Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
amandaap

log + anti malwarebytes

12 posts neste tópico

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:46:23, on 14/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=4294E006E6FC1DB8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: FindLyrics - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files (x86)\FindLyrics\FindLyrics.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9856 bytes

 

 

 

 

 

 

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Versão da Base de Dados:  v2013.04.04.07

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

.PC :: PC-PC [limitado]

 

14/05/2013 11:16:26

mbam-log-2013-05-14 (11-16-26).txt

 

Tipo de Verificação:  Verificação Rápida 

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados:  207137

Tempo decorrido: 4 minuto(s), 51 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 2

HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.300 - Relatório criado em 16/05/2013 às 09:14:48

# Atualizado em 28/04/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate  (64 bits)

# Usuário : .PC - PC-PC

# Modo de Boot : Normal

# Executado de : C:\Users\.PC\Downloads\adwcleaner.exe

# Opção [Verificar]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

 

***** [Registro] *****

 

 

***** [Navegadores] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registro está limpo.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

Arquivo : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\prefs.js

 

[OK] Arquivo está limpo.

 

-\\ Google Chrome v26.0.1410.64

 

Arquivo : C:\Users\.PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Arquivo está limpo.

 

*************************

 

AdwCleaner[R1].txt - [817 octets] - [16/05/2013 09:14:48]

AdwCleaner[s2].txt - [1095 octets] - [08/01/2013 19:04:50]

 

########## EOF - C:\AdwCleaner[R1].txt - [936 octets] ##########

 

 

 

 

 

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by .PC on 16/05/2013 at  9:08:18,60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\babylon"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\invalidprefs.js

Emptied folder: C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\minidumps [9 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16/05/2013 at  9:11:24,89

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:16:11, on 16/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\adwcleaner.exe

C:\Users\.PC\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8961 bytes

 


Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.300 - Relatório criado em 16/05/2013 às 11:14:00

# Atualizado em 28/04/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate  (64 bits)

# Usuário : .PC - PC-PC

# Modo de Boot : Normal

# Executado de : C:\Users\.PC\Downloads\adwcleaner.exe

# Opção [Remover]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

 

***** [Registro] *****

 

 

***** [Navegadores] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registro está limpo.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

Arquivo : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\prefs.js

 

[OK] Arquivo está limpo.

 

-\\ Google Chrome v26.0.1410.64

 

Arquivo : C:\Users\.PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Arquivo está limpo.

 

*************************

 

AdwCleaner[s2].txt - [815 octets] - [16/05/2013 11:14:00]

 

########## EOF - C:\AdwCleaner[s2].txt - [874 octets] ##########

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-05-18.04 - .PC 20/05/2013  10:13:51.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.4004.2559 [GMT -3:00]

Executando de: c:\users\.PC\Downloads\ComboFix.exe

AV: AVG antivírus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG antivírus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\coontinueetosavei

c:\programdata\coontinueetosavei\51968019bb847.tlb

c:\programdata\coontinueetosavei\settings.ini

c:\programdata\cyontinyueotoSavE

c:\programdata\cyontinyueotoSavE\5195153736951.tlb

c:\programdata\cyontinyueotoSavE\5195158d4a0b8.tlb

c:\programdata\cyontinyueotoSavE\settings.ini

c:\programdata\cyontinyueotoSavE\uninstall.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\cyontinyueotoSavE

c:\programdata\Microsoft\Windows\Start Menu\Programs\cyontinyueotoSavE\cyontinyueotoSavE.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\cyontinyueotoSavE\Uninstall.lnk

c:\programdata\SearchNewTab

c:\programdata\SearchNewTab\519680511da00.tlb

c:\programdata\SearchNewTab\settings.ini

c:\users\.PC\AppData\Roaming\unins000.exe

c:\users\.PC\Desktop\Setup.exe

c:\windows\SysWow64\drivers\qandr.sys

c:\windows\SysWow64\drivers\resdr32.sys

c:\windows\SysWow64\drivers\reveal32.sys

c:\windows\SysWow64\Logof.dll

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-20 to 2013-05-20  ))))))))))))))))))))))))))))

.

.

2013-05-20 13:17 . 2013-05-20 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-20 13:16 . 2013-05-20 13:16 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys

2013-05-20 13:10 . 2013-05-20 13:10 0 ----a-w- c:\windows\SysWow64\drivers\PROCEXP113.SYS

2013-05-20 13:10 . 2013-05-20 13:10 0 ----a-w- c:\windows\SysWow64\drivers\AFD.SYS

2013-05-20 12:34 . 2013-05-20 12:34 -------- d-----w- c:\programdata\Samsung

2013-05-20 12:34 . 2012-08-02 09:08 37376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ssm1mpc.dll

2013-05-20 12:33 . 2012-11-02 04:36 219136 ----a-w- c:\windows\system32\SBuySupplies.exe

2013-05-20 12:33 . 2012-10-04 06:03 1554336 ------w- c:\windows\TotalUninstaller.exe

2013-05-20 12:33 . 2011-05-02 04:40 34304 ----a-w- c:\windows\system32\ssm1mlm.dll

2013-05-20 12:33 . 2011-03-22 08:31 151552 ----a-w- c:\windows\system32\ssm1mci.exe

2013-05-20 12:33 . 2011-03-22 08:31 89600 ----a-w- c:\windows\system32\ssm1mci.dll

2013-05-20 12:33 . 2013-05-20 12:33 -------- d-----w- c:\program files (x86)\Samsung

2013-05-20 12:21 . 2011-03-18 06:40 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS

2013-05-18 15:55 . 2013-05-18 15:55 -------- d-----w- c:\programdata\GbPlugin

2013-05-18 15:55 . 2013-05-18 15:55 -------- d-----w- c:\program files (x86)\GbPlugin

2013-05-18 15:55 . 2013-05-20 12:31 -------- d-----w- c:\programdata\GAS Tecnologia

2013-05-17 18:49 . 2013-05-17 18:49 -------- d-----w- C:\CPY_SAVES

2013-05-17 18:47 . 2013-05-17 18:47 -------- d-----w- c:\programdata\Logs

2013-05-17 18:47 . 2013-04-11 19:12 19392 ----a-w- c:\windows\system32\roboot64.exe

2013-05-17 18:29 . 2013-05-17 18:29 -------- d-----w- c:\programdata\StarApp

2013-05-17 18:26 . 2013-05-20 03:01 -------- d-----w- c:\program files (x86)\WebSearch

2013-05-17 18:25 . 2013-05-17 18:41 -------- d-----w- c:\program files (x86)\Optimizer Pro

2013-05-17 18:02 . 2013-05-18 03:42 -------- d-----w- c:\program files (x86)\Football Manager 2013

2013-05-17 17:49 . 2013-05-17 17:49 -------- d-----w- c:\program files (x86)\UltraISO

2013-05-17 17:49 . 2013-05-17 17:49 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems

2013-05-16 16:37 . 2013-05-17 18:41 -------- d-----w- c:\program files (x86)\ContinueToSave

2013-05-16 16:36 . 2013-05-17 18:41 -------- d-----w- c:\programdata\InstallMate

2013-05-16 12:08 . 2013-05-16 12:08 -------- d-----w- c:\windows\ERUNT

2013-05-16 12:01 . 2013-05-16 12:02 465 ----a-w- c:\windows\DeleteOnReboot.bat

2013-05-14 14:13 . 2013-05-14 14:13 -------- d-----w- c:\programdata\Malwarebytes

2013-05-14 14:13 . 2013-05-14 14:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-14 14:13 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-10 12:25 . 2013-05-10 12:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-05-08 11:46 . 2013-05-08 11:46 -------- d-----w- c:\program files (x86)\Foxit Software

2013-05-08 01:47 . 2013-05-08 01:47 -------- d-----w- c:\users\Default\AppData\Local\Google

2013-05-07 16:40 . 2013-05-15 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-07 16:40 . 2013-05-15 16:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-07 16:40 . 2013-05-07 16:40 -------- d-----w- c:\windows\SysWow64\Macromed

2013-05-07 16:40 . 2013-05-07 16:40 -------- d-----w- c:\windows\system32\Macromed

2013-05-07 15:04 . 2013-05-07 15:12 -------- d-----w- c:\program files (x86)\Comodo

2013-05-07 15:04 . 2013-05-07 15:04 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-05-07 15:04 . 2013-05-07 15:04 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2013-05-07 15:04 . 2013-05-07 15:04 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2013-05-07 15:04 . 2013-05-07 15:04 -------- d-----w- c:\program files (x86)\GPLGS

2013-05-07 15:02 . 2012-10-04 22:49 87152 ----a-w- c:\windows\system32\cpwmon64.dll

2013-05-07 15:02 . 2013-05-07 15:02 -------- d-----w- c:\program files (x86)\Acro Software

2013-05-07 12:34 . 2013-05-07 12:34 -------- d-----w- c:\programdata\McAfee Security Scan

2013-05-07 12:34 . 2013-05-07 12:37 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2013-05-07 12:34 . 2013-05-07 12:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-05-07 12:24 . 2013-05-07 12:24 -------- d-----w- c:\program files (x86)\Scpad

2013-05-07 12:23 . 2013-05-07 12:23 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-05-07 12:22 . 2013-05-07 12:22 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-05-07 12:22 . 2013-05-07 12:22 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-05-07 12:22 . 2013-05-07 12:22 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-07 12:22 . 2013-05-07 12:22 -------- d-----w- c:\program files (x86)\Java

2013-05-07 11:55 . 2013-05-14 14:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-05-07 11:55 . 2013-05-20 13:04 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-05-07 02:28 . 2013-05-07 02:28 -------- d-----w- c:\programdata\AVG2013

2013-05-07 02:27 . 2013-05-07 02:27 -------- d-----w- c:\program files (x86)\AVG

2013-05-07 02:19 . 2013-05-20 11:23 -------- d-----w- c:\programdata\MFAData

2013-05-07 02:19 . 2013-05-07 02:19 -------- d--h--w- c:\programdata\Common Files

2013-05-06 21:45 . 2013-05-06 16:59 -------- d-----w- c:\windows\Panther

2013-05-06 21:24 . 2013-05-06 21:24 -------- d-----w- C:\Windows.old.003

2013-05-06 18:48 . 2013-05-06 18:48 -------- d-----w- c:\program files (x86)\Microsoft Works

2013-05-06 18:48 . 2013-05-06 18:48 -------- d-----w- c:\windows\PCHEALTH

2013-05-06 18:48 . 2013-05-06 18:48 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-05-06 18:47 . 2013-05-06 18:47 -------- d-----w- c:\program files\Microsoft Office

2013-05-06 18:46 . 2013-05-06 18:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2013-05-06 18:46 . 2013-05-06 18:49 -------- d-----w- c:\programdata\Microsoft Help

2013-05-06 17:51 . 2013-05-14 14:50 -------- d-----w- c:\program files (x86)\uTorrent

2013-05-06 17:30 . 2013-05-06 17:31 -------- d-----w- c:\programdata\Atheros

2013-05-06 17:26 . 2013-04-17 09:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7308B0DC-8A30-4BF8-9E10-15737BC6CC74}\mpengine.dll

2013-05-06 17:26 . 2013-05-02 05:06 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-06 17:22 . 2011-01-12 20:51 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys

2013-05-06 17:21 . 2013-05-07 16:45 -------- d-----w- c:\program files (x86)\Google

2013-05-06 17:19 . 2013-05-06 17:47 -------- d-----w- c:\program files\Common Files\McAfee

2013-05-06 17:15 . 2013-05-06 17:22 -------- d-----w- c:\program files (x86)\Intel

2013-05-06 17:15 . 2010-12-15 08:10 53248 ----a-r- c:\windows\SysWow64\CSVer.dll

2013-05-06 17:10 . 2013-05-06 17:10 -------- d-----w- c:\program files (x86)\Common Files\Atheros

2013-05-06 17:09 . 2013-05-06 17:12 -------- d-----w- c:\program files (x86)\Dell Wireless

2013-05-06 17:09 . 2013-05-06 17:09 -------- d-----w- c:\windows\Options

2013-05-06 17:09 . 2011-04-21 23:17 2727424 ----a-w- c:\windows\system32\drivers\athrx.sys

2013-05-06 17:09 . 2011-04-21 23:17 2727424 ----a-w- c:\windows\system32\athrx.sys

2013-05-06 17:08 . 2013-05-06 17:09 -------- d-----w- c:\programdata\Dell

2013-05-06 17:06 . 2011-05-17 01:55 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-05-06 17:06 . 2011-05-17 01:55 533096 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-05-06 17:06 . 2011-05-17 01:55 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-05-06 17:06 . 2013-05-06 17:06 -------- d-----w- c:\program files (x86)\Realtek

2013-05-06 17:06 . 2013-05-06 17:22 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2013-05-06 17:05 . 2013-05-06 17:05 -------- d-----w- c:\windows\SysWow64\vmm32

2013-05-06 17:05 . 2013-05-06 17:05 -------- d-----w- c:\program files (x86)\Dell

2013-05-06 17:04 . 2013-05-20 12:21 -------- d-sh--w- c:\windows\Installer

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-29 05:53 . 2013-03-29 05:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-03-21 06:08 . 2013-03-21 06:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2013-02-06 16:32 1516456 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-20 146592]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-05-20 80032]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752]

S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2013-02-06 415144]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 scpVista;scpVista;c:\program files (x86)\Scpad\scpVista.exe [2012-10-24 360624]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-20 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-20 298656]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-20 29344]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-20 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-20 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-20 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-20 282272]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - ISODRIVE

*NewlyCreated* - SSPORT

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-06 17:26 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-07 16:21]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-06 17:21]

.

2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-06 17:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

mStart Page = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

TCP: DhcpNameServer = 192.168.1.1

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

FF - ProfilePath - c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14&l=1&q=

FF - prefs.js: browser.search.selectedEngine - WebSearch

FF - prefs.js: browser.startup.homepage - hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

FF - prefs.js: keyword.URL - hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14&l=1&q=

FF - ExtSQL: 2013-05-16 14:19; euukq@uxdd-.co.uk; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\euukq@uxdd-.co.uk

FF - ExtSQL: 2013-05-16 14:21; iuee4.khlo@aaya-yoeopgj.com; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\iuee4.khlo@aaya-yoeopgj.com

FF - ExtSQL: 2013-05-17 16:08; amrl.tddh@izg-mdcg.org; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\amrl.tddh@izg-mdcg.org

FF - ExtSQL: 2013-05-17 16:09; 21apmbgraay@sph-mza.net; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\21apmbgraay@sph-mza.net

FF - ExtSQL: 2013-05-18 12:55; {87F8774F-B485-47E2-A755-A40A8A5E8874}; c:\users\.PC\AppData\Local\GAS Tecnologia\GBBD\abn\xpi

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{E2EA1D0C-0836-59DD-1D73-918F8CF3A970} - c:\programdata\cyontinyueotoSavE\5195153736951.dll

BHO-{FFD09798-9832-3546-1FBD-D20536B469AF} - c:\programdata\cyontinyueotoSavE\5195158d4a0b8.dll

AddRemove-{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1 - c:\users\.PC\AppData\Roaming\unins000.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-05-20  10:20:02

ComboFix-quarantined-files.txt  2013-05-20 13:20

ComboFix2.txt  2013-05-06 12:38

ComboFix3.txt  2013-02-14 12:48

ComboFix4.txt  2013-01-04 11:16

ComboFix5.txt  2013-05-20 13:12

.

Pré-execução: 285.111.992.320 bytes disponíveis

Pós execução: 285.255.888.896 bytes disponíveis

.

- - End Of File - - 281B71A93DCD3C832C40FF01359E8435

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:21:35, on 20/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: cyontinyueotoSavE - {E2EA1D0C-0836-59DD-1D73-918F8CF3A970} - C:\ProgramData\cyontinyueotoSavE\5195153736951.dll (file missing)

O2 - BHO: cyontinyueotoSavE - {FFD09798-9832-3546-1FBD-D20536B469AF} - C:\ProgramData\cyontinyueotoSavE\5195158d4a0b8.dll (file missing)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9898 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.301 - Relatório criado em 20/05/2013 às 13:38:07

# Atualizado em 16/05/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate  (64 bits)

# Usuário : .PC - PC-PC

# Modo de Boot : Normal

# Executado de : C:\Users\.PC\Downloads\adwcleaner.exe

# Opção [Remover]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

Arquivo Removido : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\searchplugins\WebSearch.xml

Removido Durante o reboot : C:\Program Files (x86)\continuetosave

Removido Durante o reboot : C:\Program Files (x86)\Optimizer Pro

Removido Durante o reboot : C:\Program Files (x86)\WebSearch

Removido Durante o reboot : C:\ProgramData\InstallMate

 

***** [Registro] *****

 

Chave Removida : HKCU\Software\AppDataLow\SProtector

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Chave Removida : HKLM\Software\SP Global

Chave Removida : HKLM\Software\SProtector

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

 

***** [Navegadores] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14 --> hxxp://www.google.com

Substituído : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14 --> hxxp://www.google.com

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

Arquivo : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\prefs.js

 

Removida : user_pref("aol_toolbar.default.homepage.check", false);

Removida : user_pref("aol_toolbar.default.search.check", false);

Removida : user_pref("browser.search.defaultenginename", "WebSearch");

Removida : user_pref("browser.search.defaultenginename,S", "WebSearch");

Removida : user_pref("browser.search.defaulturl", "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hi[...]

Removida : user_pref("browser.search.order.1", "WebSearch");

Removida : user_pref("browser.search.order.1,S", "WebSearch");

Removida : user_pref("browser.search.selectedEngine", "WebSearch");

Removida : user_pref("browser.search.selectedEngine,S", "WebSearch");

Removida : user_pref("browser.startup.homepage", "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid[...]

Removida : user_pref("extensions.5195153736868.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Removida : user_pref("extensions.5195158d49fd9.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Removida : user_pref("extensions.51968019bb75d.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Removida : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Removida : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Removida : user_pref("keyword.URL", "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&l[...]

Removida : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Removida : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Removida : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Removida : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Removida : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Removida : user_pref("sweetim.toolbar.searchguard.enable", "");

 

-\\ Google Chrome v26.0.1410.64

 

Arquivo : C:\Users\.PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Removida [l.51] : icon_url = "hxxp://websearch.lookforithere.info/favicon.ico",

Removida [l.54] : keyword = "websearch",

Removida [l.58] : search_url = "hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=922&r=2013/05/17&h[...]

Removida [l.2162] : homepage = "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR[...]

Removida [l.2308] : urls_to_restore_on_startup = [ "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid[...]

 

*************************

 

AdwCleaner[s2].txt - [942 octets] - [16/05/2013 11:14:00]

AdwCleaner[s3].txt - [4527 octets] - [20/05/2013 13:38:07]

 

########## EOF - C:\AdwCleaner[s3].txt - [4587 octets] ##########

 

 

 

 

 

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:44:22, on 20/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: cyontinyueotoSavE - {E2EA1D0C-0836-59DD-1D73-918F8CF3A970} - C:\ProgramData\cyontinyueotoSavE\5195153736951.dll (file missing)

O2 - BHO: cyontinyueotoSavE - {FFD09798-9832-3546-1FBD-D20536B469AF} - C:\ProgramData\cyontinyueotoSavE\5195158d4a0b8.dll (file missing)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9622 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by .PC on 20/05/2013 at 16:48:33,24

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\Program Files (x86)\continuetosave"

Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"

Successfully deleted: [Folder] "C:\Program Files (x86)\websearch"

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\prefs.js

 

user_pref("extensions.5195153736868.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio

user_pref("extensions.5195158d49fd9.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio

user_pref("extensions.51968019bb75d.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio

Emptied folder: C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\minidumps [3 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20/05/2013 at 16:51:53,88

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Olá, Não apareceu a opção para ativar/desativar a versão trial. Abraços Mbam.txt hijackthis II.log  
    • 1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções. 2. Faça download do AdwCleaner e salve-o na sua Área de Trabalho (desktop) 3. Execute o adwcleaner.exe Usuários do Windows Vista, 7, 8 ou 8.1: clique com o botão direito do mouse no ícone do adwcleaner.exe e selecione   4. Clique no botão Verificar e depois em Limpar 5. Salve o Log criado 6. Faça download do JRT (Junkware Removal Tool) e salve-o na sua Área de Trabalho 7. Dê um duplo-clique no arquivo JRT para executá-lo Usuários do Windows 7, 8, 8.1, ou 10: clique com o botão direito do mouse no ícone do JRT.exe e selecione   8. O JRT começará o exame do seu Sistema. Tenha paciência pois pode demorar alguns minutos dependendo da quantidades de itens examinados 9. No final um novo arquivo JRT.txt aparecerá na sua Área de Trabalho e uma janela se abrirá com o conteúdo deste arquivo (log do JRT) 10. Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com o Log do AdwCleaner (item 5 acima) e o novo log do HijackThis
    • Olá, Geneci. Experimente: =(B2*(1+D2))*D2+B2  ou  =(B2+B2*D2)*D2+B2
    • Tentei, mas o programa não abriu e apareceu uma caixa de diálogo que diz "unable to start / unable to connect the service". V. imagem anexa à mensagem.
    • Baixe o Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções: 1. Execute o MBAM e prossiga com a instalação até chegar na tela abaixo. Você deve desmarcar a opção Ativar trial gratuito do Malwarebytes Anti-Malware Pro  2. O programa de instalação será finalizado e o MBAM será executado e automaticamente atualizará o seu banco de dados. Enquanto ele faz isso, clique no menu Configurações > Detecção e proteção (à esquerda) e clique na opção Procurar rootkits. Verifique também se as duas opções mostradas abaixo estão ambas configuradas como Tratar detecções como malware: 3. Clique no menu Painel para voltar à tela principal e clique no botão Verificar. O MBAM iniciará a verificação de malwares no seu computador. Essa tarefa pode demorar bastante se houverem muitos arquivos. Aguarde a finalização de todos os processos. Se no final o MBAM detectou algum malware, inicialmente clique na opção Salvar resultados > escolha a opção Arquivo de texto (*.txt) > Salve o arquivo: Agora clique no botão Remover selecionados para as ameaças serem removidas.  Se o MBAM encontrar arquivos que não podem ser removidos, ele solicitará a reinicialização do computador (talvez mais de uma vez). Se isso acontecer, reinicie o computador imediatamente. 4. Agora abra o arquivo que você salvou no item anterior.  Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com um novo Log do HiJackThis .
    • tenho uma placa-mãe de servidor com 2 entradas de rede. uso Windows 7 ultimate 64bits. Meu problema é esse: Uso 2 redes, e preciso configurar um programa  para uma determinada rede(ex: usar Utorrent na rede a e o IDM na rede B), como posso fazer isso?
    • Ok, seguem os logs: ############################## | UsbFix V 9.028 | [Limpar] Usuário: PC (Administrador) # PC-HP-72379
      Atualizado em 23/02/2017 por SOSVirus
      Começou em 15:26:06 | 23/02/2017 Site : https://www.usb-antivírus.com/pt/
      Manual : https://www.usb-antivírus.com/pt/2014/03/tutorial-do-usbfix-scan/
      Asistencia : https://www.sosvirus.org/
      Detecção en vivo : http://www.sosmalware.com/br/usbfix/
      Contato : https://www.usb-antivírus.com/pt/contato/ ################## | System information | MB: Hewlett-Packard (1633)
      CPU: AMD A4-3310MX APU with Radeon(tm) HD Graphics
      RAM -> [Total : 3552 Mo | Free : 746 Mo]
      BIOS: Hewlett-Packard
      Boot: Normal boot OS: Microsoft™ Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
      WB: Internet Explorer : 11.00.9600.16428
      WB: Google Chrome : 56.0.2924.87
      WB: Mozilla Firefox : 51.0.1 ################## | Security Information | AV: avast! Internet Security [(!) Não ativo |(!) Não atualizado]
      AV: Microsoft Security Essentials [Ativo |Atualizado]
      AS: Microsoft Security Essentials [Ativo |Atualizado]
      AS: avast! Internet Security [(!) Não ativo |(!) Não atualizado]
      AS: Windows Defender [(!) Não ativo |Atualizado]
      FW: avast! Internet Security [(!) Não ativo]
      FW: Windows Firewall [Ativo]
      SC: Security Center [Ativo]
      WU: Windows Update [Ativo] ################## | Disk Information | C:\ (%SystemDrive%) -> Disco fixo # 447 Gb (341 Gb livre - 76%) [] # NTFS
      D:\ -> Disco removível # 7 Gb (4 Gb livre - 59%) [MAURA AULAS] # FAT32
      E:\ -> Disco fixo # 13 Gb (2 Gb livre - 15%) [HP_RECOVERY] # NTFS
      F:\ -> Disco fixo # 5 Gb (2 Gb livre - 42%) [HP_TOOLS] # FAT32
      H:\ -> Disco removível # 7 Gb (7 Gb livre - 100%) [] # FAT32 ################## | Procura genérica | Supprimido! D:\Aryanna 1.4.m4a.lnk
      Supprimido! D:\Aryanna 2.1.m4a.lnk
      Supprimido! D:\Aryanna 2.2.m4a.lnk
      Supprimido! D:\Aryanna 2.3.m4a.lnk
      Supprimido! D:\Aryanna 2.4.m4a.lnk
      Supprimido! D:\Aryanna 3.1.m4a.lnk
      Supprimido! D:\Aryanna 3.2a.m4a.lnk
      Supprimido! D:\Aryanna 3.2b.m4a.lnk
      Supprimido! D:\Aryanna 3.2c.m4a.lnk
      Supprimido! D:\Aryanna 3.3a.m4a.lnk
      Supprimido! D:\Aryanna 3.3b.m4a.lnk
      Supprimido! D:\Aryanna 3.4.m4a.lnk
      Supprimido! D:\Aryanna 4.1.m4a.lnk
      Supprimido! D:\Aryanna 4.2.m4a.lnk
      Supprimido! D:\Aryanna 4.3.m4a.lnk
      Supprimido! D:\Aryanna 4.4.m4a.lnk
      Supprimido! D:\Aryanna 5.1a.m4a.lnk
      Supprimido! D:\Aryanna 5.1b.m4a.lnk
      Supprimido! D:\Aryanna 5.2a.m4a.lnk
      Supprimido! D:\Aryanna 5.2b.m4a.lnk
      Supprimido! D:\Aryanna 5.3a.m4a.lnk
      Supprimido! D:\Aryanna 5.3b.m4a.lnk
      Supprimido! D:\Aryanna 5.3c.m4a.lnk
      Supprimido! D:\Aryanna 5.4.m4a.lnk
      Supprimido! D:\Civil 2.3.m4a.lnk
      Supprimido! D:\Civil 2.4a.m4a.lnk
      Supprimido! D:\Civil 2.4b.m4a.lnk
      Supprimido! D:\Civil 3.1.m4a.lnk
      Supprimido! D:\Civil 3.1a.m4a.lnk
      Supprimido! D:\Civil 3.1b.m4a.lnk
      Supprimido! D:\Civil 3.2.m4a.lnk
      Supprimido! D:\Civil 3.4.m4a.lnk
      Supprimido! D:\Civil 4.2.m4a.lnk
      Supprimido! D:\Civil 4.3.m4a.lnk
      Supprimido! D:\Civil 4.4.m4a.lnk
      Supprimido! D:\Cjvil 4.1.m4a.lnk
      Supprimido! D:\Cpi , CD, SF- aula 3.1.m4a.lnk
      Supprimido! D:\Edem 2.1a.m4a.lnk
      Supprimido! D:\Edem 2.1b.m4a.lnk
      Supprimido! D:\Edem 2.2.m4a.lnk
      Supprimido! D:\Edem 2.3.m4a.lnk
      Supprimido! D:\Edem 2.4.m4a.lnk
      Supprimido! D:\Edem 3.1.m4a.lnk
      Supprimido! D:\Edem 3.2.m4a.lnk
      Supprimido! D:\Edem 3.3.m4a.lnk
      Supprimido! D:\Edem 3.4a.m4a.lnk
      Supprimido! D:\Edem 3.4b.m4a.lnk
      Supprimido! D:\Elizabete 1.1a.m4a.lnk
      Supprimido! D:\Elizabete 1.1b.m4a.lnk
      Supprimido! D:\Elizabete 1.2.m4a.lnk
      Supprimido! D:\Elizabete 1.3.m4a.lnk
      Supprimido! D:\Elizabete 1.4.m4a.lnk
      Supprimido! D:\Elizabete 2.1.m4a.lnk
      Supprimido! D:\Elizabete 2.2.m4a.lnk
      Supprimido! D:\Elizabete 2.3.m4a.lnk
      Supprimido! D:\Elizabete 2.4.m4a.lnk
      Supprimido! D:\Eu te desejo.m4a.lnk
      Supprimido! D:\Flavia 3.3 adi interventiva.m4a.lnk
      Supprimido! D:\Flavia 3.4b.m4a.lnk
      Supprimido! D:\Flavis 3.4a.m4a.lnk
      Supprimido! D:\Gustavo 3.1.m4a.lnk
      Supprimido! D:\Gustavo 3.2.m4a.lnk
      Supprimido! D:\Gustavo 3.3.m4a.lnk
      Supprimido! D:\Gustavo 3.4.m4a.lnk
      Supprimido! D:\Gustavo 4.1.m4a.lnk
      Supprimido! D:\Gustavo 4.2.m4a.lnk
      Supprimido! D:\Gustavo 4.3.m4a.lnk
      Supprimido! D:\Gustavo 4.4.m4a.lnk
      Supprimido! D:\Joao Paulo 1.1.m4a.lnk
      Supprimido! D:\Joao Paulo 1.2.m4a.lnk
      Supprimido! D:\Joao Paulo 1.3.m4a.lnk
      Supprimido! D:\Joao Paulo 1.4.m4a.lnk
      Supprimido! D:\Joao Paulo 2.1.m4a.lnk
      Supprimido! D:\Joao Paulo 2.2a.m4a.lnk
      Supprimido! D:\Joao Paulo 2.2b.m4a.lnk
      Supprimido! D:\Joao Paulo 2.2c.m4a.lnk
      Supprimido! D:\Joao Paulo 2.3.m4a.lnk
      Supprimido! D:\Joao Paulo 2.4.m4a.lnk
      Supprimido! D:\PENAL 2.1.m4a.lnk
      Supprimido! D:\Penal 2.2a.m4a.lnk
      Supprimido! D:\Penal 2.2b.m4a.lnk
      Supprimido! D:\Penal 2.3.m4a.lnk
      Supprimido! D:\Penal 2.4.m4a.lnk
      Supprimido! D:\Perempção no p.trab..m4a.lnk
      Supprimido! D:\Pres. Rep e questões a2-v3.m4a.lnk
      Supprimido! D:\Prevenção criminal, extraterritorialidade - a1v2.m4a.lnk
      Supprimido! D:\Processo legislativo -a 2 v2.m4a.lnk
      Supprimido! D:\Questão  penal 7-11 aula 1.4.m4a.lnk
      Supprimido! D:\Questão 04 penal.m4a.lnk
      Supprimido! D:\Questao 05 penal.m4a.lnk
      Supprimido! D:\Questáo 06 penal.m4a.lnk
      Supprimido! D:\Questoes f. Essenc. Just. A2-v2.m4a.lnk
      Supprimido! D:\Rádio 001.m4a.lnk
      Supprimido! D:\Res. e dec. Leg., d.sociais- aula 3.2.m4a.lnk
      Supprimido! D:\TCU - flavia.m4a.lnk
      Supprimido! D:\Tonassi 2.2.m4a.lnk
      Supprimido! D:\Tonassi 2.1.m4a.lnk
      Supprimido! D:\Tonassi 2.3.m4a.lnk
      Supprimido! D:\Tonassi 2.4.m4a.lnk
      Supprimido! D:\Tonassi 3.1.m4a.lnk
      Supprimido! D:\Tonassi 3.2.m4a.lnk
      Supprimido! D:\Gustavo 2.4b.m4a.lnk
      Supprimido! D:\Gustavo - 2.1.m4a.lnk
      Supprimido! D:\Gustavo 2.2a.m4a.lnk
      Supprimido! D:\Gustavo 2.2b.m4a.lnk
      Supprimido! D:\Gustavo 2.2c.m4a.lnk
      Supprimido! D:\Gustavo 2.3.m4a.lnk
      Supprimido! D:\Gustavo 2.4a.m4a.lnk
      Supprimido! D:\50 dicas - TRT-PA.pdf.lnk
      Supprimido! D:\Conceito do ciclo PDCA.docx.lnk
      Supprimido! D:\OJH 2182  SAVEIRO.docx.lnk
      Supprimido! D:\delta pará.pdf.lnk
      Supprimido! D:\oitiva AGNALDO.docx.lnk
      Supprimido! D:\depoimento RANAILTON.docx.lnk
      Supprimido! D:\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx.lnk
      Supprimido! D:\LUANA DA CONCEIÇÃO.docx.lnk
      Supprimido! D:\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf.lnk
      Supprimido! D:\System Volume Information.lnk
      Supprimido! D:\LOST.DIR.lnk
      Supprimido! D:\Nova pasta.lnk
      Supprimido! D:\video whatzap.lnk
      Supprimido! D:\Tonassi 3.3.m4a.lnk
      Supprimido! D:\Tonassi 3.4b.m4a.lnk
      Supprimido! D:\Tonassi 4.1.m4a.lnk
      Supprimido! D:\Tonassi 4.2.m4a.lnk
      Supprimido! D:\Tonassi 4.3.m4a.lnk
      Supprimido! D:\Tonassi 4.4.m4a.lnk
      Supprimido! D:\Tonassi 5.1.m4a.lnk
      Supprimido! D:\Tonassi 5.2a.m4a.lnk
      Supprimido! D:\Tonassi 5.2b.m4a.lnk
      Supprimido! D:\Tonassi 5.3a.m4a.lnk
      Supprimido! D:\Tonassi 5.3b.m4a.lnk
      Supprimido! D:\Tonassi 5.4.m4a.lnk
      Supprimido! D:\ação civil publica (c.constit)a2-v3.m4a.lnk
      Supprimido! D:\AFO 1.1.m4a.lnk
      Supprimido! D:\AFO 1.2.m4a.lnk
      Supprimido! D:\AFO 1.3a.m4a.lnk
      Supprimido! D:\AFO 1.3b.m4a.lnk
      Supprimido! D:\AFO 1.4.m4a.lnk
      Supprimido! D:\AFO 2.1.m4a.lnk
      Supprimido! D:\AFO 2.2.m4a.lnk
      Supprimido! D:\AFO 2.3a.m4a.lnk
      Supprimido! D:\AFO 2.3b.m4a.lnk
      Supprimido! D:\AFO 2.4a.m4a.lnk
      Supprimido! D:\AFO 2.4b.m4a.lnk
      Supprimido! D:\Aryanna 1.1.m4a.lnk
      Supprimido! D:\Aryanna 1.2.m4a.lnk
      Supprimido! D:\Aryanna 1.3.m4a.lnk
      Supprimido! C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk
      Não supprimido ! ... Tentative au redémarrage... D:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
      Supprimido! D:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665
      Supprimido! D:\1.bat
      Supprimido! H:\1.bat
      Restorado! [D] D:\Drive
      Restorado! D:\.Trashes\641\fsmikgut.js -> D:\641\fsmikgut.js
      Restorado! D:\.Trashes\System Volume Information\IndexerVolumeGuid -> D:\System Volume Information\IndexerVolumeGuid
      Restorado! D:\.Trashes\video whatzap\VID-20160529-WA0003.mp4 -> D:\video whatzap\VID-20160529-WA0003.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160531-WA0007.mp4 -> D:\video whatzap\VID-20160531-WA0007.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160531-WA0008.mp4 -> D:\video whatzap\VID-20160531-WA0008.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160531-WA0010.mp4 -> D:\video whatzap\VID-20160531-WA0010.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160601-WA0041.mp4 -> D:\video whatzap\VID-20160601-WA0041.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160603-WA0023.mp4 -> D:\video whatzap\VID-20160603-WA0023.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160609-WA0047.mp4 -> D:\video whatzap\VID-20160609-WA0047.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160612-WA0034.mp4 -> D:\video whatzap\VID-20160612-WA0034.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160613-WA0008.mp4 -> D:\video whatzap\VID-20160613-WA0008.mp4
      Restorado! D:\.Trashes\video whatzap\Bagaça-bruno batista.mp4 -> D:\video whatzap\Bagaça-bruno batista.mp4
      Restorado! D:\.Trashes\video whatzap\Helena no espelho.mp4 -> D:\video whatzap\Helena no espelho.mp4
      Restorado! D:\.Trashes\video whatzap\Junior brandao.mp4 -> D:\video whatzap\Junior brandao.mp4
      Restorado! D:\.Trashes\video whatzap\Marina carol.mp4 -> D:\video whatzap\Marina carol.mp4
      Restorado! D:\.Trashes\video whatzap\Nicer helena 2.mp4 -> D:\video whatzap\Nicer helena 2.mp4
      Restorado! D:\.Trashes\video whatzap\Niver helena.mp4 -> D:\video whatzap\Niver helena.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160314-WA0013.mp4 -> D:\video whatzap\VID-20160314-WA0013.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160329-WA0031.mp4 -> D:\video whatzap\VID-20160329-WA0031.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160504-WA0016.mp4 -> D:\video whatzap\VID-20160504-WA0016.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160505-WA0041.mp4 -> D:\video whatzap\VID-20160505-WA0041.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160514-WA0041.mp4 -> D:\video whatzap\VID-20160514-WA0041.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160523-WA0036.mp4 -> D:\video whatzap\VID-20160523-WA0036.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160526-WA0027.mp4 -> D:\video whatzap\VID-20160526-WA0027.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160526-WA0028.mp4 -> D:\video whatzap\VID-20160526-WA0028.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160527-WA0048.mp4 -> D:\video whatzap\VID-20160527-WA0048.mp4
      Restorado! D:\.Trashes\Tonassi 3.3.m4a -> D:\Tonassi 3.3.m4a
      Restorado! D:\.Trashes\Tonassi 3.4b.m4a -> D:\Tonassi 3.4b.m4a
      Restorado! D:\.Trashes\Tonassi 4.1.m4a -> D:\Tonassi 4.1.m4a
      Restorado! D:\.Trashes\Tonassi 4.2.m4a -> D:\Tonassi 4.2.m4a
      Restorado! D:\.Trashes\Tonassi 4.3.m4a -> D:\Tonassi 4.3.m4a
      Restorado! D:\.Trashes\Tonassi 4.4.m4a -> D:\Tonassi 4.4.m4a
      Restorado! D:\.Trashes\Tonassi 5.1.m4a -> D:\Tonassi 5.1.m4a
      Restorado! D:\.Trashes\Tonassi 5.2a.m4a -> D:\Tonassi 5.2a.m4a
      Restorado! D:\.Trashes\Tonassi 5.2b.m4a -> D:\Tonassi 5.2b.m4a
      Restorado! D:\.Trashes\Tonassi 5.3a.m4a -> D:\Tonassi 5.3a.m4a
      Restorado! D:\.Trashes\Tonassi 5.3b.m4a -> D:\Tonassi 5.3b.m4a
      Restorado! D:\.Trashes\Tonassi 5.4.m4a -> D:\Tonassi 5.4.m4a
      Restorado! D:\.Trashes\ação civil publica (c.constit)a2-v3.m4a -> D:\ação civil publica (c.constit)a2-v3.m4a
      Restorado! D:\.Trashes\AFO 1.1.m4a -> D:\AFO 1.1.m4a
      Restorado! D:\.Trashes\AFO 1.2.m4a -> D:\AFO 1.2.m4a
      Restorado! D:\.Trashes\AFO 1.3a.m4a -> D:\AFO 1.3a.m4a
      Restorado! D:\.Trashes\AFO 1.3b.m4a -> D:\AFO 1.3b.m4a
      Restorado! D:\.Trashes\AFO 1.4.m4a -> D:\AFO 1.4.m4a
      Restorado! D:\.Trashes\AFO 2.1.m4a -> D:\AFO 2.1.m4a
      Restorado! D:\.Trashes\AFO 2.2.m4a -> D:\AFO 2.2.m4a
      Restorado! D:\.Trashes\AFO 2.3a.m4a -> D:\AFO 2.3a.m4a
      Restorado! D:\.Trashes\AFO 2.3b.m4a -> D:\AFO 2.3b.m4a
      Restorado! D:\.Trashes\AFO 2.4a.m4a -> D:\AFO 2.4a.m4a
      Restorado! D:\.Trashes\AFO 2.4b.m4a -> D:\AFO 2.4b.m4a
      Restorado! D:\.Trashes\Aryanna 1.1.m4a -> D:\Aryanna 1.1.m4a
      Restorado! D:\.Trashes\Aryanna 1.2.m4a -> D:\Aryanna 1.2.m4a
      Restorado! D:\.Trashes\Aryanna 1.3.m4a -> D:\Aryanna 1.3.m4a
      Restorado! D:\.Trashes\Aryanna 1.4.m4a -> D:\Aryanna 1.4.m4a
      Restorado! D:\.Trashes\Aryanna 2.1.m4a -> D:\Aryanna 2.1.m4a
      Restorado! D:\.Trashes\Aryanna 2.2.m4a -> D:\Aryanna 2.2.m4a
      Restorado! D:\.Trashes\Aryanna 2.3.m4a -> D:\Aryanna 2.3.m4a
      Restorado! D:\.Trashes\Aryanna 2.4.m4a -> D:\Aryanna 2.4.m4a
      Restorado! D:\.Trashes\Aryanna 3.1.m4a -> D:\Aryanna 3.1.m4a
      Restorado! D:\.Trashes\Aryanna 3.2a.m4a -> D:\Aryanna 3.2a.m4a
      Restorado! D:\.Trashes\Aryanna 3.2b.m4a -> D:\Aryanna 3.2b.m4a
      Restorado! D:\.Trashes\Aryanna 3.2c.m4a -> D:\Aryanna 3.2c.m4a
      Restorado! D:\.Trashes\Aryanna 3.3a.m4a -> D:\Aryanna 3.3a.m4a
      Restorado! D:\.Trashes\Aryanna 3.3b.m4a -> D:\Aryanna 3.3b.m4a
      Restorado! D:\.Trashes\Aryanna 3.4.m4a -> D:\Aryanna 3.4.m4a
      Restorado! D:\.Trashes\Aryanna 4.1.m4a -> D:\Aryanna 4.1.m4a
      Restorado! D:\.Trashes\Aryanna 4.2.m4a -> D:\Aryanna 4.2.m4a
      Restorado! D:\.Trashes\Aryanna 4.3.m4a -> D:\Aryanna 4.3.m4a
      Restorado! D:\.Trashes\Aryanna 4.4.m4a -> D:\Aryanna 4.4.m4a
      Restorado! D:\.Trashes\Aryanna 5.1a.m4a -> D:\Aryanna 5.1a.m4a
      Restorado! D:\.Trashes\Aryanna 5.1b.m4a -> D:\Aryanna 5.1b.m4a
      Restorado! D:\.Trashes\Aryanna 5.2a.m4a -> D:\Aryanna 5.2a.m4a
      Restorado! D:\.Trashes\Aryanna 5.2b.m4a -> D:\Aryanna 5.2b.m4a
      Restorado! D:\.Trashes\Aryanna 5.3a.m4a -> D:\Aryanna 5.3a.m4a
      Restorado! D:\.Trashes\Aryanna 5.3b.m4a -> D:\Aryanna 5.3b.m4a
      Restorado! D:\.Trashes\Aryanna 5.3c.m4a -> D:\Aryanna 5.3c.m4a
      Restorado! D:\.Trashes\Aryanna 5.4.m4a -> D:\Aryanna 5.4.m4a
      Restorado! D:\.Trashes\Civil 2.3.m4a -> D:\Civil 2.3.m4a
      Restorado! D:\.Trashes\Civil 2.4a.m4a -> D:\Civil 2.4a.m4a
      Restorado! D:\.Trashes\Civil 2.4b.m4a -> D:\Civil 2.4b.m4a
      Restorado! D:\.Trashes\Civil 3.1.m4a -> D:\Civil 3.1.m4a
      Restorado! D:\.Trashes\Civil 3.1a.m4a -> D:\Civil 3.1a.m4a
      Restorado! D:\.Trashes\Civil 3.1b.m4a -> D:\Civil 3.1b.m4a
      Restorado! D:\.Trashes\Civil 3.2.m4a -> D:\Civil 3.2.m4a
      Restorado! D:\.Trashes\Civil 3.4.m4a -> D:\Civil 3.4.m4a
      Restorado! D:\.Trashes\Civil 4.2.m4a -> D:\Civil 4.2.m4a
      Restorado! D:\.Trashes\Civil 4.3.m4a -> D:\Civil 4.3.m4a
      Restorado! D:\.Trashes\Civil 4.4.m4a -> D:\Civil 4.4.m4a
      Restorado! D:\.Trashes\Cjvil 4.1.m4a -> D:\Cjvil 4.1.m4a
      Restorado! D:\.Trashes\Cpi , CD, SF- aula 3.1.m4a -> D:\Cpi , CD, SF- aula 3.1.m4a
      Restorado! D:\.Trashes\Edem 2.1a.m4a -> D:\Edem 2.1a.m4a
      Restorado! D:\.Trashes\Edem 2.1b.m4a -> D:\Edem 2.1b.m4a
      Restorado! D:\.Trashes\Edem 2.2.m4a -> D:\Edem 2.2.m4a
      Restorado! D:\.Trashes\Edem 2.3.m4a -> D:\Edem 2.3.m4a
      Restorado! D:\.Trashes\Edem 2.4.m4a -> D:\Edem 2.4.m4a
      Restorado! D:\.Trashes\Edem 3.1.m4a -> D:\Edem 3.1.m4a
      Restorado! D:\.Trashes\Edem 3.2.m4a -> D:\Edem 3.2.m4a
      Restorado! D:\.Trashes\Edem 3.3.m4a -> D:\Edem 3.3.m4a
      Restorado! D:\.Trashes\Edem 3.4a.m4a -> D:\Edem 3.4a.m4a
      Restorado! D:\.Trashes\Edem 3.4b.m4a -> D:\Edem 3.4b.m4a
      Restorado! D:\.Trashes\Elizabete 1.1a.m4a -> D:\Elizabete 1.1a.m4a
      Restorado! D:\.Trashes\Elizabete 1.1b.m4a -> D:\Elizabete 1.1b.m4a
      Restorado! D:\.Trashes\Elizabete 1.2.m4a -> D:\Elizabete 1.2.m4a
      Restorado! D:\.Trashes\Elizabete 1.3.m4a -> D:\Elizabete 1.3.m4a
      Restorado! D:\.Trashes\Elizabete 1.4.m4a -> D:\Elizabete 1.4.m4a
      Restorado! D:\.Trashes\Elizabete 2.1.m4a -> D:\Elizabete 2.1.m4a
      Restorado! D:\.Trashes\Elizabete 2.2.m4a -> D:\Elizabete 2.2.m4a
      Restorado! D:\.Trashes\Elizabete 2.3.m4a -> D:\Elizabete 2.3.m4a
      Restorado! D:\.Trashes\Elizabete 2.4.m4a -> D:\Elizabete 2.4.m4a
      Restorado! D:\.Trashes\Eu te desejo.m4a -> D:\Eu te desejo.m4a
      Restorado! D:\.Trashes\Flavia 3.3 adi interventiva.m4a -> D:\Flavia 3.3 adi interventiva.m4a
      Restorado! D:\.Trashes\Flavia 3.4b.m4a -> D:\Flavia 3.4b.m4a
      Restorado! D:\.Trashes\Flavis 3.4a.m4a -> D:\Flavis 3.4a.m4a
      Restorado! D:\.Trashes\Gustavo 3.1.m4a -> D:\Gustavo 3.1.m4a
      Restorado! D:\.Trashes\Gustavo 3.2.m4a -> D:\Gustavo 3.2.m4a
      Restorado! D:\.Trashes\Gustavo 3.3.m4a -> D:\Gustavo 3.3.m4a
      Restorado! D:\.Trashes\Gustavo 3.4.m4a -> D:\Gustavo 3.4.m4a
      Restorado! D:\.Trashes\Gustavo 4.1.m4a -> D:\Gustavo 4.1.m4a
      Restorado! D:\.Trashes\Gustavo 4.2.m4a -> D:\Gustavo 4.2.m4a
      Restorado! D:\.Trashes\Gustavo 4.3.m4a -> D:\Gustavo 4.3.m4a
      Restorado! D:\.Trashes\Gustavo 4.4.m4a -> D:\Gustavo 4.4.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.1.m4a -> D:\Joao Paulo 1.1.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.2.m4a -> D:\Joao Paulo 1.2.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.3.m4a -> D:\Joao Paulo 1.3.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.4.m4a -> D:\Joao Paulo 1.4.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.1.m4a -> D:\Joao Paulo 2.1.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.2a.m4a -> D:\Joao Paulo 2.2a.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.2b.m4a -> D:\Joao Paulo 2.2b.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.2c.m4a -> D:\Joao Paulo 2.2c.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.3.m4a -> D:\Joao Paulo 2.3.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.4.m4a -> D:\Joao Paulo 2.4.m4a
      Restorado! D:\.Trashes\PENAL 2.1.m4a -> D:\PENAL 2.1.m4a
      Restorado! D:\.Trashes\Penal 2.2a.m4a -> D:\Penal 2.2a.m4a
      Restorado! D:\.Trashes\Penal 2.2b.m4a -> D:\Penal 2.2b.m4a
      Restorado! D:\.Trashes\Penal 2.3.m4a -> D:\Penal 2.3.m4a
      Restorado! D:\.Trashes\Penal 2.4.m4a -> D:\Penal 2.4.m4a
      Restorado! D:\.Trashes\Perempção no p.trab..m4a -> D:\Perempção no p.trab..m4a
      Restorado! D:\.Trashes\Pres. Rep e questões a2-v3.m4a -> D:\Pres. Rep e questões a2-v3.m4a
      Restorado! D:\.Trashes\Prevenção criminal, extraterritorialidade - a1v2.m4a -> D:\Prevenção criminal, extraterritorialidade - a1v2.m4a
      Restorado! D:\.Trashes\Processo legislativo -a 2 v2.m4a -> D:\Processo legislativo -a 2 v2.m4a
      Restorado! D:\.Trashes\Questão  penal 7-11 aula 1.4.m4a -> D:\Questão  penal 7-11 aula 1.4.m4a
      Restorado! D:\.Trashes\Questão 04 penal.m4a -> D:\Questão 04 penal.m4a
      Restorado! D:\.Trashes\Questao 05 penal.m4a -> D:\Questao 05 penal.m4a
      Restorado! D:\.Trashes\Questáo 06 penal.m4a -> D:\Questáo 06 penal.m4a
      Restorado! D:\.Trashes\Questoes f. Essenc. Just. A2-v2.m4a -> D:\Questoes f. Essenc. Just. A2-v2.m4a
      Restorado! D:\.Trashes\Rádio 001.m4a -> D:\Rádio 001.m4a
      Restorado! D:\.Trashes\Res. e dec. Leg., d.sociais- aula 3.2.m4a -> D:\Res. e dec. Leg., d.sociais- aula 3.2.m4a
      Restorado! D:\.Trashes\TCU - flavia.m4a -> D:\TCU - flavia.m4a
      Restorado! D:\.Trashes\Tonassi 2.2.m4a -> D:\Tonassi 2.2.m4a
      Restorado! D:\.Trashes\Tonassi 2.1.m4a -> D:\Tonassi 2.1.m4a
      Restorado! D:\.Trashes\Tonassi 2.3.m4a -> D:\Tonassi 2.3.m4a
      Restorado! D:\.Trashes\Tonassi 2.4.m4a -> D:\Tonassi 2.4.m4a
      Restorado! D:\.Trashes\Tonassi 3.1.m4a -> D:\Tonassi 3.1.m4a
      Restorado! D:\.Trashes\Tonassi 3.2.m4a -> D:\Tonassi 3.2.m4a
      Restorado! D:\.Trashes\Gustavo 2.4b.m4a -> D:\Gustavo 2.4b.m4a
      Restorado! D:\.Trashes\Gustavo - 2.1.m4a -> D:\Gustavo - 2.1.m4a
      Restorado! D:\.Trashes\Gustavo 2.2a.m4a -> D:\Gustavo 2.2a.m4a
      Restorado! D:\.Trashes\Gustavo 2.2b.m4a -> D:\Gustavo 2.2b.m4a
      Restorado! D:\.Trashes\Gustavo 2.2c.m4a -> D:\Gustavo 2.2c.m4a
      Restorado! D:\.Trashes\Gustavo 2.3.m4a -> D:\Gustavo 2.3.m4a
      Restorado! D:\.Trashes\Gustavo 2.4a.m4a -> D:\Gustavo 2.4a.m4a
      Restorado! D:\.Trashes\50 dicas - TRT-PA.pdf -> D:\50 dicas - TRT-PA.pdf
      Restorado! D:\.Trashes\Conceito do ciclo PDCA.docx -> D:\Conceito do ciclo PDCA.docx
      Restorado! D:\.Trashes\OJH 2182  SAVEIRO.docx -> D:\OJH 2182  SAVEIRO.docx
      Restorado! D:\.Trashes\delta pará.pdf -> D:\delta pará.pdf
      Restorado! D:\.Trashes\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx -> D:\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx
      Restorado! D:\.Trashes\depoimento RANAILTON.docx -> D:\depoimento RANAILTON.docx
      Restorado! D:\.Trashes\LUANA DA CONCEIÇÃO.docx -> D:\LUANA DA CONCEIÇÃO.docx
      Restorado! D:\.Trashes\758\ybtyledi.js -> D:\758\ybtyledi.js
      Restorado! D:\.Trashes\oitiva AGNALDO.docx -> D:\oitiva AGNALDO.docx
      Restorado! D:\.Trashes\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf -> D:\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf
      Restorado! D:\.Trashes\411\aqfrxjgg.js -> D:\411\aqfrxjgg.js
      Restorado! [D] H:\Drive
      Restorado! H:\.Trashes\641\fsmikgut.js -> H:\641\fsmikgut.js ################## | Startup | F2 - HKLM\..\Winlogon : [Shell] explorer.exe
      F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
      F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
      F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
      04 - HKCU\..\Run : [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
      04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
      04 - HKLM\..\Run : [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
      04 - HKLM\..\Run : [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
      04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      04 - HKLM\..\Run : [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
      04 - HKLM\..\Run : [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
      04 - HKLM\..\Run : [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
      04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
      04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      04 - HKLM\..\Run : [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe /autorun
      04 - HKLM\..\Run : [Stanley-L_XRX_S2P] C:\Program Files (x86)\Xerox\Xerox WorkCentre 3210\PSU\Scan2pc.exe
      04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      04 - [x64] HKLM\..\Run : [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
      04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
      04 - [x64] HKLM\..\Run : [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
      04 - [x64] HKLM\..\Run : [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
      04 - [x64] HKLM\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      04 - [x64] HKLM\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
      04 - [x64] HKLM\..\Run : [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe
      04 - [x64] HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      04 - [x64] HKLM\..\Run : [Malwarebytes TrayApp] "C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
      04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      04 - HKU\S-1-5-21-318916215-1358726986-2337555437-1001\..\Run : [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
      04 - HKU\S-1-5-21-318916215-1358726986-2337555437-1001\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
      04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
      04GS - Bluetooth.lnk : C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
      04GS - OCS Inventory NG Systray.lnk : C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe ################## | C:\ %SystemDrive% - Disco fixo (NTFS) | [09/06/2013 - 00:23:51 | A | 11 Ko] - C:\AdwCleaner[S1].txt
      [23/02/2017 - 14:45:15 | ASH | 3637420 Ko] - C:\hiberfil.sys
      [23/02/2017 - 14:45:18 | ASH | 3637420 Ko] - C:\pagefile.sys
      [28/10/2012 - 20:30:33 | D] - C:\SYSTEM.SAV
      [01/04/2015 - 15:59:00 | A | 1 Ko] - C:\.rnd
      [07/02/2017 - 09:22:44 | D] - C:\Config.Msi
      [19/12/2015 - 11:49:05 | SHD] - C:\$Recycle.Bin
      [14/07/2009 - 00:20:08 | D] - C:\PerfLogs
      [14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
      [21/11/2010 - 00:23:51 | RASH | 375 Ko] - C:\bootmgr
      [11/02/2011 - 02:13:50 | SHD] - C:\boot
      [13/07/2012 - 02:15:30 | D] - C:\EFI
      [13/07/2012 - 04:41:35 | D] - C:\hp
      [03/10/2012 - 15:38:58 | SHD] - C:\Recovery
      [03/10/2012 - 17:43:27 | D] - C:\programa
      [29/10/2012 - 03:53:41 | RHD] - C:\MSOCache
      [16/03/2014 - 21:13:46 | D] - C:\Game of Thrones
      [11/06/2014 - 22:22:40 | D] - C:\swsetup
      [18/02/2016 - 11:01:37 | D] - C:\Video
      [04/03/2016 - 15:00:32 | D] - C:\Arquivos de Programas RFB
      [19/12/2016 - 09:45:17 | D] - C:\Program Files (x86)
      [22/02/2017 - 21:57:22 | D] - C:\Windows
      [22/02/2017 - 23:39:52 | RD] - C:\Program Files
      [22/02/2017 - 23:39:52 | HD] - C:\ProgramData
      [23/02/2017 - 14:40:35 | RD] - C:\Users
      [23/02/2017 - 15:30:16 | D] - C:\UsbFix ################## | D:\ - Disco removível (FAT32) | [23/02/2017 - 15:30:42 | D] - D:\641
      [23/02/2017 - 15:30:44 | D] - D:\video whatzap
      [12/02/2016 - 05:56:42 | N | 26190 Ko] - D:\Tonassi 3.3.m4a
      [12/02/2016 - 06:27:26 | N | 25984 Ko] - D:\Tonassi 3.4b.m4a
      [19/02/2016 - 06:48:50 | N | 27230 Ko] - D:\Tonassi 4.1.m4a
      [19/02/2016 - 22:23:30 | N | 43001 Ko] - D:\Tonassi 4.2.m4a
      [20/02/2016 - 11:34:22 | N | 27158 Ko] - D:\Tonassi 4.3.m4a
      [22/02/2017 - 04:31:30 | RSHD] - D:\RECYCLER
      [23/02/2017 - 15:25:00 | D] - D:\Drive
      [20/02/2016 - 12:09:18 | N | 26929 Ko] - D:\Tonassi 4.4.m4a
      [21/02/2016 - 18:14:16 | N | 26454 Ko] - D:\Tonassi 5.1.m4a
      [21/02/2016 - 19:25:16 | N | 14317 Ko] - D:\Tonassi 5.2a.m4a
      [21/02/2016 - 19:39:48 | N | 12757 Ko] - D:\Tonassi 5.2b.m4a
      [21/02/2016 - 20:49:18 | N | 10401 Ko] - D:\Tonassi 5.3a.m4a
      [21/02/2016 - 21:42:28 | N | 17202 Ko] - D:\Tonassi 5.3b.m4a
      [22/02/2016 - 00:06:04 | N | 25943 Ko] - D:\Tonassi 5.4.m4a
      [14/01/2016 - 22:45:14 | N | 2331 Ko] - D:\ação civil publica (c.constit)a2-v3.m4a
      [04/03/2016 - 09:34:40 | N | 25931 Ko] - D:\AFO 1.1.m4a
      [04/03/2016 - 11:06:58 | N | 27127 Ko] - D:\AFO 1.2.m4a
      [04/03/2016 - 11:35:46 | N | 23408 Ko] - D:\AFO 1.3a.m4a
      [04/03/2016 - 11:44:32 | N | 4061 Ko] - D:\AFO 1.3b.m4a
      [04/03/2016 - 12:18:28 | N | 27416 Ko] - D:\AFO 1.4.m4a
      [04/03/2016 - 23:54:10 | N | 26679 Ko] - D:\AFO 2.1.m4a
      [05/03/2016 - 00:30:36 | N | 27550 Ko] - D:\AFO 2.2.m4a
      [05/03/2016 - 06:08:00 | N | 22214 Ko] - D:\AFO 2.3a.m4a
      [05/03/2016 - 06:16:14 | N | 3388 Ko] - D:\AFO 2.3b.m4a
      [05/03/2016 - 06:27:06 | N | 8390 Ko] - D:\AFO 2.4a.m4a
      [05/03/2016 - 07:22:40 | N | 17287 Ko] - D:\AFO 2.4b.m4a
      [23/01/2016 - 09:01:32 | N | 25968 Ko] - D:\Aryanna 1.1.m4a
      [23/01/2016 - 11:28:14 | N | 28822 Ko] - D:\Aryanna 1.2.m4a
      [23/01/2016 - 13:59:22 | N | 27455 Ko] - D:\Aryanna 1.3.m4a
      [23/01/2016 - 17:32:50 | N | 27684 Ko] - D:\Aryanna 1.4.m4a
      [31/01/2016 - 16:59:18 | N | 26313 Ko] - D:\Aryanna 2.1.m4a
      [31/01/2016 - 21:56:38 | N | 27513 Ko] - D:\Aryanna 2.2.m4a
      [31/01/2016 - 22:36:16 | N | 28571 Ko] - D:\Aryanna 2.3.m4a
      [01/02/2016 - 05:19:14 | N | 26643 Ko] - D:\Aryanna 2.4.m4a
      [02/02/2016 - 07:38:54 | N | 29353 Ko] - D:\Aryanna 3.1.m4a
      [02/02/2016 - 12:57:42 | N | 1926 Ko] - D:\Aryanna 3.2a.m4a
      [02/02/2016 - 13:27:36 | N | 22537 Ko] - D:\Aryanna 3.2b.m4a
      [02/02/2016 - 13:39:52 | N | 4181 Ko] - D:\Aryanna 3.2c.m4a
      [02/02/2016 - 13:48:52 | N | 969 Ko] - D:\Aryanna 3.3a.m4a
      [02/02/2016 - 14:36:12 | N | 26963 Ko] - D:\Aryanna 3.3b.m4a
      [02/02/2016 - 15:49:48 | N | 27224 Ko] - D:\Aryanna 3.4.m4a
      [14/02/2016 - 18:43:48 | N | 27075 Ko] - D:\Aryanna 4.1.m4a
      [14/02/2016 - 19:16:12 | N | 25290 Ko] - D:\Aryanna 4.2.m4a
      [14/02/2016 - 22:31:26 | N | 27594 Ko] - D:\Aryanna 4.3.m4a
      [15/02/2016 - 05:24:28 | N | 27345 Ko] - D:\Aryanna 4.4.m4a
      [16/02/2016 - 19:28:36 | N | 5619 Ko] - D:\Aryanna 5.1a.m4a
      [16/02/2016 - 19:55:42 | N | 21249 Ko] - D:\Aryanna 5.1b.m4a
      [16/02/2016 - 22:10:34 | N | 11182 Ko] - D:\Aryanna 5.2a.m4a
      [16/02/2016 - 22:32:32 | N | 18257 Ko] - D:\Aryanna 5.2b.m4a
      [17/02/2016 - 05:23:34 | N | 17991 Ko] - D:\Aryanna 5.3a.m4a
      [17/02/2016 - 05:30:00 | N | 5011 Ko] - D:\Aryanna 5.3b.m4a
      [17/02/2016 - 05:34:22 | N | 3930 Ko] - D:\Aryanna 5.3c.m4a
      [17/02/2016 - 06:08:00 | N | 28848 Ko] - D:\Aryanna 5.4.m4a
      [01/02/2016 - 09:17:12 | N | 27847 Ko] - D:\Civil 2.3.m4a
      [01/02/2016 - 16:15:36 | N | 17992 Ko] - D:\Civil 2.4a.m4a
      [01/02/2016 - 16:36:16 | N | 8939 Ko] - D:\Civil 2.4b.m4a
      [01/02/2016 - 17:27:22 | N | 26092 Ko] - D:\Civil 3.1.m4a
      [24/02/2016 - 07:44:10 | N | 19603 Ko] - D:\Civil 3.1a.m4a
      [24/02/2016 - 07:47:30 | N | 2572 Ko] - D:\Civil 3.1b.m4a
      [01/02/2016 - 18:13:52 | N | 26926 Ko] - D:\Civil 3.2.m4a
      [25/02/2016 - 07:50:52 | N | 27140 Ko] - D:\Civil 3.4.m4a
      [25/02/2016 - 23:31:48 | N | 27314 Ko] - D:\Civil 4.2.m4a
      [26/02/2016 - 13:23:52 | N | 28178 Ko] - D:\Civil 4.3.m4a
      [02/03/2016 - 15:41:16 | N | 28993 Ko] - D:\Civil 4.4.m4a
      [25/02/2016 - 13:55:34 | N | 29450 Ko] - D:\Cjvil 4.1.m4a
      [21/01/2016 - 22:42:24 | N | 26309 Ko] - D:\Cpi , CD, SF- aula 3.1.m4a
      [14/02/2016 - 09:58:14 | N | 18671 Ko] - D:\Edem 2.1a.m4a
      [14/02/2016 - 10:20:58 | N | 10480 Ko] - D:\Edem 2.1b.m4a
      [18/02/2016 - 05:30:02 | N | 19892 Ko] - D:\Edem 2.2.m4a
      [18/02/2016 - 06:35:40 | N | 27698 Ko] - D:\Edem 2.3.m4a
      [20/02/2016 - 14:10:00 | N | 28653 Ko] - D:\Edem 2.4.m4a
      [02/03/2016 - 16:19:14 | N | 18643 Ko] - D:\Edem 3.1.m4a
      [02/03/2016 - 16:58:00 | N | 28795 Ko] - D:\Edem 3.2.m4a
      [02/03/2016 - 17:58:30 | N | 27390 Ko] - D:\Edem 3.3.m4a
      [02/03/2016 - 18:07:20 | N | 4826 Ko] - D:\Edem 3.4a.m4a
      [02/03/2016 - 18:37:52 | N | 27395 Ko] - D:\Edem 3.4b.m4a
      [03/03/2016 - 23:13:58 | N | 6041 Ko] - D:\Elizabete 1.1a.m4a
      [03/03/2016 - 23:41:40 | N | 22689 Ko] - D:\Elizabete 1.1b.m4a
      [04/03/2016 - 00:43:20 | N | 28991 Ko] - D:\Elizabete 1.2.m4a
      [04/03/2016 - 08:27:58 | N | 28512 Ko] - D:\Elizabete 1.3.m4a
      [04/03/2016 - 08:59:36 | N | 27232 Ko] - D:\Elizabete 1.4.m4a
      [04/03/2016 - 14:41:24 | N | 29607 Ko] - D:\Elizabete 2.1.m4a
      [04/03/2016 - 17:02:26 | N | 28507 Ko] - D:\Elizabete 2.2.m4a
      [04/03/2016 - 17:36:18 | N | 28297 Ko] - D:\Elizabete 2.3.m4a
      [04/03/2016 - 18:28:56 | N | 26786 Ko] - D:\Elizabete 2.4.m4a
      [30/12/2015 - 09:13:22 | N | 1672 Ko] - D:\Eu te desejo.m4a
      [25/01/2016 - 21:49:18 | N | 28398 Ko] - D:\Flavia 3.3 adi interventiva.m4a
      [30/01/2016 - 11:13:04 | N | 1838 Ko] - D:\Flavia 3.4b.m4a
      [30/01/2016 - 11:10:46 | N | 25035 Ko] - D:\Flavis 3.4a.m4a
      [26/01/2016 - 19:25:16 | N | 27039 Ko] - D:\Gustavo 3.1.m4a
      [26/01/2016 - 22:29:46 | N | 27038 Ko] - D:\Gustavo 3.2.m4a
      [02/02/2016 - 16:58:58 | N | 28622 Ko] - D:\Gustavo 3.3.m4a
      [02/02/2016 - 17:36:48 | N | 24139 Ko] - D:\Gustavo 3.4.m4a
      [12/02/2016 - 19:49:18 | N | 35575 Ko] - D:\Gustavo 4.1.m4a
      [12/02/2016 - 20:21:26 | N | 27634 Ko] - D:\Gustavo 4.2.m4a
      [12/02/2016 - 21:54:48 | N | 29403 Ko] - D:\Gustavo 4.3.m4a
      [12/02/2016 - 22:26:38 | N | 27646 Ko] - D:\Gustavo 4.4.m4a
      [03/03/2016 - 09:21:06 | N | 23138 Ko] - D:\Joao Paulo 1.1.m4a
      [03/03/2016 - 10:48:30 | N | 28735 Ko] - D:\Joao Paulo 1.2.m4a
      [03/03/2016 - 11:20:48 | N | 27496 Ko] - D:\Joao Paulo 1.3.m4a
      [03/03/2016 - 14:36:32 | N | 26841 Ko] - D:\Joao Paulo 1.4.m4a
      [03/03/2016 - 15:19:36 | N | 27318 Ko] - D:\Joao Paulo 2.1.m4a
      [03/03/2016 - 17:15:02 | N | 13731 Ko] - D:\Joao Paulo 2.2a.m4a
      [03/03/2016 - 17:31:12 | N | 3424 Ko] - D:\Joao Paulo 2.2b.m4a
      [03/03/2016 - 17:45:14 | N | 10310 Ko] - D:\Joao Paulo 2.2c.m4a
      [03/03/2016 - 20:26:06 | N | 28091 Ko] - D:\Joao Paulo 2.3.m4a
      [03/03/2016 - 19:52:38 | N | 27779 Ko] - D:\Joao Paulo 2.4.m4a
      [30/01/2016 - 12:44:20 | N | 27378 Ko] - D:\PENAL 2.1.m4a
      [13/02/2016 - 05:30:02 | N | 20538 Ko] - D:\Penal 2.2a.m4a
      [13/02/2016 - 05:39:00 | N | 8135 Ko] - D:\Penal 2.2b.m4a
      [13/02/2016 - 06:15:18 | N | 26744 Ko] - D:\Penal 2.3.m4a
      [13/02/2016 - 08:06:08 | N | 30868 Ko] - D:\Penal 2.4.m4a
      [31/01/2016 - 23:28:20 | N | 1342 Ko] - D:\Perempção no p.trab..m4a
      [14/01/2016 - 23:15:38 | N | 24589 Ko] - D:\Pres. Rep e questões a2-v3.m4a
      [22/01/2016 - 20:07:02 | N | 30596 Ko] - D:\Prevenção criminal, extraterritorialidade - a1v2.m4a
      [14/01/2016 - 22:17:12 | N | 12822 Ko] - D:\Processo legislativo -a 2 v2.m4a
      [22/01/2016 - 23:36:10 | N | 30560 Ko] - D:\Questão  penal 7-11 aula 1.4.m4a
      [19/01/2016 - 16:44:58 | N | 8156 Ko] - D:\Questão 04 penal.m4a
      [19/01/2016 - 17:03:24 | N | 13737 Ko] - D:\Questao 05 penal.m4a
      [19/01/2016 - 17:15:44 | N | 8637 Ko] - D:\Questáo 06 penal.m4a
      [14/01/2016 - 22:39:00 | N | 14422 Ko] - D:\Questoes f. Essenc. Just. A2-v2.m4a
      [20/07/2015 - 19:39:20 | N | 36 Ko] - D:\Rádio 001.m4a
      [21/01/2016 - 23:19:50 | N | 27324 Ko] - D:\Res. e dec. Leg., d.sociais- aula 3.2.m4a
      [17/01/2016 - 16:32:52 | N | 26455 Ko] - D:\TCU - flavia.m4a
      [30/01/2016 - 06:44:30 | N | 17608 Ko] - D:\Tonassi 2.2.m4a
      [29/01/2016 - 21:54:16 | N | 26163 Ko] - D:\Tonassi 2.1.m4a
      [30/01/2016 - 08:28:30 | N | 26042 Ko] - D:\Tonassi 2.3.m4a
      [30/01/2016 - 09:44:46 | N | 25370 Ko] - D:\Tonassi 2.4.m4a
      [11/02/2016 - 19:55:30 | N | 27204 Ko] - D:\Tonassi 3.1.m4a
      [12/02/2016 - 05:21:58 | N | 27036 Ko] - D:\Tonassi 3.2.m4a
      [24/01/2016 - 11:11:18 | N | 8014 Ko] - D:\Gustavo 2.4b.m4a
      [23/02/2017 - 15:31:00 | D] - D:\758
      [23/02/2017 - 15:31:02 | D] - D:\411
      [23/02/2017 - 15:26:58 | A | 0 Ko] - D:\Drive.bat
      [23/01/2016 - 23:40:46 | N | 27312 Ko] - D:\Gustavo - 2.1.m4a
      [24/01/2016 - 09:21:38 | N | 16959 Ko] - D:\Gustavo 2.2a.m4a
      [24/01/2016 - 09:30:06 | N | 5860 Ko] - D:\Gustavo 2.2b.m4a
      [24/01/2016 - 09:32:08 | N | 1790 Ko] - D:\Gustavo 2.2c.m4a
      [24/01/2016 - 10:20:00 | N | 27359 Ko] - D:\Gustavo 2.3.m4a
      [24/01/2016 - 11:00:44 | N | 14114 Ko] - D:\Gustavo 2.4a.m4a
      [11/03/2016 - 06:05:30 | N | 642 Ko] - D:\50 dicas - TRT-PA.pdf
      [12/04/2016 - 15:19:04 | N | 14 Ko] - D:\Conceito do ciclo PDCA.docx
      [06/05/2016 - 11:58:28 | N | 30 Ko] - D:\OJH 2182  SAVEIRO.docx
      [15/12/2016 - 14:45:00 | N | 3917 Ko] - D:\delta pará.pdf
      [16/02/2017 - 10:43:06 | N | 14 Ko] - D:\depoimento RANAILTON.docx
      [15/12/2016 - 14:44:50 | HD] - D:\.Trashes
      [15/02/2017 - 17:57:52 | N | 17 Ko] - D:\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx
      [16/02/2017 - 16:33:48 | N | 13 Ko] - D:\LUANA DA CONCEIÇÃO.docx
      [20/02/2017 - 16:51:50 | N | 12 Ko] - D:\oitiva AGNALDO.docx
      [21/02/2017 - 12:18:14 | N | 111 Ko] - D:\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf
      [05/07/2016 - 12:13:44 | N | 86 Ko] - D:\641\fsmikgut.js
      [29/05/2016 - 09:14:08 | N | 20550 Ko] - D:\video whatzap\VID-20160529-WA0003.mp4
      [31/05/2016 - 17:26:20 | N | 1903 Ko] - D:\video whatzap\VID-20160531-WA0007.mp4
      [31/05/2016 - 17:27:10 | N | 1874 Ko] - D:\video whatzap\VID-20160531-WA0008.mp4
      [31/05/2016 - 19:59:54 | N | 8417 Ko] - D:\video whatzap\VID-20160531-WA0010.mp4
      [01/06/2016 - 22:48:54 | N | 5162 Ko] - D:\video whatzap\VID-20160601-WA0041.mp4
      [03/06/2016 - 17:38:52 | N | 15596 Ko] - D:\video whatzap\VID-20160603-WA0023.mp4
      [09/06/2016 - 22:25:40 | N | 4260 Ko] - D:\video whatzap\VID-20160609-WA0047.mp4
      [12/06/2016 - 23:06:14 | N | 14460 Ko] - D:\video whatzap\VID-20160612-WA0034.mp4
      [13/06/2016 - 08:03:34 | N | 15585 Ko] - D:\video whatzap\VID-20160613-WA0008.mp4
      [14/04/2016 - 07:32:14 | N | 15172 Ko] - D:\video whatzap\Bagaça-bruno batista.mp4
      [14/04/2016 - 09:30:24 | N | 2046 Ko] - D:\video whatzap\Helena no espelho.mp4
      [15/04/2016 - 20:51:50 | N | 3538 Ko] - D:\video whatzap\Junior brandao.mp4
      [01/04/2016 - 20:36:02 | N | 4141 Ko] - D:\video whatzap\Marina carol.mp4
      [23/05/2016 - 16:02:22 | N | 8801 Ko] - D:\video whatzap\Nicer helena 2.mp4
      [23/05/2016 - 16:03:14 | N | 8801 Ko] - D:\video whatzap\Niver helena.mp4
      [14/03/2016 - 11:33:18 | N | 4986 Ko] - D:\video whatzap\VID-20160314-WA0013.mp4
      [29/03/2016 - 21:54:08 | N | 1155 Ko] - D:\video whatzap\VID-20160329-WA0031.mp4
      [04/05/2016 - 22:59:46 | N | 4848 Ko] - D:\video whatzap\VID-20160504-WA0016.mp4
      [05/05/2016 - 21:27:04 | N | 16177 Ko] - D:\video whatzap\VID-20160505-WA0041.mp4
      [14/05/2016 - 15:59:30 | N | 7750 Ko] - D:\video whatzap\VID-20160514-WA0041.mp4
      [23/05/2016 - 16:39:48 | N | 6454 Ko] - D:\video whatzap\VID-20160523-WA0036.mp4
      [26/05/2016 - 14:02:06 | N | 15593 Ko] - D:\video whatzap\VID-20160526-WA0027.mp4
      [26/05/2016 - 14:03:58 | N | 15998 Ko] - D:\video whatzap\VID-20160526-WA0028.mp4
      [27/05/2016 - 17:54:54 | N | 1885 Ko] - D:\video whatzap\VID-20160527-WA0048.mp4
      [23/02/2017 - 15:25:02 | HD] - D:\Drive\758
      [23/02/2017 - 09:58:32 | A | 79 Ko] - D:\Drive\758\ybtyledi.js
      [05/07/2016 - 12:13:44 | N | 86 Ko] - D:\758\ybtyledi.js
      [05/07/2016 - 12:13:44 | N | 86 Ko] - D:\411\aqfrxjgg.js
      [15/12/2016 - 14:44:52 | HD] - D:\.Trashes\641
      [18/03/2016 - 08:17:18 | HD] - D:\.Trashes\LOST.DIR
      [13/06/2016 - 17:09:18 | HD] - D:\.Trashes\Nova pasta
      [13/06/2016 - 17:09:28 | HD] - D:\.Trashes\video whatzap
      [20/02/2017 - 16:14:30 | HD] - D:\.Trashes\758
      [22/02/2017 - 04:31:54 | HD] - D:\.Trashes\411 ################## | E:\ - Disco fixo (NTFS) | [23/02/2017 - 15:01:36 | A | 0 Ko] - E:\HPSF_Rep.txt
      [13/07/2012 - 06:23:42 | D] - E:\system.sav
      [22/10/2015 - 19:27:25 | A | 1 Ko] - E:\Bibliotecas - Atalho.lnk
      [19/10/2012 - 22:30:40 | A | 0 Ko] - E:\HP_WSD.dat
      [03/10/2012 - 15:50:48 | SHD] - E:\$RECYCLE.BIN
      [21/11/2010 - 00:23:51 | ASH | 375 Ko] - E:\bootmgr
      [13/07/2012 - 06:23:42 | A | 0 Ko] - E:\HP_WINRE
      [03/10/2012 - 15:38:58 | ASHD] - E:\Recovery
      [03/10/2012 - 15:38:59 | ASHD] - E:\boot ################## | F:\ - Disco fixo (FAT32) | [23/02/2017 - 15:01:38 | A | 0 Ko] - F:\HPSF_Rep.txt
      [19/10/2012 - 22:30:42 | A | 0 Ko] - F:\HP_WSD.dat
      [13/07/2012 - 01:36:42 | SHD] - F:\$RECYCLE.BIN
      [13/07/2012 - 01:21:46 | A | 0 Ko] - F:\HP_Tools
      [13/07/2012 - 01:48:02 | D] - F:\Hewlett-Packard ################## | H:\ - Disco removível (FAT32) | [20/02/2017 - 16:11:10 | HD] - H:\.Trashes
      [23/02/2017 - 15:25:24 | D] - H:\Drive
      [23/02/2017 - 15:26:58 | A | 0 Ko] - H:\Drive.bat
      [23/02/2017 - 15:31:04 | D] - H:\641
      [20/02/2017 - 16:11:10 | HD] - H:\.Trashes\641
      [23/02/2017 - 15:25:24 | HD] - H:\Drive\758
      [23/02/2017 - 09:58:32 | A | 79 Ko] - H:\Drive\758\ybtyledi.js
      [05/07/2016 - 12:13:44 | N | 86 Ko] - H:\641\fsmikgut.js Análise realizada em 303.6 segundos ################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivírus.com/pt/ |     Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 15:48:27, on 23/02/2017
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v11.0 (11.00.9600.17840)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\Windows\SysWOW64\NOTEPAD.EXE
      C:\Users\PC\Desktop\HijackThis.exe
      C:\Windows\SysWOW64\DllHost.exe
      C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
      C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/6
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://login.latinamweb.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.latinamweb.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.4:3128
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
      F2 - REG:system.ini: UserInit=userinit.exe
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
      O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll
      O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll
      O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
      O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
      O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
      O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
      O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
      O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
      O4 - HKLM\..\Run: [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe /autorun
      O4 - HKLM\..\Run: [Stanley-L_XRX_S2P] C:\Program Files (x86)\Xerox\Xerox WorkCentre 3210\PSU\Scan2pc.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
      O4 - Global Startup: Bluetooth.lnk = ?
      O4 - Global Startup: OCS Inventory NG Systray.lnk = C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
      O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
      O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: http://www.infoseg.gov.br
      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O20 - Winlogon Notify:  GbPluginIsg - C:\Program Files (x86)\GbPlugin\gbiehIsg.dll
      O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
      O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
      O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
      O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
      O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
      O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
      O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
      O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
      O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
      O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
      O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: OCS Inventory Service - OCS Inventory NG - C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
      O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
      O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
      O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: SCPwrSet Service (SCPwrSetSvr) - Unknown owner - C:\Windows\system32\SCPwrSetSvr.exe (file missing)
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: uvnc_service - UltraVNC - C:\Program Files (x86)\UltraVNC\WinVNC.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 17756 bytes    
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.