Quantcast

Paginas abrindo sozinha no chrome

classic Clássica list Lista threaded Em Árvore
Travado 15 mensagens Opções
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Paginas abrindo sozinha no chrome

Iane Gadelha
Boa Tarde!!

Já faz várias semanas que venho passando pelo seguinte problema:

Quando estou com uma janela aberta do google chrome, do nada de repente, mesmo sem clicar em nada, abre-se outra janelado browser google chrome com propagandas e anúncios de casas, supermercado, lojas virtuais, de roupa, até página de previsão do futuro, etc.
 
A função de pop-ups dos sites esta desabilitada e meu antivírus (AVG) não detecta nenhum vírus.

Observei em outros post nesse mesmo site que deveria ser baixado o OTL, assim mesmo o fiz e aqui segue o relatório em questão:

OTL logfile created on: 06/07/2013 16:52:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\IANE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,92 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 31,49% Memory free
7,83 Gb Paging File | 5,25 Gb Available in Paging File | 67,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178,00 Gb Total Space | 109,92 Gb Free Space | 61,75% Space Free | Partition Type: NTFS
Drive D: | 265,18 Gb Total Space | 265,03 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: IANE-PC | User Name: IANE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/07/06 16:51:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IANE\Downloads\OTL.exe
PRC - [2013/07/06 16:25:19 | 000,424,016 | ---- | M] (337 Technology Limited.) -- C:\Program Files (x86)\Desk 365\deskSvc.exe
PRC - [2013/06/26 19:22:48 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/06/26 19:22:48 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/06/26 19:22:48 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/06/13 20:14:24 | 029,335,608 | ---- | M] (Dropbox, Inc.) -- C:\Users\IANE\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/06/10 12:40:44 | 002,082,664 | ---- | M] () -- C:\Users\IANE\AppData\Local\tuto4pc_br_36\upt4pc_br_36.exe
PRC - [2013/06/10 12:40:36 | 003,960,680 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_br_36\tuto4pc_br_36.exe
PRC - [2013/06/07 17:55:30 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\IANE\AppData\Roaming\WebCake\WebCakeDesktop.exe
PRC - [2013/06/07 17:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013/05/16 09:32:50 | 000,020,784 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/03/12 10:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2012/11/22 19:44:00 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012/10/05 17:43:19 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/26 18:08:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/16 10:08:06 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/01/17 02:01:10 | 002,810,448 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2011/09/27 19:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/06 04:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 04:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 00:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/07/29 19:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/07/15 17:16:16 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/24 05:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/06/04 20:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/05 09:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 09:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/02/24 22:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/20 00:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2009/11/02 02:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/06/26 19:22:48 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/06/26 19:22:48 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013/06/26 19:22:48 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013/06/14 22:28:42 | 000,393,168 | ---- | M] () -- C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
MOD - [2013/06/14 22:28:41 | 013,140,432 | ---- | M] () -- C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 22:28:40 | 004,051,408 | ---- | M] () -- C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 22:27:51 | 000,599,504 | ---- | M] () -- C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 22:27:50 | 000,124,368 | ---- | M] () -- C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 22:27:48 | 001,597,392 | ---- | M] () -- C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/06/10 12:40:44 | 002,082,664 | ---- | M] () -- C:\Users\IANE\AppData\Local\tuto4pc_br_36\upt4pc_br_36.exe
MOD - [2013/06/10 12:40:36 | 003,960,680 | ---- | M] () -- C:\Program Files (x86)\tuto4pc_br_36\tuto4pc_br_36.exe
MOD - [2013/05/21 19:04:53 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/21 19:04:32 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/16 09:32:50 | 000,020,784 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013/05/16 09:32:02 | 000,291,840 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013/05/16 09:02:42 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2013/03/13 17:48:52 | 024,978,944 | ---- | M] () -- C:\Users\IANE\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/13 13:52:31 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/13 13:50:56 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/13 13:50:44 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/13 13:50:26 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/28 13:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 13:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/13 20:32:50 | 003,558,400 | ---- | M] () -- C:\Users\IANE\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/05 07:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/16 04:50:06 | 000,755,280 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/16 12:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/11/12 20:35:07 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/07 11:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 02:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 02:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2013/05/16 09:32:46 | 001,277,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:[b]64bit:[/b] - [2010/09/22 06:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/07/06 16:25:19 | 000,424,016 | ---- | M] (337 Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\Desk 365\deskSvc.exe -- (desksvc)
SRV - [2013/06/26 19:22:48 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/06/01 17:00:04 | 002,787,280 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/03/12 10:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013/02/24 03:01:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 18:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/15 17:16:16 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/07/15 17:10:34 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/06/04 20:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 09:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/05/05 09:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/04/16 21:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/03/01 09:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/24 22:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 03:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013/06/26 19:22:48 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:[b]64bit:[/b] - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2012/09/28 09:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/09/20 18:53:04 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/03/12 14:23:48 | 000,242,992 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/16 10:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:[b]64bit:[/b] - [2011/12/12 07:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011/12/01 10:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:[b]64bit:[/b] - [2011/07/29 19:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:[b]64bit:[/b] - [2011/07/15 17:13:34 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2011/07/15 17:13:18 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2011/07/15 17:13:12 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2011/07/15 17:13:08 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2011/07/15 17:13:02 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2011/07/15 17:12:58 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2011/07/15 17:12:52 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2011/07/15 17:12:46 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2011/06/04 20:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:[b]64bit:[/b] - [2011/04/22 07:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/04/20 22:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2011/04/11 07:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:[b]64bit:[/b] - [2011/03/31 00:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2011/03/31 00:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:[b]64bit:[/b] - [2011/03/14 23:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/02/17 20:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/01/27 03:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2011/01/27 02:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2010/12/16 07:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/10/20 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/10/14 14:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/12/13 10:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/06/16 21:10:24 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130620.003\ex64.sys -- (NAVEX15)
DRV - [2013/06/16 21:10:24 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130620.003\eng64.sys -- (NAVENG)
DRV - [2013/05/31 13:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/04/19 15:32:22 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130619.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/09/20 18:52:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/20 18:52:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/15 21:22:58 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=3604549
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=3604549
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntrId=c46067e00000000000008a1132b45967
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119352&babsrc=SP_ss&mntrId=c46067e00000000000008a1132b45967
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=3604549
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes\{9C26AC9D-2451-43CC-81D2-87248F28DFEE}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\IANE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IANE\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IANE\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2013/07/06 12:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013/07/06 12:31:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/05 17:43:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsBot@APDMT.net: C:\Program Files (x86)\LyricsBot\116.xpi [2013/07/01 04:16:16 | 000,004,962 | ---- | M] ()
 
[2013/02/24 03:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com.br/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\IANE\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\IANE\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\IANE\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Security Toolbar = C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Gmail = C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Lyrics Bot) - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files (x86)\LyricsBot\116.dll (APDMT LTD)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tuto4pc_br_36] C:\Program Files (x86)\tuto4pc_br_36\tuto4pc_br_36.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1000..\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB File not found
O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1001..\Run: [Desk 365] C:\Program Files (x86)\Desk 365\desk365.exe (337 Technology Limited.)
O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1001..\Run: [Facebook Update] C:\Users\IANE\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1001..\Run: [WebCake Desktop] C:\Users\IANE\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKLM..\RunOnce: [upt4pc_br_36.exe] C:\Users\IANE\AppData\Local\tuto4pc_br_36\upt4pc_br_36.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\IANE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop_04130345.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-580441236-439076865-2119370448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FB81749-0CBD-4143-B37B-CD79477201EA}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13ede0c8-8e01-11e2-b120-e81132b45968}\Shell - "" = AutoRun
O33 - MountPoints2\{13ede0c8-8e01-11e2-b120-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52fa60c9-6fe1-11e2-b7e4-e81132b45968}\Shell - "" = AutoRun
O33 - MountPoints2\{52fa60c9-6fe1-11e2-b7e4-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52fa60e9-6fe1-11e2-b7e4-e81132b45968}\Shell - "" = AutoRun
O33 - MountPoints2\{52fa60e9-6fe1-11e2-b7e4-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52fa60ed-6fe1-11e2-b7e4-e81132b45968}\Shell - "" = AutoRun
O33 - MountPoints2\{52fa60ed-6fe1-11e2-b7e4-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e40a870d-5f9b-11e2-be9c-e81132b45968}\Shell - "" = AutoRun
O33 - MountPoints2\{e40a870d-5f9b-11e2-be9c-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e40a8712-5f9b-11e2-be9c-e81132b45968}\Shell - "" = AutoRun
O33 - MountPoints2\{e40a8712-5f9b-11e2-be9c-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/07/06 16:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
[2013/07/06 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\Desk 365
[2013/07/06 16:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desk 365
[2013/07/06 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\eIntaller
[2013/07/06 12:32:01 | 000,000,000 | R--D | C] -- C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/07/01 04:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsBot
[2013/06/29 16:47:06 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\jmdp
[2013/06/29 16:47:06 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\ARFC
[2013/06/29 16:47:03 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\windows\SysNative\ImHttpComm.dll
[2013/06/29 16:47:02 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\WNLT
[2013/06/29 16:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2013/06/21 04:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo!
[2013/06/21 04:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo!
[2013/06/21 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsOn
[2013/06/21 04:16:48 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\{2B7B059A-9AB7-4EB4-A90F-F92B255A7BC6}
[2013/06/21 00:08:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/21 00:07:37 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\AVG Secure Search
[2013/06/21 00:06:45 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/06/21 00:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/06/21 00:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/06/21 00:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/06/20 22:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/06/20 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\Baidu
[2013/06/20 22:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2013/06/20 22:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
[2013/06/20 22:37:04 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\eorezo
[2013/06/20 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\tuto4pc_br_36
[2013/06/20 22:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuto4pc_br_36
[2013/06/20 22:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTO4PC
[2013/06/20 22:37:00 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\Programs
[2013/06/20 22:36:39 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\Baidu Security
[2013/06/20 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\WebCake
[2013/06/20 19:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013/06/20 19:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2013/06/20 19:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
[2013/06/20 19:57:38 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\PDF Writer Packages
[2013/06/20 19:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/06/20 19:57:37 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\DSite
[2013/06/20 19:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/06/20 19:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013/06/20 19:50:00 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\PDF Software
[2013/06/20 19:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Soda PDF 5
[2013/06/20 15:04:40 | 000,000,000 | R--D | C] -- C:\Users\IANE\Dropbox
[2013/06/20 15:02:59 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/06/20 15:01:39 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\Dropbox
[2013/06/17 20:34:06 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\{3A8A7F95-4676-4ECA-8BE0-F20106E698AA}
[2013/06/15 03:00:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/15 03:00:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/12 03:04:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/06/12 03:04:38 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 03:04:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 03:04:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/06/12 03:04:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/06/12 03:04:38 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/06/12 03:04:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/06/12 03:04:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/06/12 03:04:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/06/12 03:04:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/06/12 03:04:35 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/06/12 03:04:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/06/12 03:04:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/06/11 14:36:27 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/11 14:36:27 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/06/11 14:36:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/06/11 14:36:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/06/11 14:35:59 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/06/11 14:35:50 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/11 14:35:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/06/11 14:35:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/11 14:35:49 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/06/11 14:35:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/06/11 14:35:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/06/11 14:35:29 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/06/11 14:35:28 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/07/06 16:57:00 | 000,000,282 | ---- | M] () -- C:\windows\tasks\DSite.job
[2013/07/06 16:42:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/06 16:26:38 | 000,001,299 | ---- | M] () -- C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Baidu PC Faster Uninstall HK 3.2.0.29.lnk
[2013/07/06 16:25:15 | 000,002,632 | ---- | M] () -- C:\Users\IANE\Desktop\Google Chrome.lnk
[2013/07/06 16:19:00 | 000,001,074 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-580441236-439076865-2119370448-1001UA.job
[2013/07/06 14:56:08 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-580441236-439076865-2119370448-1001UA.job
[2013/07/06 14:56:03 | 000,000,262 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2013/07/06 14:56:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/06 12:39:19 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 12:39:19 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 12:34:27 | 000,000,256 | ---- | M] () -- C:\windows\tasks\SpeedUpMyPC.job
[2013/07/06 12:31:44 | 000,000,378 | ---- | M] () -- C:\windows\tasks\Lyrics Bot Update.job
[2013/07/06 12:31:37 | 000,000,356 | ---- | M] () -- C:\windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/06 12:31:37 | 000,000,334 | ---- | M] () -- C:\windows\tasks\spmonitor.job
[2013/07/06 12:28:28 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/06 08:02:25 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-580441236-439076865-2119370448-1001Core.job
[2013/07/06 07:51:05 | 000,000,000 | ---- | M] () -- C:\END
[2013/07/05 12:19:00 | 000,001,022 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-580441236-439076865-2119370448-1001Core.job
[2013/07/05 05:27:32 | 000,000,005 | ---- | M] () -- C:\Users\IANE\AppData\Roaming\WBPU-TTL.DAT
[2013/06/26 23:19:40 | 001,517,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/26 23:19:40 | 000,664,038 | ---- | M] () -- C:\windows\SysNative\prfh0416.dat
[2013/06/26 23:19:40 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/26 23:19:40 | 000,128,328 | ---- | M] () -- C:\windows\SysNative\prfc0416.dat
[2013/06/26 23:19:40 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/26 19:22:48 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/06/21 04:26:52 | 000,001,137 | ---- | M] () -- C:\Users\IANE\Desktop\Photo! Editor.lnk
[2013/06/21 00:07:37 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/06/20 15:04:40 | 000,001,037 | ---- | M] () -- C:\Users\IANE\Desktop\Dropbox.lnk
[2013/06/20 15:03:13 | 000,001,047 | ---- | M] () -- C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/08 11:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/08 08:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/07/06 16:26:38 | 000,001,299 | ---- | C] () -- C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Baidu PC Faster Uninstall HK 3.2.0.29.lnk
[2013/07/01 04:16:16 | 000,000,378 | ---- | C] () -- C:\windows\tasks\Lyrics Bot Update.job
[2013/06/29 16:47:04 | 001,277,744 | ---- | C] () -- C:\windows\SysNative\dmwu.exe
[2013/06/21 04:26:52 | 000,001,137 | ---- | C] () -- C:\Users\IANE\Desktop\Photo! Editor.lnk
[2013/06/21 00:57:03 | 000,000,005 | ---- | C] () -- C:\Users\IANE\AppData\Roaming\WBPU-TTL.DAT
[2013/06/20 19:57:46 | 000,087,552 | ---- | C] () -- C:\windows\SysNative\custmon64i.dll
[2013/06/20 19:57:39 | 000,000,282 | ---- | C] () -- C:\windows\tasks\DSite.job
[2013/06/20 15:04:40 | 000,001,037 | ---- | C] () -- C:\Users\IANE\Desktop\Dropbox.lnk
[2013/06/20 15:03:13 | 000,001,047 | ---- | C] () -- C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/27 03:32:46 | 000,114,176 | ---- | C] () -- C:\Users\IANE\AppData\Roaming\BabMaint.exe
[2013/02/27 00:48:08 | 000,000,558 | ---- | C] () -- C:\windows\hpomdl37.dat.temp
[2013/02/27 00:05:05 | 000,135,200 | ---- | C] () -- C:\windows\hpoins37.dat
[2013/02/27 00:05:05 | 000,000,558 | ---- | C] () -- C:\windows\hpomdl37.dat
[2012/10/13 22:54:09 | 000,290,500 | ---- | C] () -- C:\Users\IANE\AppData\Local\funmoods-speeddial_sf.crx
[2012/10/13 22:54:08 | 000,031,465 | ---- | C] () -- C:\Users\IANE\AppData\Local\funmoods.crx
[2012/04/20 08:46:24 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/04/20 07:41:01 | 000,001,610 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/07/21 02:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/07/21 02:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/07/21 02:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/09/21 12:07:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/09/21 12:07:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/09/19 01:34:37 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\AVG2013
[2013/02/27 03:32:46 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\BabSolution
[2013/02/24 03:00:04 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\Babylon
[2013/06/20 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\Baidu
[2013/06/20 22:36:39 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\Baidu Security
[2013/02/24 03:00:57 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\Delta
[2013/07/06 16:25:31 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\Desk 365
[2013/07/06 12:33:12 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\Dropbox
[2013/06/20 19:57:37 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\DSite
[2013/07/06 16:23:18 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\eIntaller
[2012/10/13 22:53:46 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\GetRightToGo
[2013/06/20 19:54:19 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\PDF Software
[2013/06/20 19:57:38 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\PDF Writer Packages
[2012/09/19 01:24:11 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\TuneUp Software
[2013/03/22 15:05:40 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\Uniblue
[2013/06/20 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\WebCake
[2012/10/13 23:00:42 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\WildTangent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador
Olá, Iane

Seu computador está bem infectado, e pode haver um ZeroAcess (rootkit - um tipo perigoso de malware) em seu sistema também.

Peço que siga atentamente as instruções abaixo, ok?

1ª Parte


- Abra o OTL novamente.
- Cole todo o texto desta página (pressione Ctrl   A para facilitar a seleção) no campo inferior do programa chamado "Exames Personalizados/Correções".
- Clique no botão vermelho Consertar e aguarde a possível reinicialização do PC.
- Um relatório da correção será gerado. Mantenha esse log salvo no desktop pois precisarei dele.

2ª Parte


1 - Baixe o TDSSKiller e salve no desktop.
2 - Execute-o como administradora e clique em Change parameters.
3 - Marque as duas opções abaixo e clique em OK:

Verify Driver Digital Signature
Detect TDLFS file system


4 - Voltando à tela inicial, clique em Start Scan e aguarde.
5 - Se algum objeto suspeito for identificado, selecione a opção Skip. Se tratar-se de um objeto malicioso selecione Cure.
6 - Ao término do scan, um relatório será criado em C:\TDSSKiller.txt.

3ª Parte


- Baixe o SystemLook e salve no desktop.
- Execute-o como administradora e no campo em branco, cole somente esse texto em negrito abaixo.

:dir
C:\Windows\SysWOW64\jmdp /s
C:\windows\SysWow64\ARFC /s
C:\windows\SysWow64\WNLT /s


- Clique no botão Look e o programa vai abrir um relatório para você.

Resultados


Iane, peço que cole os três relatórios dos exames aqui: O do OTL, o do TDSSKiller e o do SystemLook.

Abraços
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Iane Gadelha
Oi Marcelo, tudo bom??

Fiz o que você instruiu, e colei as informações da pagina que você me repassou no OTL porem nas 2x que tentei o progama parou de responder. O que devo fazer??
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador
Iane,

Eu imaginava. O malware está bloqueando sua remoção.

Vamos tentar assim:

1 - Baixe o OTM e salve no desktop.
2 - Execute como administradora.
3 - Na área amarela chamada "Paste Instructions For Items to be Moved", à esquerda, cole o texto dessa página.
4 - Clique no botão vermelho MoveIt e aguarde.
5 - O PC pode reiniciar. Logo depois, vai gerar o log.

Poste ele.

Caso ainda assim esse programa também parede responder, baixe o ComboFix e utilize-o conforme este tutorial.

Ao término do scan, o ComboFix vai gerar um log em C:\ComboFix.txt.

Poste ele aqui.

OBS: Mesmo que o OTM funcione bem, pode executar o ComboFix também, ok? Ele vai eliminar as entradas que não foram eliminadas com o OTL.

Abraços
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Iane Gadelha
Bom dia!!

Marcelo,

Segui suas instruções e baixei o OTM porem assim como o OTL o progama parou de responder parti entao para o ComboFix e fiz o passo a passo do tutorial que você me passou.

A titulo de informação: Baixei por indicação de terceiros o SUPERAntiSpyware no qual foram detectados 23 infecções dentre elas: Adware.Shopper (2 dele), Adware.TrackingCookies (22), Trojan (1) e algo relacionado ao PUP.bProtector

Enfim, aqui segue o relatorio do ComboFix:

ComboFix 13-07-07.01 - IANE 07/07/2013   8:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.4010.2074 [GMT -3:00]
Executando de: c:\users\IANE\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\IANE\AppData\Local\lollipop
c:\users\IANE\AppData\Local\lollipop\logo.ico
c:\users\IANE\AppData\Local\lollipop\lollipop_04130345.bat
c:\users\IANE\AppData\Local\lollipop\lollipop_04130345.lpd
c:\users\IANE\AppData\Local\lollipop\lollipop_04130345_cfg.lpd
c:\users\IANE\AppData\Local\lollipop\lollipop_04130345_ps.lpd
c:\users\IANE\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0629915F-E345-49F0-B425-BBDB0ABB5E81}.xps
c:\users\IANE\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BD56EFEA-0FF9-45AC-B152-935DFD9F72EC}.xps
c:\users\IANE\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DDB881BD-916B-4C86-8AE9-78535CCF897E}.xps
c:\users\IANE\AppData\Roaming\BabMaint.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-06-07 to 2013-07-07  ))))))))))))))))))))))))))))
.
.
2013-07-07 11:22 . 2013-07-07 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-07 11:22 . 2013-07-07 11:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-07 11:00 . 2013-07-07 11:00 -------- d-----w- C:\_OTM
2013-07-06 21:29 . 2013-07-06 21:29 -------- d-----w- C:\_OTL
2013-07-06 20:48 . 2013-07-06 20:48 190 ----a-w- C:\DelUnist.bat
2013-07-06 20:21 . 2013-07-06 20:21 -------- d-----w- c:\users\IANE\AppData\Roaming\SUPERAntiSpyware.com
2013-07-06 20:20 . 2013-07-06 20:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-06 20:20 . 2013-07-06 20:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-29 19:47 . 2013-07-07 11:00 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-29 19:47 . 2013-06-29 19:47 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-29 19:47 . 2013-05-16 12:31 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-29 19:47 . 2013-07-06 15:28 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-21 07:26 . 2013-06-21 07:26 -------- d-----w- c:\program files (x86)\Photo!
2013-06-21 03:07 . 2013-06-21 03:07 -------- d-----w- c:\users\IANE\AppData\Local\AVG Secure Search
2013-06-21 03:06 . 2013-06-26 22:22 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-21 03:06 . 2013-06-26 22:22 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-06-21 03:06 . 2013-06-21 03:06 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-06-21 03:06 . 2013-06-26 22:22 -------- d-----w- c:\programdata\AVG Secure Search
2013-06-21 01:37 . 2013-06-21 01:37 -------- d-----w- c:\users\IANE\AppData\Local\Programs
2013-06-21 01:36 . 2013-06-21 01:36 -------- d-----w- c:\users\IANE\AppData\Roaming\Baidu Security
2013-06-20 22:57 . 2013-07-07 11:00 -------- d-----w- c:\users\IANE\AppData\Roaming\WebCake
2013-06-20 22:57 . 2013-06-20 22:57 -------- d-----w- c:\program files (x86)\GPLGS
2013-06-20 22:57 . 2013-06-20 22:57 -------- d-----w- c:\users\IANE\AppData\Roaming\PDF Writer Packages
2013-06-20 22:57 . 2013-07-06 20:48 -------- d-----w- c:\program files\PDFCreator
2013-06-20 22:57 . 2013-06-20 22:57 -------- d-----w- c:\programdata\Tarma Installer
2013-06-20 22:57 . 2013-06-20 22:57 -------- d-----w- c:\program files (x86)\PDFCreator
2013-06-20 22:50 . 2013-06-20 22:54 -------- d-----w- c:\users\IANE\AppData\Roaming\PDF Software
2013-06-20 22:49 . 2013-06-20 22:54 -------- d-----w- c:\program files (x86)\Common Files\Soda PDF 5
2013-06-20 18:04 . 2013-07-06 20:58 -------- d-----r- c:\users\IANE\Dropbox
2013-06-20 18:01 . 2013-07-06 20:58 -------- d-----w- c:\users\IANE\AppData\Roaming\Dropbox
2013-06-12 06:04 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-11 17:36 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 17:36 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 17:36 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-11 17:36 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 17:36 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-09 21:52 . 2011-03-28 09:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-30 10:02 . 2013-04-30 10:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:02 . 2013-04-30 10:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 10:02 . 2013-04-30 10:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 10:02 . 2013-04-30 10:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 10:02 . 2013-04-30 10:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 10:02 . 2013-04-30 10:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 10:02 . 2013-04-30 10:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 10:02 . 2013-04-30 10:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 10:01 . 2013-04-30 10:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 10:01 . 2013-04-30 10:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 10:01 . 2013-04-30 10:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 10:01 . 2013-04-30 10:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 10:01 . 2013-04-30 10:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 10:01 . 2013-04-30 10:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 10:01 . 2013-04-30 10:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 10:01 . 2013-04-30 10:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 10:01 . 2013-04-30 10:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 10:01 . 2013-04-30 10:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 10:01 . 2013-04-30 10:01 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 10:01 . 2013-04-30 10:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 10:01 . 2013-04-30 10:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 10:01 . 2013-04-30 10:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 10:01 . 2013-04-30 10:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 10:01 . 2013-04-30 10:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 10:01 . 2013-04-30 10:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 10:01 . 2013-04-30 10:01 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 10:01 . 2013-04-30 10:01 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:01 . 2013-04-30 10:01 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 10:01 . 2013-04-30 10:01 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 10:01 . 2013-04-30 10:01 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 10:01 . 2013-04-30 10:01 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 10:01 . 2013-04-30 10:01 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 10:01 . 2013-04-30 10:01 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 10:01 . 2013-04-30 10:01 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 10:01 . 2013-04-30 10:01 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 10:01 . 2013-04-30 10:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 10:01 . 2013-04-30 10:01 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 10:01 . 2013-04-30 10:01 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 10:01 . 2013-04-30 10:01 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 10:01 . 2013-04-30 10:01 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 10:01 . 2013-04-30 10:01 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 10:01 . 2013-04-30 10:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 10:01 . 2013-04-30 10:01 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:01 . 2013-04-30 10:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 10:01 . 2013-04-30 10:01 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 10:01 . 2013-04-30 10:01 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 10:01 . 2013-04-30 10:01 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 10:01 . 2013-04-30 10:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 10:01 . 2013-04-30 10:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-13 05:49 . 2013-05-16 22:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 22:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 22:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 22:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 22:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 22:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:44 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 22:12 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 22:12 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 22:10 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\IANE\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\IANE\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\IANE\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"="c:\users\IANE\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-05 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-26 2236080]
.
c:\users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\IANE\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-13 29335608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130619.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130619.001\IDSvia64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 06:01]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-580441236-439076865-2119370448-1001Core.job
- c:\users\IANE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 04:09]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-580441236-439076865-2119370448-1001UA.job
- c:\users\IANE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 04:09]
.
2013-07-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 467e874b-b4c1-4702-922a-6af6a973fb05.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-07-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task cb0dc24a-cc7b-4ec6-8371-236d8fa23894.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\IANE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\IANE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\IANE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\IANE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-15 791200]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-15 657568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mDefault_Page_URL =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 187.64.0.16 187.64.0.17
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-Facebook Update - c:\users\IANE\AppData\Local\Facebook\Update\FacebookUpdate.exe
Wow6432Node-HKLM-Run-tuto4pc_br_36 - c:\program files (x86)\tuto4pc_br_36\tuto4pc_br_36.exe
Wow6432Node-HKLM-RunOnce-upt4pc_br_36.exe - c:\users\IANE\AppData\Local\tuto4pc_br_36\upt4pc_br_36.exe
c:\users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop_04130345.lnk - c:\users\IANE\AppData\Local\Lollipop\lollipop_04130345.exe lollipop_04130345
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-delta - c:\program files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe
AddRemove-lyricsBot@APDMT.net - c:\program files (x86)\LyricsBot\uninstall.exe
AddRemove-SweetIM Bundle by SweetPacks - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
AddRemove-tuto4pc_br_36_is1 - c:\program files (x86)\tuto4pc_br_36\unins000.exe
AddRemove-Wajam - c:\program files (x86)\Wajam\uninstall.exe
AddRemove-DSite - c:\users\IANE\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
AddRemove-lollipop_04130345 - c:\users\iane\appdata\local\lollipop\lollipop_04130345.bat
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-07-07  08:36:30
ComboFix-quarantined-files.txt  2013-07-07 11:36
.
Pré-execução: 117.794.557.952 bytes disponíveis
Pós execução: 118.187.114.496 bytes disponíveis
.
- - End Of File - - E5D0FDB25DB7132F94415F0672121B9E
D41D8CD98F00B204E9800998ECF8427E


Obs.: Quando o ComboFix estava sendo executado foi solicitado a desabilitaçao do meu Antivirus e agora estou sem proteçao. Qual antivirus você me recomenda baixar agora e por onde??

Abraços.
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador
Iane, vamos lá.

O ComboFix só manda desabilitar temporariamente o antivirus. Pode ativá-lo quando o ComboFix terminar a análise.

Antes de continuarmos, peço que delete o ComboFix e baixe-o novamente, só que dessa vez, salvando-o no desktop (que é o local correto).

1ª Etapa


1 - Abra o bloco de notas do PC.
2 - Cole todo esse texto em negrito abaixo e salve o bloco com o nome CFScript.txt

File::
c:\windows\system32\dmwu.exe
Folder::
C:\_OTM
C:\_OTL
c:\users\IANE\AppData\Roaming\Baidu Security
c:\users\IANE\AppData\Roaming\WebCake
c:\programdata\BrowserProtect
c:\program files (x86)\WebCake
c:\program files (x86)\Wajam
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"=-
Driver::
BrowserProtect
IBUpdaterService
WebCake Desktop Updater
WajamUpdater
DirLook::
c:\windows\SysWow64\jmdp
c:\windows\SysWow64\ARFC
c:\windows\SysWow64\WNLT
C:\Program Files (x86)
C:\Users\IANE\AppData\Local
C:\Users\IANE\AppData\Roaming
C:\ProgramData


3 - Arraste o CFScript para dentro do Combofix, conforme a figura a seguir.



4. Ele fará um novo scan para remover as infecções.
5. Ao término do scan, um novo log estará em C:\ComboFix.txt.


2ª Etapa


Faça os procedimentos com o TDSSKiller que instrui em meu primeiro post.

Poste os resultados do ComboFix e TDSSKiller em sua próxima resposta, por gentileza.
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Iane Gadelha
Em resposta à esta mensagem postada por Iane Gadelha
Marcelo,

Estou tendo um pequeno problema quanto ao relatorio do ComboFix, é grande demais pra mandar por aqui e ja tentei no pastebin tambem e acusa o mesmo problema (grande demais).

Alguma dica??

Abraços.
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador
Iane,

Acesse o Cjoint e clique em Escolher arquivo.

Selecione o arquivo ComboFix.txt (salvo em C:\).

Em seguida, um pouco mais abaixo da página, clique no botão "Créer le lien Cjoint".

O site vai gerar um link na frente da descrição "Le lien a été créé".

Copie esse link e poste-o aqui.
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Iane Gadelha
Marcelo,

Desculpe pela dor de cabeça que estou de causando!! :P

Aqui segue o link:

http://cjoint.com/?CGhuVE975Ou

fiz o mesmo com o relatorio do TDSSKiller. E aqui o segue tambem:

http://cjoint.com/?CGhuXEeEYho

Abraços.
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador
Iane Gadelha escreveu
Marcelo,

Desculpe pela dor de cabeça que estou de causando!! :P
Não é dor de cabeça alguma, amiga Iane. É um prazer ajudar

Estamos quase terminando!

1. Baixe o AdwCleaner e salve no desktop.
2. Execute-o como administradora e clique em Delete e OK.
3. Se pedir para reiniciar o PC, reinicie-o.

Ele vai criar um relatório em seu desktop. Poste-o em sua próxima resposta.

Diga também como está o PC após isso.
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Iane Gadelha
Marcelo,

Muitíssimo obrigada!!

O relatorio do AdwCleaner:

# AdwCleaner v2.304 - Relatório criado em 07/07/2013 às 17:35:04
# Atualizado em 03/07/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : IANE - IANE-PC
# Modo de Boot : Normal
# Executado de : C:\Users\IANE\Desktop\AdwCleaner (1).exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Désinfected : C:\Users\IANE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Arquivo Désinfected : C:\Users\IANE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Arquivo Désinfected : C:\Users\IANE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Arquivo Désinfected : C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Arquivo Désinfected : C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Arquivo Désinfected : C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Arquivo Désinfected : C:\Users\IANE\Desktop\Google Chrome.lnk
Arquivo Removido : C:\END
Arquivo Removido : C:\Users\IANE\AppData\Local\funmoods.crx
Arquivo Removido : C:\Users\IANE\AppData\Local\funmoods-speeddial_sf.crx
Arquivo Removido : C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Removido : C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Pasta Removido : C:\Program Files (x86)\AVG Secure Search
Pasta Removido : C:\Program Files (x86)\Iminent
Pasta Removido : C:\ProgramData\AVG Secure Search
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\Tarma Installer
Pasta Removido : C:\ProgramData\Trymedia
Pasta Removido : C:\Users\IANE\AppData\Local\AVG Secure Search
Pasta Removido : C:\Users\IANE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Pasta Removido : C:\Users\IANE\AppData\Local\Wajam
Pasta Removido : C:\Users\IANE\AppData\LocalLow\AVG Secure Search
Pasta Removido : C:\Users\IANE\AppData\LocalLow\Delta
Pasta Removido : C:\Users\IANE\AppData\Roaming\Babylon
Pasta Removido : C:\Users\IANE\AppData\Roaming\Delta
Pasta Removido : C:\Users\IANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Pasta Removido : C:\windows\SysWOW64\WNLT
Removido Durante o reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registro] *****

Chave Removida : HKCU\Software\AVG Secure Search
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\Delta
Chave Removida : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Removida : HKCU\Software\IM
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\ImInstaller
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\lollipop
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Removida : HKCU\Software\Tuto4PC
Chave Removida : HKCU\Software\Tutorials
Chave Removida : HKCU\Software\TutoTag
Chave Removida : HKCU\Software\Wajam
Chave Removida : HKCU\Software\WNLT
Chave Removida : HKCU\Software\82d8d9b23bb941
Chave Removida : HKLM\Software\AVG Secure Search
Chave Removida : HKLM\Software\AVG Security Toolbar
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Removida : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Chave Removida : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\Delta
Chave Removida : HKLM\Software\Desksvc
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Removida : HKLM\Software\portaldositesSoftware
Chave Removida : HKLM\Software\Tuto4PC
Chave Removida : HKLM\Software\V9
Chave Removida : HKLM\Software\Wajam
Chave Removida : HKLM\SOFTWARE\Wow6432Node\82d8d9b23bb941
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Chave Removida : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registro está limpo.

-\\ Google Chrome v27.0.1453.116

*************************

AdwCleaner[S1].txt - [25047 octets] - [07/07/2013 17:35:04]

########## EOF - C:\AdwCleaner[S1].txt - [25108 octets] ##########

O computador melhorou em 100%, sumiram as propagandas e melhorou ate em velocidade tambem!!

Abraços e mais uma vez, muito obrigada!!
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador
Iane,

Os logs estão limpos.

Acho conveniente fazer um scan com seu antivirus ou com o Malwarebytes, pois, às vezes, resquícios sempre ficam.

Algo mais em que eu possa ajudá-la?

Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Iane Gadelha
Macelo,

Vou fazer agora o scan.

Não, muito obrigada, ja lhe aperriei demais!! :)

Abraços.
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador
Não aperreou não, Iane.

Abraços
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Paginas abrindo sozinha no chrome

Marcelo
Administrador

PROBLEMA RESOLVIDO

TÓPICO FECHADO!


Caso o autor(a) queira reabrir o tópico, por favor, enviar mensagem a um moderador.



Esta é uma mensagem automática
Carregando...