Explorer Travando

############################## | UsbFix V 7.129 |[Listing]
Usuário: Usuario (Administrador) # USUARIO-PC
Atualizado em 24/06/2013 por El Desaparecido
Começou em 15:26:46 | 02/08/2013

Site: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contato: [email]contact@sosvirus.net[/email]

PC: Hewlett-Packard (HP Pavilion g4 Notebook PC ) (x64-based PC)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2501)
RAM -> [Total : 4044 | Free : 1797]
BIOS: InsydeH2O Version 03.61.01F.42
BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 551 Gb (196 Mb livre - 36%) [] # NTFS
D:\ -> Disco fixo # 21 Gb (2 Mb livre - 11%) [Recovery] # NTFS
E:\ -> Disco fixo # 4 Gb (1 Mb livre - 27%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disco removível # 15 Gb (10 Mb livre - 70%) [] # NTFS
H:\ -> CD-ROM
X:\ -> Disco fixo # 20 Gb (19 Mb livre - 100%) [Novo volume] # NTFS

################## | Listing |

[25/05/2013 - 23:53:43 | SHD ] C:\$RECYCLE.BIN
[31/07/2013 - 12:31:22 | D ] C:\32788R22FWJFW
[01/07/2012 - 02:17:21 | D ] C:\3a596edab9c07760f4436b
[24/07/2013 - 15:41:31 | SHD ] C:\71a
[02/05/2012 - 22:22:42 | D ] C:\AMD
[09/04/2012 - 10:20:59 | SHD ] C:\Arquivos de Programas
[24/05/2013 - 13:26:42 | A | 621751] C:\ComboFix.txt
[14/07/2009 - 02:08:56 | SHD ] C:\Documents and Settings
[09/04/2012 - 13:27:14 | D ] C:\Driversss
[21/08/2012 - 20:02:06 | A | 9] C:\END
[17/05/2013 - 15:59:55 | D ] C:\f9d7175b3cfb5c61f70a
[11/02/2013 - 20:12:35 | D ] C:\found.000
[01/08/2013 - 20:06:10 | ASH | 3180220416] C:\hiberfil.sys
[01/05/2012 - 14:41:29 | D ] C:\i68Backups
[09/04/2012 - 11:35:30 | D ] C:\IDE
[09/04/2012 - 13:31:28 | D ] C:\Intel
[09/04/2012 - 11:34:28 | RD ] C:\MSOCache
[01/08/2013 - 20:06:14 | ASH | 4240293888] C:\pagefile.sys
[14/07/2009 - 00:20:08 | D ] C:\PerfLogs
[24/07/2013 - 15:41:25 | RD ] C:\Program Files
[02/08/2013 - 14:38:28 | RD ] C:\Program Files (x86)
[23/05/2013 - 20:29:17 | D ] C:\ProgramData
[24/05/2013 - 13:26:44 | D ] C:\Qoobox
[09/04/2012 - 10:20:59 | D ] C:\Recovery
[03/07/2013 - 17:43:18 | D ] C:\RRPG
[02/08/2013 - 14:38:36 | D ] C:\rsit
[02/08/2013 - 07:56:11 | SHD ] C:\System Volume Information
[02/08/2013 - 15:26:47 | D ] C:\UsbFix
[02/08/2013 - 15:26:47 | A | 2563] C:\UsbFix[Listing 1 ] USUARIO-PC.txt
[15/08/2012 - 19:17:34 | RD ] C:\Users
[05/07/2012 - 20:53:54 | D ] C:\wamp
[09/07/2013 - 13:14:17 | D ] C:\Windows
[15/08/2012 - 19:17:38 | D ] D:\$RECYCLE.BIN
[07/04/2012 - 03:34:43 | RAD ] D:\boot
[14/07/2009 - 15:39:00 | RASH | 383562] D:\bootmgr
[23/05/2010 - 09:55:46 | RASH | 67] D:\Desktop.ini
[07/04/2012 - 03:34:43 | AD ] D:\FactoryUpdate
[07/04/2012 - 03:34:43 | RAD ] D:\hp
[07/04/2012 - 03:33:39 | RASH | 8] D:\HP_WSD.dat
[07/04/2012 - 03:34:43 | RD ] D:\preload
[07/04/2012 - 03:34:43 | RD ] D:\recovery
[07/04/2012 - 03:34:43 | D ] D:\RM_Reserve
[07/04/2012 - 06:06:20 | SHD ] D:\System Volume Information
[12/12/2011 - 00:41:02 | D ] E:\Hewlett-Packard
[12/12/2011 - 01:00:22 | SHD ] E:\$RECYCLE.BIN
[07/04/2012 - 14:33:40 | A | 8] E:\HP_WSD.dat
[24/07/2013 - 15:42:44 | SHD ] G:\70707
[24/07/2013 - 17:54:57 | A | 1469] G:\70707.lnk
[02/07/2013 - 14:38:23 | A | 647415] G:\Apostila de Planos de amortizacao.pdf
[02/08/2013 - 15:26:43 | A | 3908] G:\autorun.inf
[12/07/2013 - 08:18:42 | SHD ] G:\c4c4c
[02/08/2013 - 15:26:32 | A | 758] G:\c4c4c.lnk
[06/07/2013 - 12:40:08 | SHD ] G:\Eternal Sunshine of the Spotless Mind 2004 Blu-ray 720p x264 HDBRiSe
[02/08/2013 - 15:26:32 | A | 988] G:\Eternal Sunshine of the Spotless Mind 2004 Blu-ray 720p x264 HDBRiSe.lnk
[02/07/2013 - 19:08:56 | SHD ] G:\f6f6
[02/08/2013 - 15:26:32 | A | 756] G:\f6f6.lnk
[02/07/2013 - 14:36:22 | A | 19426] G:\Hegon Felipe Pacheco Damaso.docx
[05/07/2013 - 21:44:34 | A | 46639] G:\Lista 08 - Hegon - Turma P.xlsx
[02/07/2013 - 14:36:44 | A | 355980] G:\Lista 7 - Inflacao.pdf
[23/07/2013 - 01:15:15 | A | 365198] G:\Lista de REVISAO 2.pdf
[11/07/2013 - 22:04:35 | A | 46592] G:\Projeto de Acao Social - ETAPA 1.doc
[24/07/2013 - 15:40:25 | A | 38912] G:\Respostas Politica.doc
[05/07/2013 - 21:31:39 | AH | 165] G:\~$Lista 08 - Hegon - Turma P.xlsx
[06/11/2003 - 08:28:14 | R | 23558] H:\Autorun.ico
[08/03/2010 - 21:39:14 | R | 114] H:\BaixeHoje.com - By DigauMmM.url
[04/08/2009 - 16:50:05 | D ] H:\Bonus
[04/08/2009 - 16:50:04 | D ] H:\DATA
[04/08/2009 - 16:49:39 | D ] H:\FrontPage
[04/08/2009 - 16:48:57 | D ] H:\Office
[04/08/2009 - 16:48:49 | D ] H:\OneNote
[25/09/2004 - 15:58:58 | R | 1508] H:\autorun.apm
[10/12/2002 - 04:00:30 | R | 1089536] H:\autorun.exe
[25/09/2004 - 15:59:00 | R | 47] H:\autorun.inf
[15/08/2012 - 19:17:38 | D ] X:\$RECYCLE.BIN
[25/06/2012 - 16:57:05 | SHD ] X:\System Volume Information
[10/01/2013 - 14:18:25 | D ] X:\Temp

################## | E.O.F |

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2013
Ran by Usuario at 2013-08-02 15:32:30
Running from C:\Users\Usuario\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Update for Microsoft Office 2007 (KB2508958) (x32)
adcom 802.11 Wireless LAN Adapter (Version: 5.100.82.86)
Adobe Audition 3.0 (x32 Version: 3.0)
Adobe Audition 3.0 Vista Compatibility
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
AMD APP SDK Runtime (Version: 2.5.709.2)
AMD Catalyst Install Manager (Version: 3.0.838.0)
Apostila Escriturário - Banco do Brasil versão 1.0 (x32 Version: 1.0)
Arquivo do WinRAR (x32)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (x32)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (x32)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (x32)
BitTorrent (x32 Version: 7.8.0.29626)
Broadcom Bluetooth Software (Version: 6.5.0.2300)
Broadcom InConcert Maestro (Version: 1.0.5.2300)
Browser Manager (x32)
BurnAware Free 2.4.7 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0817.2216.38121)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0817.2216.38121)
Catalyst Control Center InstallProxy (x32 Version: 2011.0817.2216.38121)
Catalyst Control Center Localization All (x32 Version: 2011.0817.2216.38121)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0817.2216.38121)
CCC Help Chinese Standard (x32 Version: 2011.0817.2215.38121)
CCC Help Chinese Traditional (x32 Version: 2011.0817.2215.38121)
CCC Help Czech (x32 Version: 2011.0817.2215.38121)
CCC Help Danish (x32 Version: 2011.0817.2215.38121)
CCC Help Dutch (x32 Version: 2011.0817.2215.38121)
CCC Help English (x32 Version: 2011.0817.2215.38121)
CCC Help Finnish (x32 Version: 2011.0817.2215.38121)
CCC Help French (x32 Version: 2011.0817.2215.38121)
CCC Help German (x32 Version: 2011.0817.2215.38121)
CCC Help Greek (x32 Version: 2011.0817.2215.38121)
CCC Help Hungarian (x32 Version: 2011.0817.2215.38121)
CCC Help Italian (x32 Version: 2011.0817.2215.38121)
CCC Help Japanese (x32 Version: 2011.0817.2215.38121)
CCC Help Korean (x32 Version: 2011.0817.2215.38121)
CCC Help Norwegian (x32 Version: 2011.0817.2215.38121)
CCC Help Polish (x32 Version: 2011.0817.2215.38121)
CCC Help Portuguese (x32 Version: 2011.0817.2215.38121)
CCC Help Russian (x32 Version: 2011.0817.2215.38121)
CCC Help Spanish (x32 Version: 2011.0817.2215.38121)
CCC Help Swedish (x32 Version: 2011.0817.2215.38121)
CCC Help Thai (x32 Version: 2011.0817.2215.38121)
CCC Help Turkish (x32 Version: 2011.0817.2215.38121)
ccc-utility64 (Version: 2011.0817.2216.38121)
CCleaner (Version: 3.18)
CDisplay 1.8 (x32)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Corel Graphics - Windows Shell Extension (Version: 16.0.0.707)
Corel Graphics - Windows Shell Extension (Version: 16.0.707)
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707)
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487)
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.0.0.707)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0)
CPUID CPU-Z 1.56
CyberLink YouCam (x32 Version: 3.5.0.4528)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0315)
ePSXe BR versão 1.7.0 (x32 Version: 1.7.0)
EVEREST Ultimate Edition v5.30 (x32 Version: 5.30)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Free Sound Recorder v9.3.1 (x32)
FreeSoundRecorder Toolbar (x32 Version: 6.12.0.516)
GIMP 2.8.4 (Version: 2.8.4)
GlassFish Server Open Source Edition 3.0.1 (x32)
Google Chrome (x32 Version: 28.0.1500.95)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
IDT Audio (x32 Version: 1.0.6365.0)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
K-Lite Codec Pack 9.9.0 (Full) (x32 Version: 9.9.0)
Last.fm Scrobbler 2.1.35 (x32)
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 Client Profile Developer Preview (Version: 4.5.40805)
Microsoft .NET Framework 4.5 Extended Developer Preview (Version: 4.5.40805)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Edição 2003 (x32 Version: 11.0.6361.0)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0)
Microsoft Visual Basic for Applications 7.1 (x64) Portuguese (Brazil) (Version: 7.1.0.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Minecraft Cracked (x32)
Minecraft Crafting Guide version 1.8 (x32 Version: 1.8)
Mozilla Firefox 19.0 (x86 pt-BR) (x32 Version: 19.0)
Mozilla Maintenance Service (x32 Version: 19.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (x32 Version: 1.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NetBeans IDE 6.9 (x32 Version: 6.9)
Noise Reduction Plug-in 2.0i (x32 Version: 2.0.455)
NVIDIA 3D Vision Video Player (x32 Version: 1.6.2)
Octoshape Streaming Services (HKCU)
Opera Stable 15.0.1147.130 (x32 Version: 15.0.1147.130)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (Version: 4.0.30319)
PDFCreator 2012 0220 (x32 Version: 0220)
PHP Editor 2.22 (x32 Version: PHP Editor 2.22)
Picasa 3 (x32 Version: 3.9)
PunkBuster Services (x32 Version: 0.991)
PX Profile Update (x32 Version: 1.00.1.)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.85)
RRPG Firecast (x32 Version: 5)
Samsung SCX-3200 Series (x32)
Secure Download Manager (x32 Version: 3.1.0)
SIW version 2011.10.29 (x32 Version: 2011.10.29)
Skype™ 6.3 (x32 Version: 6.3.105)
Sound Forge Pro 10.0 (x32 Version: 10.0.491)
Steam (x32 Version: 1.0.0.0)
Synaptics TouchPad Driver (Version: 15.3.11.0)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Ultima Online: Mondain's Legacy (x32 Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition (x32)
USB Network Joystick (x32 Version: V3.70a)
UsbFix By El Desaparecido (x32)
VertrigoServ (remove only) (x32 Version: 2.27)
WampServer 2.1 (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points =========================

02-08-2013 10:55:58 Ponto de Verificação Agendado

==================== Hosts content: ==========================

2009-07-13 23:34 - 2013-05-24 13:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0121E2E1-8754-4415-9038-5C2B5682CB58} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {03F2561C-9D7B-4EA0-BD43-30748F9650AB} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {17A06912-ACC6-422B-9B37-85BEBFB7E6B1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {1B4F3959-3EBE-4EE0-A75B-44F22E3841A7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1002UA => C:\Users\Borzinho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-08] (Facebook Inc.)
Task: {27DDFBE0-AA0F-42BB-93E0-2BD90743ADE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {28AB16FE-6DFE-4373-BE2A-DA4B46C9619C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04] (Google Inc.)
Task: {2BB7E651-E5F6-40BB-ADBE-F221BE74A2F4} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {3FE6DA76-FA75-4CCD-BC06-229DA1DC2BD3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {57DA0B35-64F0-4E90-8D16-963F95156881} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1000UA => C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {6D26185B-5C48-43B4-B4DA-754272689077} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1002Core => C:\Users\Borzinho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-08] (Facebook Inc.)
Task: {77949195-06F5-40D9-89AB-36D636474450} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {955BB763-83B5-4139-BA9B-EE8BA8CBB3C3} - System32\Tasks\Browser Manager => C:\Windows\system32\sc.exe [2009-07-13] (Microsoft Corporation)
Task: {AF51E97D-D7E8-4358-B2B7-CDBB918FA549} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {B6F48700-FB4C-4F23-9BA9-713904FFBCF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04] (Google Inc.)
Task: {C256DEA1-1869-4405-86E3-FA3D253D8105} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1000Core => C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {FA63ACFD-151E-4CE1-A9EC-7A12E139F247} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3308939878-3132465996-936716146-1002 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1000Core.job => C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1000UA.job => C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1002Core.job => C:\Users\Borzinho\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308939878-3132465996-936716146-1002UA.job => C:\Users\Borzinho\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2013 03:21:01 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915, carimbo de hora: 0x4ec49d10
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002e24b
Identificação do processo com falha: 0x5a08
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (08/02/2013 02:41:59 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7600.16768, carimbo de hora: 0x4d688122
Nome do módulo de falhas: SHELL32.dll, versão: 6.1.7600.17038, carimbo de hora: 0x4fd2dd43
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00000000001eb713
Identificação do processo com falha: 0x5944
Hora de início do aplicativo com falha: 0xExplorer.exe0
Caminho do aplicativo com falha: Explorer.exe1
FCaminho do módulo de falhas: Explorer.exe2
Identificação do Relatório: Explorer.exe3

Error: (08/02/2013 02:35:55 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7600.16768, carimbo de hora: 0x4d688122
Nome do módulo de falhas: SHELL32.dll, versão: 6.1.7600.17038, carimbo de hora: 0x4fd2dd43
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00000000001eb713
Identificação do processo com falha: 0x66a8
Hora de início do aplicativo com falha: 0xExplorer.exe0
Caminho do aplicativo com falha: Explorer.exe1
FCaminho do módulo de falhas: Explorer.exe2
Identificação do Relatório: Explorer.exe3

Error: (08/02/2013 02:21:01 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915, carimbo de hora: 0x4ec49d10
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002e24b
Identificação do processo com falha: 0x3ee0
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (08/02/2013 01:21:00 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915, carimbo de hora: 0x4ec49d10
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002e24b
Identificação do processo com falha: 0x3418
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (08/02/2013 00:47:02 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7600.16768, carimbo de hora: 0x4d688122
Nome do módulo de falhas: SHELL32.dll, versão: 6.1.7600.17038, carimbo de hora: 0x4fd2dd43
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00000000001eb713
Identificação do processo com falha: 0xf9c
Hora de início do aplicativo com falha: 0xExplorer.exe0
Caminho do aplicativo com falha: Explorer.exe1
FCaminho do módulo de falhas: Explorer.exe2
Identificação do Relatório: Explorer.exe3

Error: (08/02/2013 00:21:00 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915, carimbo de hora: 0x4ec49d10
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002e24b
Identificação do processo com falha: 0x5fbc
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (08/02/2013 11:21:00 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915, carimbo de hora: 0x4ec49d10
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002e24b
Identificação do processo com falha: 0x5e8c
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (08/02/2013 10:21:00 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915, carimbo de hora: 0x4ec49d10
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002e24b
Identificação do processo com falha: 0x574c
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (08/02/2013 09:21:00 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915, carimbo de hora: 0x4ec49d10
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002e24b
Identificação do processo com falha: 0x4c14
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3


System errors:
=============
Error: (08/02/2013 02:36:03 PM) (Source: Disk) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR3.

Error: (08/01/2013 08:06:47 PM) (Source: Service Control Manager) (User: )
Description: O serviço Escuta do Grupo Doméstico terminou com o erro específico de serviço %%-2147023143.

Error: (08/01/2013 08:06:22 PM) (Source: Service Control Manager) (User: )
Description: O serviço Firewall do Windows terminou com o erro específico de serviço %%13.

Error: (08/01/2013 04:41:34 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (08/01/2013 03:43:10 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (07/31/2013 00:33:38 PM) (Source: Service Control Manager) (User: )
Description: O serviço Escuta do Grupo Doméstico terminou com o erro específico de serviço %%-2147023143.

Error: (07/31/2013 00:32:51 PM) (Source: Service Control Manager) (User: )
Description: O serviço Firewall do Windows terminou com o erro específico de serviço %%13.

Error: (07/31/2013 00:32:13 PM) (Source: Service Control Manager) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Serviço de Interface de Repositório de Rede, mas essa ação falhou com o seguinte erro:
%%1056

Error: (07/31/2013 00:32:13 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Serviço SSTP devido ao seguinte erro:
%%1069

Error: (07/31/2013 00:32:13 PM) (Source: Service Control Manager) (User: )
Description: O serviço SstpSvc não pôde fazer logon como NT Authority\LocalService com a senha configurada atualmente devido ao seguinte erro:
%%50

Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-05-24 13:23:40.192
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-24 13:23:40.145
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-24 13:23:40.114
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-24 13:23:40.051
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-08 15:56:27.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-08 15:56:27.437
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-08 15:56:27.390
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-08 15:56:27.343
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-23 10:50:23.920
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-23 10:50:23.889
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 4043.86 MB
Available physical RAM: 1745.04 MB
Total Pagefile: 8085.86 MB
Available Pagefile: 5741.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:551.46 GB) (Free:195.98 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:21.02 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: () (Removable) (Total:14.91 GB) (Free:10.43 GB) NTFS (Disk=1 Partition=1)
Drive h: (201003082340) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive x: (Novo volume) (Fixed) (Total:19.53 GB) (Free:19.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 5C957B58)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=551 GB) - (Type=42)
Partition 4: (Not Active) - (Size=45 GB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================

# AdwCleaner v2.306 - Relatório criado em 02/08/2013 às 16:15:39
# Atualizado em 19/07/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : Usuario - USUARIO-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Usuario\Desktop\AdwCleaner.exe
# Opção [Remover]


***** [Serviços] *****

Encerrado & Removido : Browser Manager

***** [Arquivos/Pastas] *****

Arquivo Removido : C:\END
Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Users\Borzinho\AppData\Roaming\Mozilla\Firefox\Profiles\w8047gmf.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Users\Usuario\AppData\Local\funmoods.crx
Arquivo Removido : C:\Users\Usuario\AppData\Local\funmoods-speeddial.crx
Arquivo Removido : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Removido : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Removido : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\wvhjgv5t.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\wvhjgv5t.default\bprotector_prefs.js
Arquivo Removido : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\wvhjgv5t.default\searchplugins\Babylon.xml
Arquivo Removido : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\wvhjgv5t.default\searchplugins\mngr.xml
Pasta Removido : C:\Program Files (x86)\1ClickDownload
Pasta Removido : C:\Program Files (x86)\Conduit
Pasta Removido : C:\Program Files (x86)\FreeSoundRecorder
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\boost_interprocess
Pasta Removido : C:\ProgramData\Browser Manager
Pasta Removido : C:\Users\Usuario\AppData\Local\Conduit
Pasta Removido : C:\Users\Usuario\AppData\LocalLow\Conduit
Pasta Removido : C:\Users\Usuario\AppData\LocalLow\FreeSoundRecorder
Pasta Removido : C:\Users\Usuario\AppData\LocalLow\Funmoods
Pasta Removido : C:\Users\Usuario\AppData\LocalLow\PriceGong
Pasta Removido : C:\Users\Usuario\AppData\Roaming\Babylon
Pasta Removido : C:\Users\Usuario\AppData\Roaming\file scout
Pasta Removido : C:\Users\Usuario\AppData\Roaming\OpenCandy

***** [Registro] *****

Chave Removida : HKCU\Software\1ClickDownload
Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\AppDataLow\Software\Conduit
Chave Removida : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Removida : HKCU\Software\AppDataLow\Software\FreeSoundRecorder
Chave Removida : HKCU\Software\AppDataLow\Software\PriceGong
Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar
Chave Removida : HKCU\Software\AppDataLow\Toolbar
Chave Removida : HKCU\Software\BabSolution
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\filescout
Chave Removida : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chave Removida : HKCU\Software\5828a8fe03ebf41
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Chave Removida : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Chave Removida : HKLM\SOFTWARE\Classes\f
Chave Removida : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chave Removida : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Chave Removida : HKLM\SOFTWARE\Classes\oneclick
Chave Removida : HKLM\SOFTWARE\Classes\oneclickmg
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2849856
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\FreeSoundRecorder
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Chave Removida : HKLM\Software\PIP
Chave Removida : HKLM\SOFTWARE\Wow6432Node\5828a8fe03ebf41
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8424640D-EA23-4B07-8C02-BAB1B5FC3C61}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6EA3B14-6BB4-49AE-8B0E-D14A4B6F5D95}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Dados Removida : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261519~1.190\{c16c1~1\mngr.dll
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Valor Removida : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16476

Substituído : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyDzy0B0B0CtB0DtB0CtDtN0D0Tzu0CtByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2061528939 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (pt-BR)

Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\wvhjgv5t.default\prefs.js

C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\wvhjgv5t.default\user.js ... Removido !

Removida : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110824&tt=4712_4&babsrc=HP[...]
Removida : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Removida : user_pref("extensions.BabylonToolbar.admin", false);
Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Removida : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar.id", "34dfd2c0000000000000c018850798c2");
Removida : user_pref("extensions.BabylonToolbar.instlDay", "15669");
Removida : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Removida : user_pref("extensions.BabylonToolbar_i.newTab", true);
Removida : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4712_[...]
Removida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Removida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:33:49");

Arquivo : C:\Users\Borzinho\AppData\Roaming\Mozilla\Firefox\Profiles\w8047gmf.default\prefs.js

[OK] Arquivo está limpo.

Arquivo : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\jf2nr3ni.default\prefs.js

[OK] Arquivo está limpo.

-\\ Google Chrome v28.0.1500.95

Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

Arquivo : C:\Users\Borzinho\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

Arquivo : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [17136 octets] - [02/08/2013 16:15:39]

########## EOF - C:\AdwCleaner[S1].txt - [17197 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by Usuario at 2013-08-02 16:46:03 Run:1
Running from C:\Users\Usuario\Desktop
Boot Mode: Normal
==============================================

C:\Program Files\6f => Moved successfully.
C:\71a => Moved successfully.
C:\Users\Usuario\AppData\Roaming\70 => Moved successfully.
C:\Users\Borzinho\AppData\Roaming\70 => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\366.js not found.
C:\Users\Borzinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\366.js not found.
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\366.js not found.
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\366.js not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\662d => Value deleted successfully.
HKU\Borzinho\Software\Microsoft\Windows\CurrentVersion\Run\\662d => Value deleted successfully.
G:\70707 => Moved successfully.
G:\70707.lnk => Moved successfully.
G:\autorun.inf => Moved successfully.
G:\c4c4c => Moved successfully.
G:\c4c4c.lnk => Moved successfully.
G:\f6f6 => Moved successfully.
G:\f6f6.lnk => Moved successfully.

========= attrib /d /s -s -h G:\* =========


========= End of CMD: =========


==== End of Fixlog ====

############################## | UsbFix V 7.129 | [Listing]

Usuário: Usuario (Administrador) # USUARIO-PC
Atualizado em 24/06/2013 por El Desaparecido
Começou em 16:59:32 | 02/08/2013

Site: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contato: [email]contact@sosvirus.net[/email]

PC: Hewlett-Packard (HP Pavilion g4 Notebook PC ) (x64-based PC)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2501)
RAM -> [Total : 4044 | Free : 2646]
BIOS: InsydeH2O Version 03.61.01F.42
BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 551 Gb (196 Mb livre - 36%) [] # NTFS
D:\ -> Disco fixo # 21 Gb (2 Mb livre - 11%) [Recovery] # NTFS
E:\ -> Disco fixo # 4 Gb (1 Mb livre - 27%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disco removível # 15 Gb (10 Mb livre - 70%) [] # NTFS
H:\ -> CD-ROM
X:\ -> Disco fixo # 20 Gb (19 Mb livre - 100%) [Novo volume] # NTFS

################## | Listing |

[25/05/2013 - 23:53:43 | SHD ] C:\$RECYCLE.BIN
[02/08/2013 - 16:29:43 | D ] C:\32788R22FWJFW
[01/07/2012 - 02:17:21 | D ] C:\3a596edab9c07760f4436b
[02/08/2013 - 16:46:07 | SHD ] C:\71a
[02/05/2012 - 22:22:42 | D ] C:\AMD
[09/04/2012 - 10:20:59 | SHD ] C:\Arquivos de Programas
[24/05/2013 - 13:26:42 | A | 621751] C:\ComboFix.txt
[14/07/2009 - 02:08:56 | SHD ] C:\Documents and Settings
[09/04/2012 - 13:27:14 | D ] C:\Driversss
[17/05/2013 - 15:59:55 | D ] C:\f9d7175b3cfb5c61f70a
[11/02/2013 - 20:12:35 | D ] C:\found.000
[02/08/2013 - 15:30:55 | D ] C:\FRST
[02/08/2013 - 16:56:51 | ASH | 3180220416] C:\hiberfil.sys
[01/05/2012 - 14:41:29 | D ] C:\i68Backups
[09/04/2012 - 11:35:30 | D ] C:\IDE
[09/04/2012 - 13:31:28 | D ] C:\Intel
[09/04/2012 - 11:34:28 | RD ] C:\MSOCache
[02/08/2013 - 16:56:57 | ASH | 4240293888] C:\pagefile.sys
[14/07/2009 - 00:20:08 | D ] C:\PerfLogs
[02/08/2013 - 16:46:04 | RD ] C:\Program Files
[02/08/2013 - 16:15:44 | RD ] C:\Program Files (x86)
[02/08/2013 - 16:15:44 | D ] C:\ProgramData
[24/05/2013 - 13:26:44 | D ] C:\Qoobox
[09/04/2012 - 10:20:59 | D ] C:\Recovery
[03/07/2013 - 17:43:18 | D ] C:\RRPG
[02/08/2013 - 14:38:36 | D ] C:\rsit
[02/08/2013 - 07:56:11 | SHD ] C:\System Volume Information
[02/08/2013 - 16:59:34 | D ] C:\UsbFix
[02/08/2013 - 15:26:48 | A | 5216] C:\UsbFix [Listing 1 ] USUARIO-PC.txt
[02/08/2013 - 16:59:34 | A | 2636] C:\UsbFix [Listing 2 ] USUARIO-PC.txt
[15/08/2012 - 19:17:34 | RD ] C:\Users
[05/07/2012 - 20:53:54 | D ] C:\wamp
[02/08/2013 - 15:30:58 | D ] C:\Windows
[15/08/2012 - 19:17:38 | D ] D:\$RECYCLE.BIN
[02/08/2013 - 15:31:46 | RAD ] D:\boot
[14/07/2009 - 15:39:00 | RASH | 383562] D:\bootmgr
[23/05/2010 - 09:55:46 | RASH | 67] D:\Desktop.ini
[07/04/2012 - 03:34:43 | AD ] D:\FactoryUpdate
[07/04/2012 - 03:34:43 | RAD ] D:\hp
[07/04/2012 - 03:33:39 | RASH | 8] D:\HP_WSD.dat
[07/04/2012 - 03:34:43 | RD ] D:\preload
[07/04/2012 - 03:34:43 | RD ] D:\recovery
[07/04/2012 - 03:34:43 | D ] D:\RM_Reserve
[07/04/2012 - 06:06:20 | SHD ] D:\System Volume Information
[12/12/2011 - 00:41:02 | D ] E:\Hewlett-Packard
[12/12/2011 - 01:00:22 | SHD ] E:\$RECYCLE.BIN
[07/04/2012 - 14:33:40 | A | 8] E:\HP_WSD.dat
[02/08/2013 - 16:46:04 | SHD ] G:\70707
[02/07/2013 - 14:38:23 | A | 647415] G:\Apostila de Planos de amortizacao.pdf
[02/08/2013 - 16:59:30 | A | 3279] G:\autorun.inf
[06/07/2013 - 12:40:08 | SHD ] G:\Eternal Sunshine of the Spotless Mind 2004 Blu-ray 720p x264 HDBRiSe
[02/08/2013 - 16:58:20 | A | 1782] G:\Eternal Sunshine of the Spotless Mind 2004 Blu-ray 720p x264 HDBRiSe.lnk
[02/07/2013 - 14:36:22 | A | 19426] G:\Hegon Felipe Pacheco Damaso.docx
[05/07/2013 - 21:44:34 | A | 46639] G:\Lista 08 - Hegon - Turma P.xlsx
[02/07/2013 - 14:36:44 | A | 355980] G:\Lista 7 - Inflacao.pdf
[23/07/2013 - 01:15:15 | A | 365198] G:\Lista de REVISAO 2.pdf
[11/07/2013 - 22:04:35 | A | 46592] G:\Projeto de Acao Social - ETAPA 1.doc
[24/07/2013 - 15:40:25 | A | 38912] G:\Respostas Politica.doc
[05/07/2013 - 21:31:39 | A | 165] G:\~$Lista 08 - Hegon - Turma P.xlsx
[06/11/2003 - 08:28:14 | R | 23558] H:\Autorun.ico
[08/03/2010 - 21:39:14 | R | 114] H:\BaixeHoje.com - By DigauMmM.url
[04/08/2009 - 16:50:05 | D ] H:\Bonus
[04/08/2009 - 16:50:04 | D ] H:\DATA
[04/08/2009 - 16:49:39 | D ] H:\FrontPage
[04/08/2009 - 16:48:57 | D ] H:\Office
[04/08/2009 - 16:48:49 | D ] H:\OneNote
[25/09/2004 - 15:58:58 | R | 1508] H:\autorun.apm
[10/12/2002 - 04:00:30 | R | 1089536] H:\autorun.exe
[25/09/2004 - 15:59:00 | R | 47] H:\autorun.inf
[15/08/2012 - 19:17:38 | D ] X:\$RECYCLE.BIN
[25/06/2012 - 16:57:05 | SHD ] X:\System Volume Information
[10/01/2013 - 14:18:25 | D ] X:\Temp

################## | E.O.F |

RogueKiller V8.6.4 _x64_ [Jul 29 2013] Por Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7600 ) 64 bits version
Iniciado em : Modo Normal
Usuario : Usuario [Privilegios de Admnistrador]
Modo : Verificar -- Data : 08/02/2013 17:09:47
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : 662d (C:\Users\Usuario\AppData\Roaming\70\662d.js [-]) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-21-3308939878-3132465996-936716146-1000\[...]\Run : 662d (C:\Users\Usuario\AppData\Roaming\70\662d.js [-]) -> ENCONTRADO
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (0) -> ENCONTRADO
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> ENCONTRADO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> ENCONTRADO
[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> ENCONTRADO
[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> ENCONTRADO
[HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 0 ¤¤¤

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6476GSX +++++
--- User ---
[MBR] 0cc3a470099e5e12827d9d8ff5de5095
[BSP] db08a3ba546e0ce3db5b981e6e92c98d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 564693 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1156900864 | Size: 45586 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ef8a2d6e57253d4bb5a5f42edf5c1174
[BSP] db08a3ba546e0ce3db5b981e6e92c98d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584693 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1197860864 | Size: 21523 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo

+++++ PhysicalDrive1: TOSHIBA MK6476GSX +++++
--- User ---
[MBR] bc164479126099e852105cd9cb100bb8
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Concluido : << RKreport[0]_S_08022013_170947.txt >>