 13:21:28 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe [227648]

~ Scan Files in 00mn 17s

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll

~ Scan Keys in 00mn 00s

---\\ Safe Boot Control (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

---\\ MountPoints2 Shell Key (MPKS) (O51)

O51 - MPSK:{0ba90a7e-8687-11e1-826b-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)

O51 - MPSK:{76c1273b-751e-11e1-ab6c-e0ca94459065}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)

O51 - MPSK:{b4ef2c16-444e-11e1-b963-e0ca94459065}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)

O51 - MPSK:{f342be35-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)

O51 - MPSK:{f342be45-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)

~ Scan Keys in 00mn 00s

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\Windows\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Intel® Corporation - No comment.) -- C:\Windows\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Intel® Corporation - No comment.) -- C:\Windows\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\Windows\System32\ir41_32.ax

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

~ Scan Keys in 00mn 00s

---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (None)

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

~ Scan Keys in 00mn 00s

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ Scan Keys in 00mn 00s

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

~ Scan Drivers in 00mn 00s

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

~ Scan Keys in 00mn 00s

---\\ Search Svchost Services (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168960]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168960]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [674304]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473600]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [286208]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [242176]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [521216]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [499712]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [47104]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164352]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [750592]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [750592]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [113664]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102400]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]

~ Scan Services in 00mn 00s

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.6D9E5361414A404F62DC249F2AADC327] [sPRF][31/01/2008] (.Unknown owner - 7-zip32.) -- C:\Users\Soraya\AppData\Local\Temp\7-zip32.dll [506880]

[MD5.4526194087DA1573C107A6F0CD2C285C] [sPRF][16/07/2009] (...) -- C:\Users\Soraya\AppData\Local\Temp\SysConfig.dat [934]

[MD5.879711A3BE601A66E88FE5DFACC9BE66] [sPRF][30/07/2012] (...) -- C:\Users\Soraya\AppData\Local\Temp\Uninst.bat [626]

[MD5.07DA6C9C3547C38BBA12E63F54FD9B00] [sPRF][30/07/2012] (...) -- C:\Users\Soraya\Desktop\adwcleaner.exe [632049]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][30/07/2012] (...) -- C:\Users\Soraya\Desktop\ZHPDiag_silent.exe [794216]

[MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Users\Soraya\Desktop\ZHP_uninstall.exe [344187]

[MD5.80F4A456633F78A26A3C6B16E64EFEC5] [sPRF][28/09/2007] (.Microsoft - Uno Messenger.) -- C:\Windows\Downloaded Program Files\GAME_UNO1.dll [381960]

[MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [sPRF][22/02/2007] (.Microsoft Corporation - Zone.com Stats Client for MSN Messenger.) -- C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll [304544]

[MD5.1E5CFDF9AEBDD84305A4C8154277A269] [sPRF][28/02/2007] (.Microsoft Corporation - Zone.com Checkers for MSN Messenger.) -- C:\Windows\Downloaded Program Files\msgrchkr.dll [131472]

~ Scan Files in 00mn 00s

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "{4359F0C2-76DF-4DC9-AFC8-98AB01159C16}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O87 - FAEL: "{C5F40DA8-45D0-46BA-A823-5658F880498D}" | In - Public - P17 - TRUE | .(.Samsung Electronics CO., LTD. - Samsung UPD Service.) -- C:\Windows\System32\SUPDSvc.exe

O87 - FAEL: "{987AA0E7-33B7-4AF2-AFA6-F5642B395436}" | In - Public - P6 - TRUE | .(.Samsung Electronics CO., LTD. - Samsung UPD Service.) -- C:\Windows\System32\SUPDSvc.exe

O87 - FAEL: "{267C77D1-C978-4E53-8086-6AAA02420625}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe (.not file.)

O87 - FAEL: "{55B8C3D6-F8DB-4D2B-8DB4-7444C6311ED2}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe (.not file.)

O87 - FAEL: "{6C54CB1D-8B7B-49C7-B961-131F2A48F4BE}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe (.not file.)

O87 - FAEL: "{7FA622AD-273A-4D14-84BF-2CE0F9C51CBF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe (.not file.)

O87 - FAEL: "{E4B6DCC3-034D-4C0B-9DC9-81779C126B38}" | In - None - P6 - TRUE | .(.CyberLink Corp. - PowerDirector.) -- C:\Program Files\CyberLink\PowerDirector\PDR8.exe

O87 - FAEL: "{B95FBA52-7E4D-4E3D-8E49-CBA6BAD11086}" | In - None - P6 - TRUE | .(.CyberLink Corp. - Media+Player 10.0.) -- C:\Program Files\CyberLink\Media+Player10\Media+Player10.exe

O87 - FAEL: "TCP Query User{1AC41A68-7C18-4696-8FD7-2C1E67DE217A}C:\program files\ncsoft\lineage ii\system\l2.bin" |In - Public - P6 - TRUE | .(...) -- C:\program files\ncsoft\lineage ii\system\l2.bin (.not file.)

O87 - FAEL: "UDP Query User{D4C73D00-E8BC-4BA8-A834-29E8488A3E2D}C:\program files\ncsoft\lineage ii\system\l2.bin" |In - Public - P17 - TRUE | .(...) -- C:\program files\ncsoft\lineage ii\system\l2.bin (.not file.)

O87 - FAEL: "{DDDFC4CF-7FD3-4F28-AB1E-19F00B10DE4F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\HP\hp software update\hpwucli.exe (.not file.)

O87 - FAEL: "{F88F768A-0EF0-4A9C-B2E3-172D4D7B2265}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{3DBEFCC1-F154-4B2D-96C3-CF685AE868B8}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{44BF6846-2C99-403E-BCA7-8C208D00EE6A}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{A488EB14-A432-4320-8E53-FB3EBE5CDCAE}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{80AB83D1-337B-4478-890B-6A54F01E663B}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

O87 - FAEL: "{BF448C02-CC11-41EF-A5C0-E49817BEF6D9}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{B0A6C149-65CE-4691-954A-3E6DFDE5F235}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{96191D35-6820-40BF-8D55-0E2FD4A5DCF3}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{BA58D1B5-6D38-4992-BE17-FE10016CC93D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{B22A0344-DC2D-4ECC-B26B-80D5EB6884A9}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{CCE143DB-5A6A-4148-ADF4-31649EDCDDDF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{32F0DA55-7A04-43C1-B9C9-D8A19094223E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{6772E526-AFBC-4003-BD30-51E3BFB0CBA8}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{FC0BDC60-BADE-4C3F-BFDA-53EE743603E6}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{754AC230-D596-44B4-8792-BF847CDE9A3F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

~ Scan Firewall in 00mn 02s

---\\ Router Hijack DNS (O89) (None)

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 26/07/2012 250056 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 10/08/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 03/07/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 25/03/2011 660768 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Demand 29/07/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SS - | Demand 28/03/2011 4323256 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des

SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 244904 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

SS - | Demand 09/08/2010 131888 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe

SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Scan Services in 00mn 04s

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Run by Soraya at 30/07/2012 13:52:03

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys ndis.sys bcmwl6.sys dxgmms1.sys watchdog.sys dxgkrnl.sys atikmpag.sys atikmdag.sys

C:\Windows\system32\drivers\amd_xata.sys Advanced Micro Devices Stor Filter Driver

C:\Windows\system32\drivers\amd_sata.sys Advanced Micro Devices AHCI 1.2 Device Driver

C:\Windows\system32\DRIVERS\bcmwl6.sys Broadcom Corporation Broadcom 802.11 Network Adapter wireless driver

C:\Windows\system32\DRIVERS\atikmpag.sys Advanced Micro Devices, Inc. AMD driver

C:\Windows\system32\DRIVERS\atikmdag.sys ATI Technologies Inc. ATI Radeon Family

1 ntkrnlpa!IofCallDriver[0x8305555A] -> \Device\Harddisk0\DR0[0x862B9030]

3 CLASSPNP[0x8899459E] -> ntkrnlpa!IofCallDriver[0x8305555A] -> [0x861F4020]

5 amd_xata[0x83D5D9D6] -> ntkrnlpa!IofCallDriver[0x8305555A] -> \Device\0000006d[0x85C08260]

kernel: MBR read successfully

user & kernel MBR OK

~ Scan MBR in 00mn 02s

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Soraya at 30/07/2012 13:52:06

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

End of the scan (1039 lines in 01mn 49s)(0)

Posso deletar os programas?

Obrigado pela ajuda!

Abraço!

DigRam · Julho 30, 2012

Boa Tarde! Soraya Lourenço

|- Se não lhe for importante,pode desinstalar!

|- C:\Program Files\uTorrent

-/-

|- Baixe: < createsrp > ( ... by Ramesh Srinivasan )

( Clique Here )

|- Salve-o no desktop!

|- Execute o createsrp.vbs < >

|- Clique OK,na caixa de mensagem.

|- Ps: Este ponto de restauração terá a seguinte descrição: "Novo Computador"

-/-

|- Baixe: < ZHPFix.zip >

|- Descompacte-o para o desktop.

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

>>

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll (.not file.)

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} . (...) (No version) -- (.not file.)

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} . (...) -- mscoree.dll (.not file.)

[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) => Infection Diverse (Trojan.Keygen)

[MD5.00000000000000000000000000000000] [APT] [AutoKMSDaily] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) => Infection Diverse (Trojan.Keygen)

[MD5.00000000000000000000000000000000] [APT] [EasyPartitionManager] (...) -- C:\Windows\MSetup\BA46-12225A02\EPM.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{53EEF08F-89DC-4315-A7F0-AB77D49C080B}] (...) -- D:\DL\Aquivos\Nero 9.0.9.4d.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{7043BCA5-7860-46C9-9E1C-CD1CEBB3A720}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{EE204AB3-7858-4613-B445-EEEB6BBB5A8B}] (...) -- C:\Program Files\VIVO INTERNET\uninst.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{F4170393-8CE2-4639-848D-C4EF364526B7}] (...) -- C:\Program Files\HSPA MODEM\HSPA MODEM\StartUp.exe (.not file.)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job => Infection Diverse (Trojan.Keygen)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMSDaily.job => Infection Diverse (Trojan.Keygen)

O43 - CFD: 28/07/2012 - 20:33:35 - [0] ----D C:\Users\Soraya\AppData\Local\{ADF4E7A1-EBFA-4413-8846-7A0AB03EFADA}

O43 - CFD: 29/07/2012 - 23:52:40 - [0] ----D C:\Users\Soraya\AppData\Local\{EBA544A8-F8EA-4DC3-AE9D-6EA5E15AF2FB}

O44 - LFC:[MD5.46F04D43FBF20BC3E2FB6F3A1FC4C6DE] - 26/07/2012 - 23:08:49 ---A- . (...) -- C:\user.js [1997]

O51 - MPSK:{76c1273b-751e-11e1-ab6c-e0ca94459065}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)

O51 - MPSK:{0ba90a7e-8687-11e1-826b-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{b4ef2c16-444e-11e1-b963-e0ca94459065}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{f342be35-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{f342be45-4798-11e1-8c21-e0ca94459065}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Opera Next\Opera.exe (.not file.)

O87 - FAEL: "{F88F768A-0EF0-4A9C-B2E3-172D4D7B2265}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{3DBEFCC1-F154-4B2D-96C3-CF685AE868B8}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{BF448C02-CC11-41EF-A5C0-E49817BEF6D9}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{B0A6C149-65CE-4691-954A-3E6DFDE5F235}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{96191D35-6820-40BF-8D55-0E2FD4A5DCF3}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{BA58D1B5-6D38-4992-BE17-FE10016CC93D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{B22A0344-DC2D-4ECC-B26B-80D5EB6884A9}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{CCE143DB-5A6A-4148-ADF4-31649EDCDDDF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Megacubo\megacubo.exe (.not file.)

O87 - FAEL: "{32F0DA55-7A04-43C1-B9C9-D8A19094223E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{6772E526-AFBC-4003-BD30-51E3BFB0CBA8}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{FC0BDC60-BADE-4C3F-BFDA-53EE743603E6}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

O87 - FAEL: "{754AC230-D596-44B4-8792-BF847CDE9A3F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Opera Next\opera.exe (.not file.)

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

C:\user.js

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abraços!

Soraya Lourenço · Julho 30, 2012

Segue o relatorio:

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-30-07-2012-15-51-08.txt

Run by Soraya at 30/07/2012 15:51:08

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

========== Registry Key ==========

DELETED Key*: Mozilla Plugin: vitzo.com/VDownloader

DELETED Key*: CLSID BHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1}

DELETED CLSID MPSK: {76c1273b-751e-11e1-ab6c-e0ca94459065}

DELETED CLSID MPSK: {0ba90a7e-8687-11e1-826b-e0ca94459065}

DELETED CLSID MPSK: {b4ef2c16-444e-11e1-b963-e0ca94459065}

DELETED CLSID MPSK: {f342be35-4798-11e1-8c21-e0ca94459065}

DELETED CLSID MPSK: {f342be45-4798-11e1-8c21-e0ca94459065}

DELETED Key*: HKLM\Software\360Safe

========== Registry Value ==========

DELETED URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03}

DELETED {F88F768A-0EF0-4A9C-B2E3-172D4D7B2265}

DELETED {3DBEFCC1-F154-4B2D-96C3-CF685AE868B8}

DELETED {BF448C02-CC11-41EF-A5C0-E49817BEF6D9}

DELETED {B0A6C149-65CE-4691-954A-3E6DFDE5F235}

DELETED {96191D35-6820-40BF-8D55-0E2FD4A5DCF3}

DELETED {BA58D1B5-6D38-4992-BE17-FE10016CC93D}

DELETED {B22A0344-DC2D-4ECC-B26B-80D5EB6884A9}

DELETED {CCE143DB-5A6A-4148-ADF4-31649EDCDDDF}

DELETED {32F0DA55-7A04-43C1-B9C9-D8A19094223E}

DELETED {6772E526-AFBC-4003-BD30-51E3BFB0CBA8}

DELETED {FC0BDC60-BADE-4C3F-BFDA-53EE743603E6}

DELETED {754AC230-D596-44B4-8792-BF847CDE9A3F}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (Public) : {267C77D1-C978-4E53-8086-6AAA02420625}

DELETED FirewallRaz (Public) : {55B8C3D6-F8DB-4D2B-8DB4-7444C6311ED2}

DELETED FirewallRaz (Public) : {6C54CB1D-8B7B-49C7-B961-131F2A48F4BE}

DELETED FirewallRaz (Public) : {7FA622AD-273A-4D14-84BF-2CE0F9C51CBF}

DELETED FirewallRaz (Public) : TCP Query User{1AC41A68-7C18-4696-8FD7-2C1E67DE217A}C:\program files\ncsoft\lineage ii\system\l2.bin

DELETED FirewallRaz (Public) : UDP Query User{D4C73D00-E8BC-4BA8-A834-29E8488A3E2D}C:\program files\ncsoft\lineage ii\system\l2.bin

DELETED FirewallRaz (None) : {D77644A3-9724-42D4-AB2B-4A662EDA725E}

DELETED FirewallRaz (None) : {A9422443-991C-4470-B8D2-92027A58C27A}

DELETED FirewallRaz (None) : {77350FC7-A6F3-4049-9859-9AD8E97A2429}

DELETED FirewallRaz (None) : {5EF5B424-C2DE-4246-9EA9-6F3CB2E01728}

DELETED FirewallRaz (None) : {DDDFC4CF-7FD3-4F28-AB1E-19F00B10DE4F}

========== Registry Data Items ==========

REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page

REMOVED StartMenuInternet: C:\Program Files\Opera Next\Opera.exe

========== Repertory ==========

DELETED Folder: C:\Users\Soraya\AppData\Local\{ADF4E7A1-EBFA-4413-8846-7A0AB03EFADA}

DELETED Folder: C:\Users\Soraya\AppData\Local\{EBA544A8-F8EA-4DC3-AE9D-6EA5E15AF2FB}

DELETED Window Temporary:

DELETED Flash Cookies:

========== File ==========

NOT FOUND File: c:\program files\vdownloader\addons\npvdownloader.dll

NOT FOUND File: mscoree.dll

NOT FOUND File: c:\windows\tasks\autokms.job

NOT FOUND File: c:\windows\tasks\autokmsdaily.job

DELETED c:\user.js

NOT FOUND Folder/File: c:\user.js

DELETED Window Temporary:

DELETED Flash Cookies:

========== Task ==========

DELETED Task: AutoKMS

DELETED Task: AutoKMSDaily

DELETED Task: EasyPartitionManager

DELETED Task: {53EEF08F-89DC-4315-A7F0-AB77D49C080B}

DELETED Task: {7043BCA5-7860-46C9-9E1C-CD1CEBB3A720}

DELETED Task: {EE204AB3-7858-4613-B445-EEEB6BBB5A8B}

DELETED Task: {F4170393-8CE2-4639-848D-C4EF364526B7}

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

8 : Registry Key

32 : Registry Value

2 : Registry Data Items

4 : Repertory

8 : File

7 : Task

1 : Restoration

End of clean in 01mn 00s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 30/07/2012 15:51:08 [4080]

Além do utorrent devo desinstalar o HiJackThis, adwcleaner, MBRCheck,ZHP diversos (ZHP Fix, ZHPDiag, ...) entre outros?

O que esses programas removem? Sei que eles retiraram toolbars que estou a um tempo tentando me livrar, mas fizeram mais o que? Desculpe é que gosto de saber o "porquê" ou o "pra que" das coisas. Claro que, se isso for possível.

Um abraço!

DigRam · Julho 30, 2012

Boa Tarde! Soraya Lourenço

Além do utorrent devo deletar o HiJackThis, adwcleaner, MBRCheck,ZHP diversos (ZHP Fix, ZHPDiag, ...)?
O que esses programas removem? Sei que eles retiraram toolbars que estou a um tempo tentando me livrar, mas fizeram mais o que? Desculpe é que gosto de saber o "porquê" ou o "pra que" das coisas. Claro que isso for possível.

|- Não delete o HijackThis,pois necessito de outro log do mesmo na comprovação de entradas do Cacaoweb.

|- Quanto à explicação do que as ferramentas removem,depende da elaboração do script para instruí-las nesse propósito.

|- Diferindo,apenas,o AdwCleaner que teve execução automática na remoção de Adwares e suas entradas ao registro.

|- Poste,então,relatório atualizado,do HijackThis.

|- Ps: Logo após,farei a remoção de todas as ferramentas que foram empregadas em seu PC.

Abraços!

Soraya Lourenço · Julho 30, 2012

Segue o log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:24:10, on 30/07/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.fr