Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

IuriMattos

[Resolvido] &nbspTela Azul - Memoria? ou Erro no sistema?

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

IuriMattos    0

IuriMattos
Postado

Olá. Primeiramente gostaria de agradecer a grande ajuda do Antonio Vieira Sobrinho que me ajudou no seguinte tópico: http://forum.imasters.com.br/topic/447247-virutbrontokacumulo-de-memoria/

 

Seguinte, estou com um HD SATA 1 (antigo não. @_@) e o coloquei como escravo, estava tudo certo. Porêm, ele estava dando tela azul quando eu abria programas que puxava muito da memoria (jogos, editores do foto, editores de video) mas, precisamente em jogos.

Eu notei que havia uma processo "SVCHOST.EXE" acumulado de grande tamnho algo como 41.500K de memória usada. Então, achei que havia algo errado. Pois bem, fiz uma séria mudanças e voltou a ficar normal.

 

Agora, eu formatei o PC novamente e este problema voltou a acontecer. Não estou lembrado exatamente o que eu fiz mas, tenho pequenas recordações que teve algo haver com esse "svchost.exe" então, se alguém poder me dar uma LUZ eu agradeço.

 

Segue abaixo o log do Hijack.this

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:28:56, on 16/01/2012

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\conime.exe

C:\Users\Iuri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Iuri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Iuri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Iuri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Iuri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

D:\IuriMattos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Iuri\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 6027 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! IuriMattos

 

|- Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

 

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

 

|- Salve-o no desktop! < 98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg >

 

|- Duplo clique em OTL.exe --> Executar: c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

 

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )

|- Ps: Para Windows 7 ou Vista,clique direito e execute-o como "Administrador".

|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )

|- Poste,também,o relatório "Extras".

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

IuriMattos    0

IuriMattos
Postado

OTL logfile created on: 16/01/2012 20:17:43 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Iuri\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,39% Memory free

4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,53 Gb Total Space | 57,77 Gb Free Space | 77,51% Space Free | Partition Type: NTFS

Drive D: | 298,09 Gb Total Space | 198,54 Gb Free Space | 66,60% Space Free | Partition Type: NTFS

 

Computer Name: IURI-PC | User Name: Iuri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/01/16 20:16:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Iuri\Desktop\OTL.exe

PRC - [2012/01/15 22:36:22 | 001,245,064 | ---- | M] () -- C:\Arquivos de programas\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2008/04/17 01:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/03/09 11:20:26 | 000,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

PRC - [2008/01/21 00:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/21 00:33:24 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2008/01/21 00:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Defender\MSASCui.exe

PRC - [2008/01/21 00:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Sidebar\sidebar.exe

PRC - [2007/10/18 11:34:46 | 005,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

PRC - [2007/08/24 19:07:00 | 000,149,864 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Common Files\Symantec Shared\ccSvcHst.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/01/05 07:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

MOD - [2012/01/05 07:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

MOD - [2012/01/05 07:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll

MOD - [2012/01/05 07:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll

MOD - [2012/01/05 07:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll

MOD - [2012/01/05 05:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

MOD - [2012/01/05 05:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Iuri\AppData\Local\Google\Chrome\APPLIC~1\160912~1.75\gcswf32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2012/01/15 22:36:22 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/03/09 11:20:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2008/01/21 00:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/08/24 19:07:00 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)

SRV - [2007/08/24 19:07:00 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2007/08/24 19:07:00 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2007/08/24 19:07:00 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2007/08/23 10:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/08/23 10:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/21 21:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2012/01/15 22:36:56 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/04/23 01:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080423.039\NAVEX15.SYS -- (NAVEX15)

DRV - [2008/04/23 01:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080423.039\NAVENG.SYS -- (NAVENG)

DRV - [2008/01/21 00:32:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)

DRV - [2007/08/17 11:23:00 | 000,446,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2007/08/15 11:27:00 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20070823.002\IDSvix86.sys -- (IDSvix86)

DRV - [2007/08/13 10:50:00 | 000,188,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2007/08/13 10:50:00 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2007/08/09 14:27:00 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2007/08/09 14:27:00 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymIM.sys -- (SymIM)

DRV - [2007/08/08 13:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2007/07/30 20:43:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2007/07/30 20:43:00 | 000,278,576 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)

DRV - [2007/07/30 20:43:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2006/11/02 05:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Codecs\Klite Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Codecs\Klite Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Codecs\Klite Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Codecs\Klite Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Iuri\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Iuri\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

 

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Iuri\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Codecs\Klite Codecs\Real\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Codecs\Klite Codecs\Real\browser\plugins\nprpjplug.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Iuri\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Iuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Pesquisa do Google = C:\Users\Iuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Gmail = C:\Users\Iuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006/09/18 19:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de Programas\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Arquivos de Programas\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de Programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de Programas\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de Programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de Programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [isCfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe (Symantec Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.24.10 209.55.24.11 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56C26A51-C1DB-4C3B-AF9A-CA6BD7076260}: DhcpNameServer = 209.55.24.10 209.55.24.11 192.168.0.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Iuri\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Iuri\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 19:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/09/18 19:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{dcddb5be-3fd8-11e1-a642-806e6f6e6963}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/16 20:16:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Iuri\Desktop\OTL.exe

[2012/01/16 10:24:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/01/16 10:23:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/16 10:23:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/01/16 10:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/01/16 10:13:33 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012/01/16 10:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/01/16 09:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate

[2012/01/16 09:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue

[2012/01/16 09:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate

[2012/01/16 09:33:07 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Publish Providers

[2012/01/16 09:30:26 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Sony

[2012/01/16 09:30:26 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Sony

[2012/01/16 09:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

[2012/01/16 09:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2012/01/16 00:39:35 | 000,000,000 | ---D | C] -- C:\Users\Iuri\DoctorWeb

[2012/01/16 00:28:35 | 000,000,000 | ---D | C] -- C:\Users\Iuri\Documents\GTA San Andreas User Files

[2012/01/15 23:47:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/01/15 23:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2012/01/15 23:37:18 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\CrashRpt

[2012/01/15 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Macromedia

[2012/01/15 23:26:49 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2012/01/15 23:26:35 | 000,000,000 | -HSD | C] -- C:\Boot

[2012/01/15 23:26:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM

[2012/01/15 23:24:38 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/01/15 23:13:59 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Google

[2012/01/15 23:13:13 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Deployment

[2012/01/15 23:13:13 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Apps

[2012/01/15 23:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.2

[2012/01/15 23:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All

[2012/01/15 23:05:16 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Adobe

[2012/01/15 23:03:51 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Skype

[2012/01/15 23:02:06 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/01/15 23:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/01/15 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\WinRAR

[2012/01/15 22:52:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang

[2012/01/15 22:47:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM

[2012/01/15 22:46:59 | 001,773,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll

[2012/01/15 22:46:57 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll

[2012/01/15 22:46:57 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll

[2012/01/15 22:46:57 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll

[2012/01/15 22:46:57 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll

[2012/01/15 22:46:52 | 006,111,232 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2012/01/15 22:46:48 | 001,929,216 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll

[2012/01/15 22:46:48 | 000,155,648 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll

[2012/01/15 22:46:47 | 000,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll

[2012/01/15 22:46:47 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll

[2012/01/15 22:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012/01/15 22:46:45 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information

[2012/01/15 22:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2012/01/15 22:45:52 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll

[2012/01/15 22:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2012/01/15 22:45:35 | 000,000,000 | ---D | C] -- C:\Intel

[2012/01/15 22:42:10 | 000,000,000 | ---D | C] -- C:\Users\Iuri\Documents\Meus arquivos recebidos

[2012/01/15 22:41:25 | 000,000,000 | R--D | C] -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/01/15 22:41:25 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Searches

[2012/01/15 22:41:25 | 000,000,000 | R--D | C] -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/01/15 22:41:13 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Identities

[2012/01/15 22:41:11 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Contacts

[2012/01/15 22:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar

[2012/01/15 22:39:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012/01/15 22:39:11 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller

[2012/01/15 22:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2012/01/15 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/01/15 22:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WLInstaller

[2012/01/15 22:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

[2012/01/15 22:38:47 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2012/01/15 22:38:46 | 000,389,120 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm

[2012/01/15 22:38:46 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2012/01/15 22:38:46 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2012/01/15 22:38:45 | 000,682,496 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll

[2012/01/15 22:38:45 | 000,081,920 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll

[2012/01/15 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Real

[2012/01/15 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Real

[2012/01/15 22:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2012/01/15 22:38:44 | 000,000,000 | ---D | C] -- C:\Codecs

[2012/01/15 22:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP

[2012/01/15 22:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP

[2012/01/15 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker 2.6

[2012/01/15 22:38:23 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Adobe

[2012/01/15 22:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012/01/15 22:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/01/15 22:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/01/15 22:37:32 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\VirtualStore

[2012/01/15 22:37:32 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Roaming\Symantec

[2012/01/15 22:37:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/01/15 22:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security

[2012/01/15 22:35:46 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2012/01/15 22:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/01/15 22:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2012/01/15 22:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/01/15 22:35:09 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2012/01/15 22:34:30 | 000,000,000 | --SD | C] -- C:\Users\Iuri\AppData\Roaming\Microsoft

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Videos

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Saved Games

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Pictures

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Music

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Links

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Favorites

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Downloads

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Documents

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\Desktop

[2012/01/15 22:34:30 | 000,000,000 | R--D | C] -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\AppData\Local\Temporary Internet Files

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\SendTo

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Recent

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Modelos

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Documents\Minhas músicas

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Documents\Minhas imagens

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Documents\Meus vídeos

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Meus documentos

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Menu Iniciar

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\AppData\Local\Histórico

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Dados de aplicativos

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\AppData\Local\Dados de aplicativos

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Cookies

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Configurações locais

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Ambiente de rede

[2012/01/15 22:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Iuri\Ambiente de impressão

[2012/01/15 22:34:30 | 000,000,000 | -H-D | C] -- C:\Users\Iuri\AppData

[2012/01/15 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Temp

[2012/01/15 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\Iuri\AppData\Local\Microsoft

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\Sistema

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\Arquivos de programas

[2012/01/15 22:32:49 | 000,000,000 | -HSD | C] -- C:\Program Files\Arquivos Comuns

[2012/01/15 22:32:33 | 000,000,000 | ---D | C] -- C:\Windows\Debug

[2012/01/15 22:29:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/01/15 22:27:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2012/01/15 22:27:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/16 20:19:02 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1144204456-2462056634-1243984846-1000UA.job

[2012/01/16 20:17:43 | 000,682,650 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2012/01/16 20:17:43 | 000,631,438 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/01/16 20:17:43 | 000,142,634 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2012/01/16 20:17:43 | 000,118,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/01/16 20:17:00 | 000,003,584 | ---- | M] () -- C:\Users\Iuri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/16 20:16:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Iuri\Desktop\OTL.exe

[2012/01/16 20:11:31 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/16 20:11:31 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/16 20:11:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/16 20:11:23 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/16 12:22:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

[2012/01/16 12:08:13 | 214,989,055 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/01/16 10:16:29 | 000,000,636 | ---- | M] () -- C:\Users\Iuri\Desktop\Shadow War.lnk

[2012/01/16 10:13:35 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/01/16 09:48:56 | 000,228,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/01/16 09:33:13 | 000,000,763 | ---- | M] () -- C:\Users\Iuri\Desktop\vegas90 - Atalho.lnk

[2012/01/16 00:28:32 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.2.lnk

[2012/01/15 23:26:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2012/01/15 23:24:39 | 000,002,053 | ---- | M] () -- C:\Users\Iuri\Desktop\Google Chrome.lnk

[2012/01/15 23:19:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1144204456-2462056634-1243984846-1000Core.job

[2012/01/15 22:55:14 | 000,016,064 | ---- | M] () -- C:\Windows\System32\results.xml

[2012/01/15 22:50:28 | 000,000,680 | ---- | M] () -- C:\Users\Iuri\AppData\Local\d3d9caps.dat

[2012/01/15 22:38:34 | 000,001,768 | ---- | M] () -- C:\Users\Iuri\Desktop\CDBurnerXP.lnk

[2012/01/15 22:38:06 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2012/01/15 22:37:14 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/01/15 22:36:56 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2012/01/15 22:36:56 | 000,010,652 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2012/01/15 22:36:56 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2012/01/15 22:30:49 | 000,054,574 | ---- | M] () -- C:\Windows\System32\license.rtf

[2012/01/15 22:30:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

 

========== Files Created - No Company Name ==========

 

[2012/01/16 10:16:29 | 000,000,636 | ---- | C] () -- C:\Users\Iuri\Desktop\Shadow War.lnk

[2012/01/16 10:13:35 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/01/16 09:48:02 | 214,989,055 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/01/16 09:47:43 | 000,228,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/01/16 09:33:13 | 000,000,763 | ---- | C] () -- C:\Users\Iuri\Desktop\vegas90 - Atalho.lnk

[2012/01/15 23:26:36 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK

[2012/01/15 23:26:35 | 000,333,203 | RHS- | C] () -- C:\bootmgr

[2012/01/15 23:26:13 | 000,008,552 | R--- | C] () -- C:\Windows\System32\OEMLOGO.BMP

[2012/01/15 23:24:39 | 000,002,053 | ---- | C] () -- C:\Users\Iuri\Desktop\Google Chrome.lnk

[2012/01/15 23:14:01 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1144204456-2462056634-1243984846-1000UA.job

[2012/01/15 23:14:00 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1144204456-2462056634-1243984846-1000Core.job

[2012/01/15 23:11:35 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.2.lnk

[2012/01/15 23:03:31 | 000,003,584 | ---- | C] () -- C:\Users\Iuri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/15 22:55:14 | 000,016,064 | ---- | C] () -- C:\Windows\System32\results.xml

[2012/01/15 22:53:13 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2012/01/15 22:53:13 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp

[2012/01/15 22:53:12 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2012/01/15 22:53:12 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2012/01/15 22:53:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2012/01/15 22:53:12 | 000,027,152 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp

[2012/01/15 22:53:12 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp

[2012/01/15 22:48:46 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss

[2012/01/15 22:41:31 | 000,000,965 | ---- | C] () -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/01/15 22:41:24 | 000,000,960 | ---- | C] () -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/01/15 22:41:11 | 000,000,931 | ---- | C] () -- C:\Users\Iuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2012/01/15 22:40:32 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galeria de Fotos do Windows Live.lnk

[2012/01/15 22:40:21 | 000,000,252 | ---- | C] () -- C:\Windows\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

[2012/01/15 22:40:11 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012/01/15 22:38:47 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/01/15 22:38:46 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2012/01/15 22:38:46 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2012/01/15 22:38:46 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2012/01/15 22:38:45 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2012/01/15 22:38:45 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012/01/15 22:38:34 | 000,001,768 | ---- | C] () -- C:\Users\Iuri\Desktop\CDBurnerXP.lnk

[2012/01/15 22:38:31 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk

[2012/01/15 22:38:06 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2012/01/15 22:38:06 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk

[2012/01/15 22:37:14 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/01/15 22:35:46 | 000,010,652 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2012/01/15 22:35:46 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2012/01/15 22:34:31 | 000,000,680 | ---- | C] () -- C:\Users\Iuri\AppData\Local\d3d9caps.dat

[2012/01/15 22:31:35 | 2136,137,728 | -HS- | C] () -- C:\hiberfil.sys

[2012/01/15 22:30:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2008/01/21 04:32:34 | 000,682,650 | ---- | C] () -- C:\Windows\System32\prfh0416.dat

[2008/01/21 04:32:34 | 000,318,818 | ---- | C] () -- C:\Windows\System32\prfi0416.dat

[2008/01/21 04:32:34 | 000,142,634 | ---- | C] () -- C:\Windows\System32\prfc0416.dat

[2008/01/21 04:32:34 | 000,037,412 | ---- | C] () -- C:\Windows\System32\prfd0416.dat

[2008/01/21 00:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006/11/02 10:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:33:01 | 000,631,438 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 08:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 08:33:01 | 000,118,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 08:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 08:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 06:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 06:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 05:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 05:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 05:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

 

========== LOP Check ==========

 

[2012/01/16 09:33:07 | 000,000,000 | ---D | M] -- C:\Users\Iuri\AppData\Roaming\Publish Providers

[2012/01/16 09:33:04 | 000,000,000 | ---D | M] -- C:\Users\Iuri\AppData\Roaming\Sony

[2012/01/16 13:07:36 | 000,008,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/01/16 12:22:00 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

 

========== Purity Check ==========

 

 

 

< End of report >

 

/////////////////////////////////

 

Extras.txt

 

OTL Extras logfile created on: 16/01/2012 20:17:43 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Iuri\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,39% Memory free

4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,53 Gb Total Space | 57,77 Gb Free Space | 77,51% Space Free | Partition Type: NTFS

Drive D: | 298,09 Gb Total Space | 198,54 Gb Free Space | 66,60% Space Free | Partition Type: NTFS

 

Computer Name: IURI-PC | User Name: Iuri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{9483F49F-33E6-4B99-85C2-F2A5BE002F6A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CAB146E6-5B94-4684-9079-3BD8BF870562}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0639FF34-B533-4EC1-AB3B-A3881CC6751C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1792C0E9-ABF7-4CEC-8A0A-97FE77AF511D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{1923FC19-4964-4357-A184-F044BB822125}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"TCP Query User{096CDC97-8794-4B03-B255-6063087FCF36}D:\iurimattos\shadowwar\sw.exe" = protocol=6 | dir=in | app=d:\iurimattos\shadowwar\sw.exe |

"TCP Query User{60FC9C81-B271-447A-BBEC-426108972AAF}D:\iurimattos\garena classic\garena.exe" = protocol=6 | dir=in | app=d:\iurimattos\garena classic\garena.exe |

"TCP Query User{C012ED4D-190D-4DDF-8E3A-712C42121205}D:\iurimattos\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\iurimattos\skype\phone\skype.exe |

"TCP Query User{D028ACD0-8CF8-4319-8DFF-BC0B41CF3EA8}D:\iurimattos\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\iurimattos\warcraft iii\war3.exe |

"TCP Query User{E6204F0F-1BE6-4A92-85D2-25405CF537D3}D:\downloads\skype.exe" = protocol=6 | dir=in | app=d:\downloads\skype.exe |

"UDP Query User{0AEC2FFF-4556-4F17-BE76-33F91999F1FD}D:\iurimattos\shadowwar\sw.exe" = protocol=17 | dir=in | app=d:\iurimattos\shadowwar\sw.exe |

"UDP Query User{489AFA95-68BE-48D3-81ED-C5427A0C3A42}D:\iurimattos\garena classic\garena.exe" = protocol=17 | dir=in | app=d:\iurimattos\garena classic\garena.exe |

"UDP Query User{818F185D-7328-46A0-993A-7F529D64B833}D:\iurimattos\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\iurimattos\skype\phone\skype.exe |

"UDP Query User{832A0C0F-1CAD-4B3B-A579-EC4F972F5C58}D:\downloads\skype.exe" = protocol=17 | dir=in | app=d:\downloads\skype.exe |

"UDP Query User{8B61583E-0621-4C39-B2F2-EBA1F957D7C2}D:\iurimattos\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\iurimattos\warcraft iii\war3.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework

"{3A417047-2E30-4D05-8977-F706D40BFF39}" = Windows Live installer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{449480D4-67ED-4104-A8C0-21E08B08D592}" = Windows Live Mail

"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core

"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center

"{6FEE62BC-67E3-4083-BEE2-3C33A487F85C}" = Windows Live Toolbar

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{817225E1-9BEA-4F2C-A4E6-CA3D022BB45E}" = Galeria de Fotos do Windows Live

"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}" = Windows Live Messenger

"{98ADF875-648F-3E73-8F3B-010C2464C948}" = Microsoft .NET Framework 4 Extended PTB Language Pack

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1046-7B44-A81000000003}" = Adobe Reader 8.1.0 - Português

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistente de Conexão do Windows Live

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component

"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB61641F-6892-4926-A5CD-DB131DC6BE08}" = Windows Live Writer

"HDMI" = Intel® Graphics Media Accelerator Driver

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

"MTA:SA 1.2" = MTA:SA v1.2

"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas

"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas

"NewBlue Art Blends" = NewBlue Art Blends

"NewBlue Art Effects" = NewBlue Art Effects

"NewBlue Cartoonr for Vegas" = NewBlue Cartoonr for Vegas

"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas

"NewBlue Motion Blends" = NewBlue Motion Blends

"NewBlue Motion Effects" = NewBlue Motion Effects

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)

"Windows Live Toolbar" = Windows Live Toolbar

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 16/01/2012 07:49:12 | Computer Name = Iuri-PC | Source = Windows Search Service | ID = 3038

Description =

 

Error - 16/01/2012 07:49:30 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 16/01/2012 07:49:43 | Computer Name = Iuri-PC | Source = Windows Search Service | ID = 3028

Description =

 

Error - 16/01/2012 07:49:43 | Computer Name = Iuri-PC | Source = Windows Search Service | ID = 3058

Description =

 

Error - 16/01/2012 08:01:02 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 16/01/2012 08:15:26 | Computer Name = Iuri-PC | Source = SideBySide | ID = 16842785

Description = Falha na geração de contexto de ativação para "D:\IuriMattos\ShadowWar\CrashSender64.exe".

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 16/01/2012 08:22:50 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 16/01/2012 08:47:27 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 16/01/2012 10:08:46 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 16/01/2012 18:12:05 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Description =

 

[ System Events ]

Error - 16/01/2012 08:22:20 | Computer Name = Iuri-PC | Source = HTTP | ID = 15016

Description =

 

Error - 16/01/2012 08:22:50 | Computer Name = Iuri-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 16/01/2012 08:46:58 | Computer Name = Iuri-PC | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

 

Error - 16/01/2012 08:46:58 | Computer Name = Iuri-PC | Source = HTTP | ID = 15016

Description =

 

Error - 16/01/2012 08:47:27 | Computer Name = Iuri-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 16/01/2012 10:08:28 | Computer Name = Iuri-PC | Source = EventLog | ID = 6008

Description = O desligamento anterior do sistema em 12:06:42 em 16/01/2012 não era

esperado.

 

Error - 16/01/2012 10:08:30 | Computer Name = Iuri-PC | Source = HTTP | ID = 15016

Description =

 

Error - 16/01/2012 10:08:46 | Computer Name = Iuri-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 16/01/2012 18:11:30 | Computer Name = Iuri-PC | Source = HTTP | ID = 15016

Description =

 

Error - 16/01/2012 18:12:05 | Computer Name = Iuri-PC | Source = Service Control Manager | ID = 7026

Description =

 

 

< End of report >

 

 

desculpe a minha ignorancia, mas, para que serve esse OTL?

vi que ele tem a mesma função do hijack.this (verificar seu sistema e produzir logs detalhados)

mas, qual a diferença?

 

edit.

Acabei de ter uma tela azul e notei que fala algo sobre este arquivo "ndis.sys"

 

Procurei no relatório de problemas online do windows ele me deu esta solução

 

 

Download and install the driver for your network adapter

your network adapter is missing a driver. An update is available that solves this problem.

 

 

Click to download and install the update from the Realtek Semiconductor Corp website

 

 

Note

You'll need to log in to your account on the Realtek Semiconductor Corp website to access updates and support information. If you don't have your login information, or you are unable to log in, contact Realtek Semiconductor Corp for help.

 

Download and extract the driver files

 

 

Click Save or Save as, and then save the file to your Desktop. If you can’t choose where to save the file, you’ll need to find it and copy it to your Desktop. When you download files, most web browsers save them to the Downloads folder on your computer.

 

To extract the contents of the compressed folder, right-click the folder you saved to the Desktop, click Extract All or Extract Here, and then follow the instructions.

 

Double-click the extracted folder to view its contents.

 

Note

If the folder contains a readme file, release notes or installation instructions, we recommend you read that information before starting the installation.

 

 

Install the driver

 

Click to open Device Manager If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

 

In Device Manager, locate the device you want to update, and then double-click the device name.

 

Click the Driver tab, and then click Update Driver.

 

Click Browse my computer for driver software.

 

Click the Browse button, and then locate the folder that contains the driver files.

 

Note

The driver files might be located in a subfolder of the folder you extracted.

 

Click OK, and then click Next.

 

Follow the instructions to complete the installation of the driver.

 

 

porfavor, me diga se é seguro continuar.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! IuriMattos

 

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

======================

:OTL

O13 - gopher Prefix: missing

O33 - MountPoints2\{dcddb5be-3fd8-11e1-a642-806e6f6e6963}\Shell - "" = AutoRun

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

 

:Commands

[emptyflash]

[emptytemp]

[reboot]

======================

|- Clique no botão Consertar.

|- Ps: A ferramenta irá reiniciar o computador.

|- Ao surgir,clique em executar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

/////°°°°°/////

 

|- Quanto à sua pergunta sobre o OTL,podemos dizer que é ferramenta de diagnóstico e mais completa que o HijackThis.

|- A sua pergunta,pelo que entendi,solicita-me opinião à respeito da atualização do driver de sua placa de rede. Correto?

|- Eu faria essa atualização,para me livrar dessa "tela azul da morte".

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

IuriMattos    0

IuriMattos
Postado

Foi gerado esse bloco de notas

 

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcddb5be-3fd8-11e1-a642-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcddb5be-3fd8-11e1-a642-806e6f6e6963}\ not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Iuri

->Flash cache emptied: 2016 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Iuri

->Temp folder emptied: 159937310 bytes

->Temporary Internet Files folder emptied: 1057250 bytes

->Google Chrome cache emptied: 252237942 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7377834 bytes

RecycleBin emptied: 4114755114 bytes

 

Total Files Cleaned = 4.325,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 01212012_123028

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

Eu atualizei minha placa de rede e agora o computador não da mais tela azul. Obrigado por tudo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! IuriMattos

 

|- Existem,ainda,algumas correções que você pode abortar já que seu problema mais agudo foi solucionado.

|- Podemos reparar,também,alguns erros que não estão no Sistema.

|- Ps: Caso decida executar essas correções,estabeleça previamente um Ponto de restauração.

 

========== ///// ==========

 

Error - 16/01/2012 07:49:12 | Computer Name = Iuri-PC | Source = Windows Search Service | ID = 3038

Error - 16/01/2012 07:49:43 | Computer Name = Iuri-PC | Source = Windows Search Service | ID = 3028

Error - 16/01/2012 07:49:43 | Computer Name = Iuri-PC | Source = Windows Search Service | ID = 3058

 

========== ///// ==========

 

|- Desinstale o "Windows Desktop Search",já que o log de eventos mostra problemas com esse serviço.

|- Baixe e execute este arquivo: < Windows Desktop Search 3.0.1 >

 

 

========== ///// ==========

 

Error - 16/01/2012 07:49:30 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Error - 16/01/2012 08:01:02 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Error - 16/01/2012 08:22:50 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Error - 16/01/2012 08:47:27 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Error - 16/01/2012 10:08:46 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

Error - 16/01/2012 18:12:05 | Computer Name = Iuri-PC | Source = WinMgmt | ID = 10

 

========== ///// ==========

 

|- Para a correção desse erro ( ID = 10 ),execute o script logo abaixo!

 

trComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" _

& strComputer & "\root\subscription")

 

Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'")

 

set obj2set = obj1.Associators_("__FilterToConsumerBinding")

 

set obj3set = obj1.References_("__FilterToConsumerBinding")

 

For each obj2 in obj2set

WScript.echo "Deleting the object"

WScript.echo obj2.GetObjectText_

obj2.Delete_

next

 

For each obj3 in obj3set

WScript.echo "Deleting the object"

WScript.echo obj3.GetObjectText_

obj3.Delete_

next

 

WScript.echo "Deleting the object"

WScript.echo obj1.GetObjectText_

obj1.Delete_

 

=================================

 

|- Copie estas informações que estão em vermelho,para o Bloco de Notas.

|- Salve-as no desktop,como Test.vbs e tipificando-as para "Todos os arquivos".

|- Feche aplicativos que estejam abertos,e execute esse arquivo ( .vbs ) -> Confirme!

|- Ps: Vá ao log de eventos,no seu Windows Vista,e remova todas as informações referentes à esse erro ,antes de rodar o script. ( ID=10 )

|- Reinicie o computador,após rodar o script!

|- Poste um novo log do OTL,clicando em "Nenhum",para todas as opções de configuração,menos para "Exame extra do registro".

|- Ps: Recomendo aos visitantes não executarem este script em seus computadores,sem supervisão adequada!

 

Abraços!

 

Amigo! Não havendo continuidade deste caso,presume-se que não queira as novas correções. Daqui a 2 dias atingiremos o limite do período para o arquivamento do Tópico. Mas como o problema principal foi solucionado,este Tópico será movido para "Tópicos Resolvidos".

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito