[Resolvido!] Falhas de memória

[Katiane 0]

Eu estou utilizando o Norton, mas quando abro o gerenciamento do computador/desempenho e confiança, aparecem falhas de memória no firefox.exe, svchost.exe(secsvcs) e no mmc.exe. Já tive problemas de o notebook não desligar indo em iniciar/desligar, já tive até que tirar a bateria pra forçar o desligamento. Como posso resolver essas falhas de memória? Qual anti-virus vocês recomendam? Obrigada!!!!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:48:08, on 22/04/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18444)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugin-container.exe

C:\Users\Usuario\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"

O4 - HKLM\..\Run: [WinLogT] C:\Windows\WinLogT.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Conexão Oi Velox] "C:\Program Files (x86)\Oi Velox\Conexão\pppoe.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

 

--

End of file - 7853 bytes

[Katiane 0]

Segue o log do Hijackthis novamente. Agora executei o arquivo como administrador:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:05:43, on 22/04/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18444)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugin-container.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Usuario\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"

O4 - HKLM\..\Run: [WinLogT] C:\Windows\WinLogT.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Conexão Oi Velox] "C:\Program Files (x86)\Oi Velox\Conexão\pppoe.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 

--

End of file - 8407 bytes

[DigRam 144]

Boa Tarde! Katiane

 

<@> Baixe: < Malwarebytes' Anti-Malware >

 

<@> Link - 2: < >

 

<@> Ps: Salve ou imprima estas instruções:

 

- Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.

- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas.

- Clique,à seguir,em Concluir

- Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas.

- Ao final da atualização,com o programa aberto, marque: Verificação Rápida

- Clique no botão Verificar.

- Começará então o exame. -> Aguarde,pois pode demorar!

- Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório.

- Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover".

- Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório.

- Ps: O log será armazenado,automáticamente,pela ferramenta.

- Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa.

<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!

<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.

0000000000000000000

<!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.

<!> Poste,também,HijackThis atualizado.

 

Abraços!

[Katiane 0]

Boa Tarde! Katiane

 

<@> Baixe: < Malwarebytes' Anti-Malware >

 

<@> Link - 2: < >

 

<@> Ps: Salve ou imprima estas instruções:

 

- Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.

- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas.

- Clique,à seguir,em Concluir

- Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas.

- Ao final da atualização,com o programa aberto, marque: Verificação Rápida

- Clique no botão Verificar.

- Começará então o exame. -> Aguarde,pois pode demorar!

- Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório.

- Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover".

- Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório.

- Ps: O log será armazenado,automáticamente,pela ferramenta.

- Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa.

<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!

<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.

0000000000000000000

<!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.

<!> Poste,também,HijackThis atualizado.

 

Abraços!

 

 

Oi, eu tinha feito uma varredura com esse programa no dia 22. Vou enviar esse log do dia 22 e um atual, feito hoje, tá? Segue:

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Versão da Base de Dados: 4021

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

22/04/2010 12:29:26

mbam-log-2010-04-22 (12-29-26).txt

 

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 105696

Tempo decorrido: 2 minuto(s), 45 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 1

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 2

Arquivos Infectados: 6

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files (x86)\RelevantKnowledge\components (Spyware.MarketScore) -> Delete on reboot.

 

Arquivos Infectados:

C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files (x86)\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.

 

Hoje:

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Versão da Base de Dados: 3930

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

25/04/2010 12:58:48

mbam-log-2010-04-25 (12-58-48).txt

 

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 101895

Tempo decorrido: 2 minuto(s), 59 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

Daqui a pouco posto o do hijackthis.

Obrigada!!

[Katiane 0]

O log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:18:28, on 25/04/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18444)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugin-container.exe

C:\Users\Usuario\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"

O4 - HKLM\..\Run: [WinLogT] C:\Windows\WinLogT.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Conexão Oi Velox] "C:\Program Files (x86)\Oi Velox\Conexão\pppoe.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 

--

End of file - 8372 bytes

[DigRam 144]

Boa Tarde! Katiane

 

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output" ou "Resumida".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users" ou "Verificar".

<@> Marque as caixas:

 

<!> [] LOP check ou Verificar Lop e [] Purity check ou Verificar Purity

 

<@> Clique em: < > Verificar --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[Katiane 0]

DigRam, peço mil desculpas pela demora, mas tive contratempos sérios durante essa semana... vou seguir suas instruções e postar.

Obrigada.

 

Segue o relatório OTL:

 

OTL logfile created on: 30/04/2010 12:04:27 - Run 1

OTL by OldTimer - Version 3.2.3.1 Folder = C:\Users\Usuario\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288,09 Gb Total Space | 184,20 Gb Free Space | 63,94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: USUARIO-PC

Current User Name: Usuario

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Usuario\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Usuario\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.6.0.32\ASOEHOOK.DLL (Symantec Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()

SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe ()

SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 10:34:14 | 000,000,000 | ---D | M]

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Ironx64.SYS ()

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1106000.020\SRTSP64.SYS ()

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SRTSPX64.SYS ()

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ccHPx64.sys ()

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()

DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1106000.020\SYMTDIV.SYS ()

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SYMEFA64.SYS ()

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SYMDS64.SYS ()

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()

DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\DRIVERS\vcsvad.sys ()

DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys ()

DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys ()

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys ()

DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys ()

DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys ()

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()

DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys ()

DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys ()

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()

DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()

DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()

DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys ()

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()

DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()

DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS ()

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100429.049\EX64.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100429.049\ENG64.SYS (Symantec Corporation)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

IE - HKU\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm

IE - HKU\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-810750167-987513962-2786433228-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-810750167-987513962-2786433228-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.10.4

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {f4c23ca5-ed6c-4376-80ad-62f9161a7286}:2.5.8.6

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/04/26 19:09:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/16 23:20:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2010/04/19 00:26:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2010/04/24 12:08:07 | 000,000,000 | ---D | M]

 

[2010/01/04 15:07:11 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\mozilla\Extensions

[2010/04/29 19:07:42 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\i0lbbbcf.default\extensions

[2010/03/07 17:59:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\i0lbbbcf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/07 23:49:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\i0lbbbcf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/04/03 12:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\i0lbbbcf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2010/04/23 13:04:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\i0lbbbcf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/03/21 18:33:55 | 000,000,000 | ---D | M] (Online Radio Brazil Toolbar) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\i0lbbbcf.default\extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}

[2010/01/15 11:01:00 | 000,002,235 | ---- | M] () -- C:\Users\Usuario\AppData\Roaming\Mozilla\FireFox\Profiles\i0lbbbcf.default\searchplugins\askcom.xml

[2010/03/07 17:17:31 | 000,001,926 | ---- | M] () -- C:\Users\Usuario\AppData\Roaming\Mozilla\FireFox\Profiles\i0lbbbcf.default\searchplugins\google-books.xml

 

O1 HOSTS File: ([2010/03/26 20:56:07 | 000,000,845 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-810750167-987513962-2786433228-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [WinLogT] C:\Windows\WinLogT.exe (LightComm)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [Conexão Oi Velox] C:\Program Files (x86)\Oi Velox\Conexão\pppoe.exe File not found

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Usuario\Pictures\img24.jpg

O24 - Desktop BackupWallPaper: C:\Users\Usuario\Pictures\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\AutoRun\command - "" = McNbQT.EXe

O33 - MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\OPEn\cOMMaND - "" = mCNbQT.EXe

O33 - MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\Shell\AutoRun\command - "" = D:\moodle.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/04/30 11:59:01 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe

[2010/04/25 19:43:43 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\My Games

[2010/04/25 19:22:51 | 000,000,000 | RH-D | C] -- C:\Users\Usuario\AppData\Roaming\SecuROM

[2010/04/25 18:12:08 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2010/04/25 18:11:49 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2010/04/25 18:11:49 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2010/04/25 18:11:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2010/04/25 18:11:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2010/04/25 18:11:47 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2010/04/25 18:11:47 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2010/04/25 18:11:46 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2010/04/25 18:11:45 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll

[2010/04/25 18:11:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll

[2010/04/25 18:11:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll

[2010/04/25 18:11:42 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll

[2010/04/25 18:11:42 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll

[2010/04/25 18:11:39 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll

[2010/04/25 18:11:38 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll

[2010/04/25 18:11:37 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll

[2010/04/25 18:11:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll

[2010/04/25 18:11:36 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll

[2010/04/25 18:11:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll

[2010/04/25 18:11:34 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll

[2010/04/25 18:11:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll

[2010/04/25 18:11:33 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll

[2010/04/25 18:11:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll

[2010/04/25 18:11:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll

[2010/04/25 18:11:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll

[2010/04/25 18:11:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll

[2010/04/25 18:11:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll

[2010/04/25 18:11:30 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll

[2010/04/25 18:11:29 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll

[2010/04/25 18:11:28 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll

[2010/04/25 18:11:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll

[2010/04/25 18:11:27 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2010/04/25 18:11:26 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll

[2010/04/25 18:11:25 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll

[2010/04/25 18:11:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll

[2010/04/25 18:11:23 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll

[2010/04/25 18:11:23 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll

[2010/04/25 18:11:23 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll

[2010/04/25 18:11:22 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

[2010/04/25 18:11:21 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll

[2010/04/25 18:11:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll

[2010/04/25 18:11:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll

[2010/04/25 18:11:19 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll

[2010/04/25 18:11:17 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll

[2010/04/25 18:11:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2010/04/25 18:11:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll

[2010/04/25 18:11:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll

[2010/04/25 18:11:04 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll

[2010/04/25 18:11:02 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2010/04/25 18:11:00 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll

[2010/04/25 18:10:57 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll

[2010/04/25 18:10:55 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll

[2010/04/25 18:10:54 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll

[2010/04/25 18:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2010/04/25 17:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2010/04/25 12:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/04/23 12:26:21 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\My Art

[2010/04/23 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\NPS

[2010/04/23 02:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/04/23 02:33:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/04/23 02:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/04/22 12:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE

[2010/04/20 13:20:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\PC Suite

[2010/04/20 13:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite

[2010/04/20 13:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG

[2010/04/20 13:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2010/04/20 13:17:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers

[2010/04/20 13:17:32 | 000,024,064 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe

[2010/04/20 13:17:32 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys

[2010/04/20 13:17:31 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\My NPS Files

[2010/04/20 13:17:19 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Samsung

[2010/04/20 13:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny

[2010/04/20 13:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

[2010/04/20 13:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

[2010/04/20 13:13:11 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Downloaded Installations

[2010/04/18 21:33:40 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\Quick3DCover

[2010/04/16 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Box Shot 3D

[2010/04/15 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\projeto

[2010/04/14 00:44:02 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll

[2010/04/14 00:43:58 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm

[2010/04/14 00:37:34 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

[2010/04/14 00:37:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2010/04/10 16:34:11 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Houaiss3

[2010/04/10 16:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Houaiss3

[2010/04/10 16:02:13 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite

[2010/04/10 16:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2010/04/09 12:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Houaiss

[2010/04/05 01:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode

[2010/04/04 22:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest

[2010/04/04 22:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5

[2010/04/04 22:21:10 | 000,311,296 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\Windows\SysWow64\TubeFinder.exe

[2010/04/04 22:21:08 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL

[2010/04/04 22:21:08 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL

[2010/04/04 22:21:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL

[2010/04/04 22:21:08 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX

[2010/04/04 22:21:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL

[2010/04/04 22:21:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL

[2010/04/04 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\FreeFLVConverter

[2010/04/04 22:21:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter

[2010/04/03 17:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player

[2010/04/02 22:46:32 | 000,000,000 | ---D | C] -- C:\Users\Usuario\EasyPHP5.3.0

[2010/04/02 20:22:43 | 000,000,000 | ---D | C] -- C:\wamp

[2010/04/02 19:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyPHP-5.3.2

[2010/04/02 16:36:54 | 000,000,000 | ---D | C] -- C:\xampp

 

========== Files - Modified Within 30 Days ==========

 

[2010/04/30 12:01:22 | 005,242,880 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT

[2010/04/30 12:00:24 | 000,049,965 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/04/30 11:59:40 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe

[2010/04/30 11:34:46 | 000,799,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/04/30 11:34:46 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/04/30 11:34:46 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/04/30 11:34:46 | 000,096,532 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2010/04/30 11:34:46 | 000,019,676 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2010/04/30 11:28:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/04/30 11:28:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/04/30 11:28:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2010/04/30 11:28:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/04/30 11:28:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/04/30 01:01:24 | 000,524,288 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/04/30 01:01:24 | 000,065,536 | -HS- | M] () -- C:\Users\Usuario\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/04/30 01:01:15 | 003,089,867 | -H-- | M] () -- C:\Users\Usuario\AppData\Local\IconCache.db

[2010/04/30 01:00:34 | 000,049,965 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/04/30 00:00:35 | 002,270,396 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB

[2010/04/29 19:39:15 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A530EAE7-D497-48B4-B14B-0B2762A47542}.job

[2010/04/29 18:18:31 | 000,361,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/04/28 18:42:50 | 000,007,592 | ---- | M] () -- C:\Users\Usuario\AppData\Local\d3d9caps.dat

[2010/04/25 22:24:17 | 000,001,052 | ---- | M] () -- C:\Users\Usuario\Desktop\FarCry2 - Atalho.lnk

[2010/04/25 18:12:08 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2010/04/25 18:09:04 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/04/25 18:08:53 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe

[2010/04/25 18:08:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/04/25 17:33:22 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2010/04/25 14:59:01 | 000,162,816 | ---- | M] () -- C:\Users\Usuario\Documents\Roteiro para estudo interativo_Crase(2).doc

[2010/04/25 12:34:44 | 000,000,265 | ---- | M] () -- C:\Windows\win.ini

[2010/04/24 14:00:14 | 000,090,216 | ---- | M] () -- C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/04/24 01:59:01 | 000,029,696 | ---- | M] () -- C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/23 11:25:37 | 000,021,501 | ---- | M] () -- C:\Users\Usuario\.recently-used.xbel

[2010/04/23 02:36:13 | 000,000,418 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/04/20 13:16:44 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk

[2010/04/20 13:13:25 | 000,104,448 | ---- | M] () -- C:\1046.MST

[2010/04/20 13:12:58 | 000,014,498 | ---- | M] () -- C:\0x0416.ini

[2010/04/15 14:51:31 | 000,010,972 | ---- | M] () -- C:\Users\Usuario\Documents\home2.html

[2010/04/15 14:42:39 | 000,015,928 | ---- | M] () -- C:\Users\Usuario\Documents\home.html

[2010/04/10 16:34:11 | 000,000,784 | ---- | M] () -- C:\Users\Usuario\Desktop\Dicionário eletrônico Houaiss 3.lnk

[2010/04/10 16:03:37 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2010/04/08 20:20:33 | 000,020,992 | ---- | M] () -- C:\Windows\jestertb.dll

[2010/04/07 13:19:56 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2010/04/05 01:18:34 | 000,000,908 | ---- | M] () -- C:\Users\Usuario\Desktop\XMedia Recode.lnk

[2010/04/03 19:19:12 | 000,004,096 | -H-- | M] () -- C:\Users\Usuario\AppData\Local\keyfile3.drm

[2010/04/03 17:16:15 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Media Player.lnk

 

========== Files Created - No Company Name ==========

 

[2010/04/25 22:24:17 | 000,001,052 | ---- | C] () -- C:\Users\Usuario\Desktop\FarCry2 - Atalho.lnk

[2010/04/25 18:11:49 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll

[2010/04/25 18:11:49 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll

[2010/04/25 18:11:48 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll

[2010/04/25 18:11:48 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll

[2010/04/25 18:11:47 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll

[2010/04/25 18:11:47 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll

[2010/04/25 18:11:46 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll

[2010/04/25 18:11:45 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll

[2010/04/25 18:11:44 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll

[2010/04/25 18:11:43 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll

[2010/04/25 18:11:42 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll

[2010/04/25 18:11:42 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll

[2010/04/25 18:11:39 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll

[2010/04/25 18:11:38 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll

[2010/04/25 18:11:37 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll

[2010/04/25 18:11:37 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll

[2010/04/25 18:11:36 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll

[2010/04/25 18:11:35 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll

[2010/04/25 18:11:34 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll

[2010/04/25 18:11:34 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll

[2010/04/25 18:11:33 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll

[2010/04/25 18:11:32 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll

[2010/04/25 18:11:32 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll

[2010/04/25 18:11:31 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll

[2010/04/25 18:11:31 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll

[2010/04/25 18:11:30 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll

[2010/04/25 18:11:30 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll

[2010/04/25 18:11:29 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll

[2010/04/25 18:11:28 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll

[2010/04/25 18:11:28 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll

[2010/04/25 18:11:27 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll

[2010/04/25 18:11:26 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll

[2010/04/25 18:11:25 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll

[2010/04/25 18:11:24 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll

[2010/04/25 18:11:23 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll

[2010/04/25 18:11:23 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll

[2010/04/25 18:11:23 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll

[2010/04/25 18:11:22 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll

[2010/04/25 18:11:21 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll

[2010/04/25 18:11:20 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll

[2010/04/25 18:11:20 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll

[2010/04/25 18:11:19 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll

[2010/04/25 18:11:17 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll

[2010/04/25 18:11:08 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll

[2010/04/25 18:11:06 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll

[2010/04/25 18:11:06 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll

[2010/04/25 18:11:04 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll

[2010/04/25 18:11:02 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll

[2010/04/25 18:11:00 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll

[2010/04/25 18:10:57 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll

[2010/04/25 18:10:55 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll

[2010/04/25 18:10:54 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll

[2010/04/25 18:09:00 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/04/25 18:08:53 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010/04/25 18:08:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/04/25 17:33:22 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2010/04/23 11:25:37 | 000,021,501 | ---- | C] () -- C:\Users\Usuario\.recently-used.xbel

[2010/04/22 19:10:14 | 000,162,816 | ---- | C] () -- C:\Users\Usuario\Documents\Roteiro para estudo interativo_Crase(2).doc

[2010/04/20 13:18:43 | 000,525,792 | ---- | C] () -- C:\Windows\SysNative\DIFxAPI.dll

[2010/04/20 13:18:37 | 000,066,560 | ---- | C] () -- C:\Windows\SysNative\nmwcdclsx64.dll

[2010/04/20 13:18:36 | 000,029,184 | ---- | C] () -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys

[2010/04/20 13:17:32 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\FsExService64.exe

[2010/04/20 13:17:32 | 000,016,392 | ---- | C] () -- C:\Windows\SysNative\drivers\TFsExDisk.sys

[2010/04/20 13:16:44 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk

[2010/04/20 13:13:57 | 000,104,448 | ---- | C] () -- C:\1046.MST

[2010/04/20 13:13:57 | 000,014,498 | ---- | C] () -- C:\0x0416.ini

[2010/04/15 14:51:30 | 000,010,972 | ---- | C] () -- C:\Users\Usuario\Documents\home2.html

[2010/04/15 14:42:34 | 000,015,928 | ---- | C] () -- C:\Users\Usuario\Documents\home.html

[2010/04/14 00:44:35 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys

[2010/04/14 00:44:35 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll

[2010/04/14 00:44:35 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys

[2010/04/14 00:44:24 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys

[2010/04/14 00:44:24 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys

[2010/04/14 00:44:24 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys

[2010/04/14 00:44:22 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe

[2010/04/14 00:44:02 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll

[2010/04/14 00:43:58 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm

[2010/04/14 00:37:34 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll

[2010/04/14 00:37:10 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll

[2010/04/10 16:34:10 | 000,000,784 | ---- | C] () -- C:\Users\Usuario\Desktop\Dicionário eletrônico Houaiss 3.lnk

[2010/04/10 16:07:02 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A530EAE7-D497-48B4-B14B-0B2762A47542}.job

[2010/04/08 20:20:33 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll

[2010/04/05 01:18:34 | 000,000,908 | ---- | C] () -- C:\Users\Usuario\Desktop\XMedia Recode.lnk

[2010/04/04 22:21:08 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx

[2010/04/04 22:21:08 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb

[2010/04/04 22:21:08 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx

[2010/04/03 19:19:12 | 000,004,096 | -H-- | C] () -- C:\Users\Usuario\AppData\Local\keyfile3.drm

[2010/04/03 17:16:15 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Media Player.lnk

[2010/01/06 15:56:54 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 23:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2005/09/29 14:42:56 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\linstall.dll

[2005/06/10 08:56:06 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll

[2005/06/10 08:55:04 | 000,123,904 | ---- | C] () -- C:\Windows\SysWow64\ZipDll.dll

[2004/05/13 18:14:58 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\opencrypto.dll

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

 

========== LOP Check ==========

 

[2010/03/07 12:39:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\adma

[2010/03/01 20:56:47 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Avnex

[2010/04/10 16:29:24 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite

[2010/01/26 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Elluminate

[2010/04/04 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\FreeFLVConverter

[2010/04/23 11:24:54 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\gtk-2.0

[2010/04/10 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Houaiss3

[2010/01/28 08:20:34 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Lightcomm

[2010/01/04 14:09:39 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Ludia

[2010/04/20 13:20:26 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PC Suite

[2010/01/14 17:33:49 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\REAPER

[2010/04/20 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Samsung

[2010/01/06 10:57:43 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Template

[2010/02/05 20:43:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TitanicMystery

[2010/01/04 13:24:01 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\WildTangent

[2010/04/30 01:01:20 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/04/29 19:39:15 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A530EAE7-D497-48B4-B14B-0B2762A47542}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >

 

Agora, o "Extras":

 

OTL Extras logfile created on: 30/04/2010 12:04:27 - Run 1

OTL by OldTimer - Version 3.2.3.1 Folder = C:\Users\Usuario\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288,09 Gb Total Space | 184,20 Gb Free Space | 63,94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: USUARIO-PC

Current User Name: Usuario

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UacDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirstRunDisabled" = 0

"UacDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02736791-ED02-45A0-AD11-AF1FAA17D1B8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |

"{03AE3B10-ED37-49CF-A786-8A3313F8BDCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{078E5463-1A1B-41A9-AC46-6930B7E34A15}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |

"{0AA2F5A4-BCEA-402F-B881-FEBE5E02BAC1}" = rport=2869 | protocol=6 | dir=out | app=system |

"{264E7477-B4E8-4AA4-8B6D-C7079014082F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |

"{28A52FC2-A9CB-4823-9AF9-F8E400697902}" = lport=138 | protocol=17 | dir=in | app=system |

"{2A5BD510-104E-448B-B05E-4B63B14A338B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |

"{31C6907F-BCB0-4342-8C71-491543FC9BA2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{348B58F1-1CD0-4E12-A8E5-2A40CD8E9E36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4F7ED3BB-8D6B-4D13-895A-E223F35CC9D2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{58D3B598-975F-4164-B7E3-E0582F0FCE2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{5C8B3073-0CE9-40CB-8BF1-21DCA58C1A39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{89B10242-E455-4732-BF9D-978C2D303B60}" = rport=138 | protocol=17 | dir=out | app=system |

"{8B27712A-DD51-4CEF-BC5B-18E58AE8AAB4}" = lport=445 | protocol=6 | dir=in | app=system |

"{8D347BD3-E481-490C-9B4B-DB2B7FFC6389}" = rport=137 | protocol=17 | dir=out | app=system |

"{B0997491-A86A-4E0A-8E44-FD48E8393205}" = rport=445 | protocol=6 | dir=out | app=system |

"{BE9B4B1B-5B1B-4974-AB28-8F25C8E4B43A}" = rport=139 | protocol=6 | dir=out | app=system |

"{C0B726D6-FA78-4179-9592-C27394D4A391}" = lport=137 | protocol=17 | dir=in | app=system |

"{D199544B-E72C-4552-9A3B-256BCA4E31F0}" = lport=139 | protocol=6 | dir=in | app=system |

"{E9A5845D-424C-49E2-9B33-05555D3CB881}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{F91536E2-F437-4C3F-810B-672ACBA4F768}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F9F746B7-A284-4800-A573-968E60603153}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{088E5CFF-4735-4B65-90B9-6F7A497BC294}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |

"{24C6A949-F095-432F-905A-78451F0B86D6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |

"{38896274-D83E-483A-8C9C-BA820F0067DE}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{3A3FE81A-2906-4919-B2F9-A657483CA984}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |

"{500E29F7-FF08-40F5-BD84-85AB55223ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{597FA061-93ED-480D-8C9E-06FA9C48DE35}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |

"{64C4D58B-322D-4036-AE39-7E6C995FCF04}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |

"{652750CF-589C-4EB6-8D38-3CED0DDCF2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |

"{678D63AC-982E-4CBD-8434-681408260097}" = protocol=6 | dir=in | app=c:\users\usuario\appdata\local\temp\~oscecf.tmp\rlvknlg.exe |

"{68131BAD-0CF1-4F37-82F8-2ABADFD85E33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{745CF89B-4AE3-4AF3-B38E-5F56454C056E}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |

"{74FAFE6E-57C3-4B1C-9FFD-EA1DE1ACBE85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{7ACDB9C0-F545-44B6-90FF-CB5804F65FFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7D3AEE75-0406-4EAA-A884-1DD602E08675}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{7E02EBA4-751A-4BEA-A494-B1F1FBB6B3A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |

"{8566AE8E-AE7B-49F5-99E9-452027BEB5E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8DAE35AF-221E-4CE4-8433-6C9BD6BFA53E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |

"{8E890454-8F33-4788-A689-9976F74513D4}" = protocol=58 | dir=in | name=compartilhamento de conexão com a internet (solicitação de roteador de entrada) |

"{97891A74-7932-4EE0-9483-D58620AADAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |

"{A6E317BD-8B6D-46EF-9946-B4760D76C010}" = protocol=6 | dir=in | app=c:\windows\temp\~os416.tmp\rlvknlg.exe |

"{AF1C50BB-1CF4-4B12-B9AF-F87718CA3BC9}" = protocol=6 | dir=in | app=c:\windows\temp\~os1f24.tmp\rlvknlg.exe |

"{BDADD764-6653-4474-8B6B-57C35A352DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |

"{BDF8801D-ACC0-4855-A388-4052169F8FD1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C0A5D5AD-5B32-4241-90AE-ABCCA8CD2F88}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{C3E83CCF-47E3-40CD-A093-C40ABFC9BD3B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |

"{C5692410-E632-4564-84A9-1C946E117982}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{D0C1DF64-F83E-467A-BCA6-BBF3D6520C7F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{D2927204-B5A5-48DC-9213-6B7D965F5E10}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{F1A6ADDA-2979-4F46-A7BB-9C7133A344FA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |

"{F2D67A45-872E-436B-A673-216B305AAE21}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{FE625E9F-9CC9-46BD-A883-4404E3676A24}" = protocol=6 | dir=in | app=c:\windows\temp\~osb259.tmp\rlvknlg.exe |

"TCP Query User{62121ABE-46B9-4514-AD5C-2183FE11EDDA}C:\users\usuario\downloads\medal of honor allied assault\medal of honor allied assault\mohaa.exe" = protocol=6 | dir=in | app=c:\users\usuario\downloads\medal of honor allied assault\medal of honor allied assault\mohaa.exe |

"UDP Query User{87342F1E-E39A-4DE7-998C-3B883FD4C7C6}C:\users\usuario\downloads\medal of honor allied assault\medal of honor allied assault\mohaa.exe" = protocol=17 | dir=in | app=c:\users\usuario\downloads\medal of honor allied assault\medal of honor allied assault\mohaa.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver

"{E3015C78-C196-4039-A279-9959940083DE}" = O2Micro Flash Memory Card Reader Driver (x64)

"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Pacote de Driver do Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software

"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR archiver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 18

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix

"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway

"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup

"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.0 PRO

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C92A5A89-B218-46F7-8898-77C52113FFE0}" = Adobe Setup

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3

"Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3

"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0

"Audacity_is1" = Audacity 1.2.6

"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Dicionário eletrônico Houaiss da língua portuguesa_is1" = Dicionário eletrônico Houaiss 3.0

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"Kit Velox Start_is1" = LightComm Start 1.0

"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15

"Money2007b" = Microsoft Money Essentials

"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)

"NIS" = Norton Internet Security

"Programador de Modem_is1" = LightModem 3.0

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 12.0" = RealPlayer

"WildTangent gateway Master Uninstall" = Gateway Games

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite_Wave3" = Windows Live Essentials

"XMedia Recode" = XMedia Recode 2.2.1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-810750167-987513962-2786433228-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 20/04/2010 12:17:37 | Computer Name = Usuario-PC | Source = Application Error | ID = 1000

Description = Aplicativo com falha New_PC_Studio_1.2.0.IG3_9.exe, versão 15.0.0.591,

carimbo de data/hora 0x48c8b2ef, módulo com falha ISSetup.dll, versão 15.0.0.591,

carimbo de data/hora 0x48c89fcc, código de exceção 0xc0000005, deslocamento com

falha 0x0009a5d1, identificação do processo 0x1c5c, hora de início do aplicativo

0x01cae0a4562c63d6.

 

Error - 20/04/2010 21:38:46 | Computer Name = Usuario-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 21/04/2010 10:51:14 | Computer Name = Usuario-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 21/04/2010 14:05:06 | Computer Name = Usuario-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

 

Error - 21/04/2010 14:05:06 | Computer Name = Usuario-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

 

Error - 22/04/2010 10:17:20 | Computer Name = Usuario-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 22/04/2010 10:47:58 | Computer Name = Usuario-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

 

Error - 22/04/2010 10:48:11 | Computer Name = Usuario-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

 

Error - 22/04/2010 11:33:59 | Computer Name = Usuario-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 22/04/2010 12:16:59 | Computer Name = Usuario-PC | Source = WinMgmt | ID = 10

Description =

 

[ System Events ]

Error - 22/02/2010 10:35:53 | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 23/02/2010 04:51:49 | Computer Name = Usuario-PC | Source = HTTP | ID = 15016

Description =

 

Error - 23/02/2010 04:53:11 | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 23/02/2010 07:42:05 | Computer Name = Usuario-PC | Source = ipnathlp | ID = 31004

Description = O agente proxy DNS não pôde alocar 0 byte(s) de memória. Talvez isso

indique que o sistema esteja com memória virtual insuficiente ou que o gerenciador

de memória encontrou um erro interno.

 

Error - 23/02/2010 07:42:07 | Computer Name = Usuario-PC | Source = ipnathlp | ID = 31004

Description = O agente proxy DNS não pôde alocar 0 byte(s) de memória. Talvez isso

indique que o sistema esteja com memória virtual insuficiente ou que o gerenciador

de memória encontrou um erro interno.

 

Error - 23/02/2010 07:42:19 | Computer Name = Usuario-PC | Source = ipnathlp | ID = 31004

Description = O agente proxy DNS não pôde alocar 0 byte(s) de memória. Talvez isso

indique que o sistema esteja com memória virtual insuficiente ou que o gerenciador

de memória encontrou um erro interno.

 

Error - 24/02/2010 08:29:41 | Computer Name = Usuario-PC | Source = HTTP | ID = 15016

Description =

 

Error - 24/02/2010 08:31:03 | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 24/02/2010 09:06:32 | Computer Name = Usuario-PC | Source = ipnathlp | ID = 31004

Description = O agente proxy DNS não pôde alocar 0 byte(s) de memória. Talvez isso

indique que o sistema esteja com memória virtual insuficiente ou que o gerenciador

de memória encontrou um erro interno.

 

Error - 24/02/2010 09:06:37 | Computer Name = Usuario-PC | Source = ipnathlp | ID = 31004

Description = O agente proxy DNS não pôde alocar 0 byte(s) de memória. Talvez isso

indique que o sistema esteja com memória virtual insuficiente ou que o gerenciador

de memória encontrou um erro interno.

 

 

< End of report >

[DigRam 144]

Bom Dia! Katiane

 

<@> Execute o OTL.exe.

<@> Copie e cole estas informações,que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:otl

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [Conexão Oi Velox] C:\Program Files (x86)\Oi Velox\Conexão\pppoe.exe File not found

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O33 - MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\AutoRun\command - "" = McNbQT.EXe

O33 - MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\OPEn\cOMMaND - "" = mCNbQT.EXe

O33 - MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\Shell\AutoRun\command - "" = D:\moodle.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

:Commands

[purity]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

0000000000000000000000

0000000000000000000000

<@> Baixe: < > ( by Nicolas Coolman )

<@> Descompacte-o para Arquivos de programas.

<@> Na pasta ZHPDiag,busque o ícone Diagnostic Tool. <-- Ícone do pergaminho!

<@> Instale-a e faça a verificação clicando em "Lancer le diagnostic". <-- Ícone da lupa!

<@> Aguarde sua finalização!

<@> Clique no menu "Copier dans le presse-papier". <-- Ícone da máquina fotográfica!

<@> Abra o "Bloco de Notas" --> Cole o relatório. ( Ctrl + V )

<@> Poste: Rapport de ZHPDiag v1.25.1343 <-- Texto!

 

Abraços!

[Katiane 0]

Bom Dia! Katiane

 

<@> Execute o OTL.exe.

<@> Copie e cole estas informações,que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:otl

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [Conexão Oi Velox] C:\Program Files (x86)\Oi Velox\Conexão\pppoe.exe File not found

O4 - HKU\S-1-5-21-810750167-987513962-2786433228-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O33 - MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\AutoRun\command - "" = McNbQT.EXe

O33 - MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\OPEn\cOMMaND - "" = mCNbQT.EXe

O33 - MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\Shell - "" = AutoRun

O33 - MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

O33 - MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\Shell\AutoRun\command - "" = D:\moodle.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

:Commands

[purity]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

0000000000000000000000

0000000000000000000000

<@> Baixe: < > ( by Nicolas Coolman )

<@> Descompacte-o para Arquivos de programas.

<@> Na pasta ZHPDiag,busque o ícone Diagnostic Tool. <-- Ícone do pergaminho!

<@> Instale-a e faça a verificação clicando em "Lancer le diagnostic". <-- Ícone da lupa!

<@> Aguarde sua finalização!

<@> Clique no menu "Copier dans le presse-papier". <-- Ícone da máquina fotográfica!

<@> Abra o "Bloco de Notas" --> Cole o relatório. ( Ctrl + V )

<@> Poste: Rapport de ZHPDiag v1.25.1343 <-- Texto!

 

Abraços!

 

 

Oi! Fiz a primeira parte. O relatório do OTL segue:

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.

Registry value HKEY_USERS\S-1-5-21-810750167-987513962-2786433228-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Conexão Oi Velox deleted successfully.

Registry value HKEY_USERS\S-1-5-21-810750167-987513962-2786433228-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\ not found.

File McNbQT.EXe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\ not found.

File mCNbQT.EXe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efdf60a-5082-11df-87a2-001d72ef4ac4}\ not found.

File E:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83bc6885-0103-11df-9286-001d72ef4ac4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83bc6885-0103-11df-9286-001d72ef4ac4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83bc6885-0103-11df-9286-001d72ef4ac4}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83bc6888-0103-11df-9286-001d72ef4ac4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83bc6888-0103-11df-9286-001d72ef4ac4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83bc6888-0103-11df-9286-001d72ef4ac4}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed4a3858-0284-11de-ba78-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed4a3858-0284-11de-ba78-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed4a3858-0284-11de-ba78-806e6f6e6963}\ not found.

File D:\moodle.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.

ADS C:\ProgramData\TEMP:D74B6CF5 deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Usuario

->Temp folder emptied: 73208356 bytes

->Temporary Internet Files folder emptied: 24518238 bytes

->Java cache emptied: 37757869 bytes

->FireFox cache emptied: 82280244 bytes

->Flash cache emptied: 49215 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 145212210 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 302162 bytes

 

Total Files Cleaned = 347,00 mb

 

 

OTL by OldTimer - Version 3.2.3.1 log created on 05012010_121212

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[Katiane 0]

Relatório do ZHPDiag:

 

Rapport de ZHPDiag v1.25.1415 par Nicolas Coolman

Run by Usuario at 01/05/2010 13:16:01

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

 

---\\ Web Browser

MSIE: Internet Explorer v7.0.6001.18000

MFIE: Mozilla Firefox (3.6.4)

 

---\\ System Information

Platform : Windows Vista Home Premium (6.0.6001)

Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel

Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4090 MB (58% free)

System drive C: has 188 GB (65%) free of 288 GB

 

---\\ Logged in mode

Computer Name: USUARIO-PC

User Name: Usuario

Unselected Option: O1,O45,O61,O65

Logged in as User

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 188 Go of 288 Go)

D:\ CD-ROM drive (Not Inserted)

E:\ CD-ROM drive (Not Inserted)

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK

 

 

---\\ Processus lancés

[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040]

[MD5.6A64D85B2D9B60E4DA81DE544E41C2BD] - (.Chicony - traybar.) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe [638976]

[MD5.E3925E45316673BFE67ED0820D0B68A4] - (.LightComm - Register Connection.) -- C:\Windows\WinLogT.exe [379392]

[MD5.65437DAD4F238EA9549408A783002222] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe [138240]

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=explorer.exe

 

 

---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

 

---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16386 (vista_rtm.061101-2205)) -- C:\Windows\SysWOW64\ieframe.dll

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

 

 

---\\ Applications démarrées automatiquement par le registre (O4)

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [Camera Assistant Software] . (.Chicony - traybar.) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe

O4 - HKLM\..\Run: [WinLogT] . (.LightComm - Register Connection.) -- C:\Windows\WinLogT.exe

O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xport to Microsoft Excel - (.not file.) - C:\PROGRA~2\MICROS~2\Office12\EXCEL.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.exe

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~2\MICROS~2\OFFICE11\REFBARH.ICO

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\SysWOW64\webcheck.dll

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\system32\browseui.dll

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{A530EAE7-D497-48B4-B14B-0B2762A47542}.job

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Pas de propriétaire - Pas de description.) -- "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r124.) -- C:\Windows\SysWow64\Macromed\Flash\Flash9f.ocx

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM]

O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe CMaps CS4 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Default Language CS4 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Dreamweaver CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Extension Manager CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Fireworks CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe PDF Library Files CS4 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Type Support CS4 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: AoA Audio Extractor 1.0 - (.AoAMedia.Com.) [HKLM]

O42 - Logiciel: Assistente de Conexão do Windows Live - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: BigFix - (.BigFix.) [HKLM]

O42 - Logiciel: Camera Assistant Software for Gateway - (.Chicony Electronics Co.,Ltd..) [HKLM]

O42 - Logiciel: Camtasia Studio 6 - (.TechSmith Corporation.) [HKLM]

O42 - Logiciel: Compatibility Pack for the 2007 Office system - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM]

O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM]

O42 - Logiciel: Dicionário eletrônico Houaiss 3.0 - (.Editora Objetiva.) [HKLM]

O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM]

O42 - Logiciel: Far Cry 2 - (.Ubisoft.) [HKLM]

O42 - Logiciel: Ferramenta de Carregamento do Windows Live - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: GIMP 2.6.8 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Gateway Games - (.WildTangent.) [HKLM]

O42 - Logiciel: Gateway Recovery Management - (.Acer Incorporated.) [HKLM]

O42 - Logiciel: GearDrvs - (.GEAR Software.) [HKLM]

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Java 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM]

O42 - Logiciel: Java 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM]

O42 - Logiciel: LADSPA_plugins-win-0.4.15 - (.Audacity Team.) [HKLM]

O42 - Logiciel: LightComm Start 1.0 - (.LightComm.) [HKLM]

O42 - Logiciel: LightModem 3.0 - (.LightComm.) [HKLM]

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM]

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Money Essentials - (.Microsoft.) [HKLM]

O42 - Logiciel: Microsoft Money Shared Libraries - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (English) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Professional Edição 2003 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office Suite Activation Assistant - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Mozilla Firefox (3.6.4) - (.Mozilla.) [HKLM]

O42 - Logiciel: Napster - (.Napster.) [HKLM]

O42 - Logiciel: Napster Burn Engine - (.Roxio.) [HKLM]

O42 - Logiciel: Norton 360 - (.Symantec Corporation.) [HKLM]

O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM]

O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM]

O42 - Logiciel: PunkBuster Services - (.Even Balance, Inc..) [HKLM]

O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM]

O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM]

O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM]

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: VC80CRTRedist - 8.0.50727.762 - (.DivX, Inc.) [HKLM]

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: XMedia Recode 2.2.1.0 - (.Sebastian Dörfler.) [HKLM]

O42 - Logiciel: iClone v4.0 PRO - (.Reallusion Inc..) [HKLM]

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\2015]

[HKCU\Software\Adobe]

[HKCU\Software\Alcohol Soft]

[HKCU\Software\Alex Feinman]

[HKCU\Software\AppDataLow]

[HKCU\Software\Audacity]

[HKCU\Software\BigFix]

[HKCU\Software\Boxshot3D]

[HKCU\Software\CEC_CM_SW]

[HKCU\Software\CamStudioOpenSource for Nick]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Corel]

[HKCU\Software\CyberLink]

[HKCU\Software\Cygnus Solutions]

[HKCU\Software\DT Soft]

[HKCU\Software\Debugmode]

[HKCU\Software\DivXNetworks]

[HKCU\Software\Flock]

[HKCU\Software\Freeware]

[HKCU\Software\Froggie]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\GbPlugin]

[HKCU\Software\GoldWave]

[HKCU\Software\Google]

[HKCU\Software\IM Providers]

[HKCU\Software\JavaSoft]

[HKCU\Software\KillBox]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Macromedia]

[HKCU\Software\MainConcept (Consumer)]

[HKCU\Software\MainConcept]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Mobileleader]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\NVIDIA Corporation]

[HKCU\Software\Netscape]

[HKCU\Software\Norton]

[HKCU\Software\ODBC]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\RealNetworks]

[HKCU\Software\Reallusion]

[HKCU\Software\RegisteredApplications]

[HKCU\Software\Samsung]

[HKCU\Software\SecuROM]

[HKCU\Software\Softonic]

[HKCU\Software\SpeedBit]

[HKCU\Software\Synaptics]

[HKCU\Software\TechSmith]

[HKCU\Software\Test3D]

[HKCU\Software\Trolltech]

[HKCU\Software\Ubisoft]

[HKCU\Software\VS Revo Group]

[HKCU\Software\VirtualDub.org]

[HKCU\Software\WinAbility]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Wow6432Node]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\fv]

[HKCU\Software\nervepreserve]

[HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec]

[HKLM\Software\Acer Incorporated]

[HKLM\Software\Acer]

[HKLM\Software\Adobe]

[HKLM\Software\Alcohol Soft]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Avnex]

[HKLM\Software\BigFix]

[HKLM\Software\CDDB]

[HKLM\Software\Chicony Electronics Co.,Ltd.]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\CyberLink]

[HKLM\Software\Cygnus Solutions]

[HKLM\Software\DT Soft]

[HKLM\Software\DebugMode]

[HKLM\Software\Debug]

[HKLM\Software\Digital River]

[HKLM\Software\DivXNetworks]

[HKLM\Software\Editora Objetiva]

[HKLM\Software\Even Balance]

[HKLM\Software\Google]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\Interface]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Licenses]

[HKLM\Software\LightComm]

[HKLM\Software\Macromedia]

[HKLM\Software\Macrovision]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\MarkAny]

[HKLM\Software\Marvell]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Napster]

[HKLM\Software\Norton]

[HKLM\Software\ODBC]

[HKLM\Software\Oi]

[HKLM\Software\OldTimer Tools]

[HKLM\Software\PC Connectivity Solution]

[HKLM\Software\PCSuite]

[HKLM\Software\Paretologic]

[HKLM\Software\Policies]

[HKLM\Software\Post]

[HKLM\Software\Propellerhead Software]

[HKLM\Software\Protexis]

[HKLM\Software\RealNetworks]

[HKLM\Software\Reallusion]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\RichFX]

[HKLM\Software\Roxio]

[HKLM\Software\Samsung]

[HKLM\Software\Sonic]

[HKLM\Software\SpeedBit]

[HKLM\Software\SymDebug]

[HKLM\Software\Symantec]

[HKLM\Software\TechSmith]

[HKLM\Software\TrendMicro]

[HKLM\Software\Ubisoft]

[HKLM\Software\Volatile]

[HKLM\Software\WildTangent]

[HKLM\Software\Windows]

[HKLM\Software\Wow6432Node]

[HKLM\Software\Xing Technology Corp.]

[HKLM\Software\Yahoo]

[HKLM\Software\fv]

[HKLM\Software\instinno]

[HKLM\Software\mozilla.org]

 

 

---\\ Contenu des dossiers Fichiers Communs (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\1235488372

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Adobe Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Alcohol Soft

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\AoA Audio Extractor

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Audacity

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\AV Vcs 7.0 GOLD

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\AviSynth 2.5

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Bonjour

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\CyberLink

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\DAEMON Tools Lite

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\DebugMode

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Desktop Activity Recorder

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\DivX

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\EasyPHP 2.0b1

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\EasyPHP-5.3.2

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\EasyPHP5.3.0

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Fake Voice

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Free FLV Converter

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Gabest

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Gateway Games

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\GIMP-2.0

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Google

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Houaiss

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Houaiss3

O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Intel

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Java

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MarkAny

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Marvell

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Money 2007

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Works

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft.NET

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MSXML 4.0

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Napster

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Norton 360

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Norton Internet Security

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\NortonInstaller

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\O2Micro Flash Memory Card Driver

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Oi Internet

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Oi Velox

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\PC Connectivity Solution

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Real

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Reallusion

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Reference Assemblies

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Samsung

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\TechSmith

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Ubisoft

O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Unlocker

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Video to Flash Converter

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Calendar

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Collaboration

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Defender

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live SkyDrive

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Mail

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows NT

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Photo Gallery

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Sidebar

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\XMedia Recode

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ZHPDiag

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Adobe AIR

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\DivX Shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Macrovision Shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Napster Shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\PX Storage Engine

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Real

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Reallusion

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Roxio Shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Services

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Sonic Shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Symantec Shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\System

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\TechSmith Shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\xing shared

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.3FB9651BD1509806E635778806E1F5EE] - 01/05/2010 - 12:27:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\PerfStringBackup.INI [799012]

O44 - LFC:[MD5.E7FD93FD694E20B74A7D729BB94BA0EF] - 01/05/2010 - 12:27:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc009.dat [101250]

O44 - LFC:[MD5.B735BFE186AB69C79515E3AA8E230A60] - 01/05/2010 - 12:27:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh009.dat [587178]

O44 - LFC:[MD5.726E9B684BBCA3E15293A7FBE2CA7EF8] - 01/05/2010 - 12:27:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\prfc0416.dat [19676]

O44 - LFC:[MD5.54BA90A72AA0260022F5C8EBAE04DB01] - 01/05/2010 - 12:27:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\prfh0416.dat [96532]

O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 12:17:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1155655]

O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 12:13:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\LogConfigTemp.xml [0]

O44 - LFC:[MD5.60FAC8CC6CC669D69457B5412B3F16EE] - 01/05/2010 - 12:13:48 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.64FEA1EEE228F58DA3219B8D7F0975B0] - 01/05/2010 - 12:13:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [625100]

O44 - LFC:[MD5.E3D868F4E80F248F3C6194F5698DEF61] - 29/04/2010 - 18:18:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\FNTCACHE.DAT [361008]

O44 - LFC:[MD5.CCEF38204B016BF8481539AA2BCE2D84] - 25/04/2010 - 18:11:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\DirectX.log [10085]

O44 - LFC:[MD5.2C7F699996308006F57576C02A01083D] - 25/04/2010 - 12:34:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\win.ini [265]

O44 - LFC:[MD5.2DD033EA300ECCEA34EF72D47B4859BB] - 23/04/2010 - 12:02:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [36733]

O44 - LFC:[MD5.CC513A75FB9C2990CAD59F07FF86D0A5] - 23/04/2010 - 02:36:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\ODBC.INI [418]

O44 - LFC:[MD5.1969F308BD9F12FAC1540F1E8BA46E30] - 20/04/2010 - 13:18:37 ---A- . (.Nokia - Wireless Communication Device Class Install.) -- C:\Windows\SysNative\nmwcdclsx64.dll [66560]

O44 - LFC:[MD5.C84F50BF201E70A5EB1DF93FE2302FB1] - 20/04/2010 - 13:18:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\DPINST.LOG [46300]

O44 - LFC:[MD5.2E432A65BC396DF2EC57E5D532A77854] - 20/04/2010 - 13:17:32 ---A- . (.Teruten Inc - File System Mini Filter Control Application.) -- C:\Windows\SysNative\FsExService64.exe [24064]

O44 - LFC:[MD5.2E432A65BC396DF2EC57E5D532A77854] - 20/04/2010 - 13:17:32 ---A- . (.Teruten Inc - File System Mini Filter Control Application.) -- C:\Windows\System32\FsExService64.Exe [24064]

O44 - LFC:[MD5.CE4B6956E4E12492715A53076E58761F] - 20/04/2010 - 13:17:32 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\drivers\TFsExDisk.Sys [16392]

O44 - LFC:[MD5.777C79FE9FAD723D48D8CDEA0ABD7A26] - 20/04/2010 - 13:13:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\1046.MST [104448]

O44 - LFC:[MD5.30F34F36452EE80C3F2033200DF598FA] - 20/04/2010 - 13:12:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\0x0416.ini [14498]

O44 - LFC:[MD5.44E684BA5B8162BA342A494A59D10FC2] - 14/04/2010 - 00:43:58 ---A- . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\SysNative\l3codeca.acm [72192]

O44 - LFC:[MD5.44E684BA5B8162BA342A494A59D10FC2] - 14/04/2010 - 00:43:58 ---A- . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm [62464]

O44 - LFC:[MD5.0115A328F0324310959E0F8D4805CB09] - 10/04/2010 - 18:28:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\ie8_main.log [2067]

O44 - LFC:[MD5.65DABB831DA51500DFA31B40252803E2] - 08/04/2010 - 20:20:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\jestertb.dll [20992]

 

 

---\\ MountPoints2 Shell Key (MPSK) (O51)

O51 - MPSK:{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- McNbQT.EXe (.not file.)

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\SysWOW64\l3codeca.acm" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm

O52 - TDSD: \Drivers32\"msacm.clmp3enc"="C:\PROGRA~2\CYBERL~1\Power2Go\CLMP3Enc.ACM" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \Drivers32\"vidc.tscc"="tsccvid.dll" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\Windows\System32\tsccvid.dll

O52 - TDSD: \Drivers32\"vidc.xvid"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\Windows\SysWOW64\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\PROGRA~2\CYBERL~1\Power2Go\CLMP3Enc.ACM"="MP3 PowerEncoder" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"tsccvid.dll"="TechSmith Screen Capture Codec" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\Windows\System32\tsccvid.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\Policies\Explorer] - "ForceActiveDesktopOn"=0

O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoActiveDesktopChanges"=0

 

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 20/01/2008 - 23:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys

O58 - SDL:[MD5.7D05A75E3066861A6610F7EE04FF085C] - 20/01/2008 - 23:46:54 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys

O58 - SDL:[MD5.820A201FE08A0C345B3BEDBC30E1A77C] - 20/01/2008 - 23:46:54 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (X64).) -- C:\Windows\system32\drivers\adpu160m.sys

O58 - SDL:[MD5.9B4AB6854559DC168FBB4C24FC52E794] - 20/01/2008 - 23:47:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys

O58 - SDL:[MD5.157D0898D4B73F075CE9FA26B482DF98] - 20/01/2008 - 23:46:50 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys

O58 - SDL:[MD5.BA8417D4765F3988FF921F30F630E303] - 20/01/2008 - 23:46:52 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys

O58 - SDL:[MD5.9D41C435619733B34CC16A511E644B11] - 20/01/2008 - 23:47:00 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys

O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 18/09/2006 - 18:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys

O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 18/09/2006 - 18:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys

O58 - SDL:[MD5.F0F0BA4D815BE446AA6A4583CA3BCA9B] - 02/11/2006 - 05:43:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys

O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 18/09/2006 - 18:30:18 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys

O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 18/09/2006 - 18:30:18 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys

O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 19/09/2006 - 08:42:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys

O58 - SDL:[MD5.CD69E6640BC4778EB4159D34A707106E] - 25/03/2008 - 20:47:06 ---A- . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\Windows\system32\drivers\CAXHWAZL.sys

O58 - SDL:[MD5.9E6C63F94D2C3D884A8936E448B1028B] - 25/03/2008 - 20:45:44 ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\Windows\system32\drivers\CAX_CNXT.sys

O58 - SDL:[MD5.EBDBA99C2362457BE429F024396B63BE] - 25/03/2008 - 20:51:16 ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\Windows\system32\drivers\CAX_DPV.sys

O58 - SDL:[MD5.C99A4BEE54DA56BA03D774A263113FEA] - 20/06/2007 - 07:00:00 ---A- . (.Sonic Solutions - CDR4 64-bit CD and DVD Place Holder Driver (see PxHelp).) -- C:\Windows\system32\drivers\cdr4_xp.sys

O58 - SDL:[MD5.DE056F1329FFA68304F8ABDE2425F813] - 20/06/2007 - 07:00:00 ---A- . (.Sonic Solutions - CDRAL 64-bit Place Holder Driver (see PxHelp).) -- C:\Windows\system32\drivers\cdralw2k.sys

O58 - SDL:[MD5.491CBD050CE600B0FB8E71D01D76E0F9] - 02/06/2008 - 04:50:04 ---A- . (.Conexant Systems Inc. - 64-bit High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\CHDRT64.sys

O58 - SDL:[MD5.E5D5499A1C50A54B5161296B6AFE6192] - 20/01/2008 - 23:46:50 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys

O58 - SDL:[MD5.222CB641B4B8A1D1126F8033F9FD6A00] - 02/11/2006 - 08:50:06 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys

O58 - SDL:[MD5.264CEE7B031A9D6C827F3D0CB031F2FE] - 20/01/2008 - 23:46:56 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G6032E.sys

O58 - SDL:[MD5.C4636D6E10469404AB5308D9FD45ED07] - 20/01/2008 - 23:46:59 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys

O58 - SDL:[MD5.CB121F1009623E83EBCC2C4DCEF6D3FE] - 17/04/2008 - 12:12:54 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys

O58 - SDL:[MD5.D7109A1E6BD2DFDBCBA72A6BC626A13B] - 20/01/2008 - 23:46:59 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys

O58 - SDL:[MD5.8D58627FEF3F8767665D9F4DC91CBD97] - 15/04/2008 - 21:54:16 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStor.sys

O58 - SDL:[MD5.3E3BF3627D886736D0B4E90054F929F6] - 20/01/2008 - 23:46:59 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys

O58 - SDL:[MD5.8C3951AD2FE886EF76C7B5027C3125D3] - 02/11/2006 - 09:02:39 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys

O58 - SDL:[MD5.8C7FA71CB1EBCD3EDE8958D27B1BF0B4] - 11/06/2008 - 16:13:24 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\system32\drivers\int15_64.sys

O58 - SDL:[MD5.63C766CDC609FF8206CB447A65ABBA4A] - 02/11/2006 - 09:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys

O58 - SDL:[MD5.1281FE73B17664631D12F643CBEA3F59] - 02/11/2006 - 09:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys

O58 - SDL:[MD5.ACBE1AF32D3123E330A07BFBC5EC4A9B] - 20/01/2008 - 23:46:51 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys

O58 - SDL:[MD5.799FFB2FC4729FA46D2157C0065B3525] - 20/01/2008 - 23:46:56 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys

O58 - SDL:[MD5.F445FF1DAAD8A226366BFAF42551226B] - 20/01/2008 - 23:47:01 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys

O58 - SDL:[MD5.4A46FA98DE81FF55A7CFC0C26262CB33] - 30/03/2010 - 00:45:56 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys

O58 - SDL:[MD5.E4F44EC214B3E381E1FC844A02926666] - 19/06/2006 - 02:27:24 ---A- . (.Conexant - Diagnostic Interface x64 Driver.) -- C:\Windows\system32\drivers\mdmxsdk.sys

O58 - SDL:[MD5.5C5CD6AACED32FB26C3FB34B3DCF972F] - 20/01/2008 - 23:46:59 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys

O58 - SDL:[MD5.859BC2436B076C77C159ED694ACFE8F8] - 20/01/2008 - 23:46:56 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys

O58 - SDL:[MD5.3C200630A89EF2C0864D515B7A75802E] - 02/11/2006 - 09:02:24 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys

O58 - SDL:[MD5.93915C41A0DBBD121A0FAD2835E43776] - 27/04/2008 - 19:38:12 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw5v64.sys

O58 - SDL:[MD5.4AC08BD6AF2DF42E0C3196D826C8AEA7] - 02/11/2006 - 09:03:03 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys

O58 - SDL:[MD5.29A70AD61FB913B4E6C587924B23B62C] - 14/07/2008 - 00:04:00 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda64v.sys

O58 - SDL:[MD5.60FA7558A84ABD895F43BF93309A5569] - 14/07/2008 - 00:04:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 176.) -- C:\Windows\system32\drivers\nvlddmkm.sys

O58 - SDL:[MD5.2C040B7ADA5B06F6FACADAC8514AA034] - 20/01/2008 - 23:46:54 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys

O58 - SDL:[MD5.F7EA0FE82842D05EDA3EFDD376DBFDBA] - 20/01/2008 - 23:46:54 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys

O58 - SDL:[MD5.1FBB63BD15D25B022DC986D463F94219] - 13/05/2008 - 01:48:38 ---A- . (.O2Micro - o2media.) -- C:\Windows\system32\drivers\o2mdx64.sys

O58 - SDL:[MD5.C88959545B5F598791D30314C7DB5718] - 11/06/2008 - 22:29:30 ---A- . (.O2Micro - O2Micro SD Reader Driver (AMD64).) -- C:\Windows\system32\drivers\o2sdx64.sys

O58 - SDL:[MD5.81B5E63131090879AD6EF9F32109B88D] - 17/09/2007 - 15:53:34 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\system32\drivers\pccsmcfdx64.sys

O58 - SDL:[MD5.05F46042208E515B9C240AAFC54E7AA2] - 26/07/2007 - 07:00:00 ---A- . (.Sonic Solutions - Px Engine Device Driver for 64-bit Windows.) -- C:\Windows\system32\drivers\PxHlpa64.sys

O58 - SDL:[MD5.0B83F4E681062F3839BE2EC1D98FD94A] - 20/01/2008 - 23:46:52 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys

O58 - SDL:[MD5.E1C80F8D4D1E39EF9595809C1369BF2A] - 02/11/2006 - 08:50:27 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys

O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 29/09/2006 - 20:51:44 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys

O58 - SDL:[MD5.3A2F769FAB9582BC720E11EA1DFB184D] - 20/01/2008 - 23:47:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys

O58 - SDL:[MD5.00000000000000000000000000000000] - 10/04/2010 - 06:50:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys

O58 - SDL:[MD5.2F26A2C6FC96B29BEFF5D8ED74E6625B] - 02/11/2006 - 09:02:52 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys

O58 - SDL:[MD5.3F9D5FE52585E2653E59FDBFDF09A94C] - 15/02/2010 - 20:47:48 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\Windows\system32\drivers\SYMEVENT64x86.SYS

O58 - SDL:[MD5.A909667976D3BCCD1DF813FED517D837] - 02/11/2006 - 09:02:37 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys

O58 - SDL:[MD5.36887B56EC2D98B9C362F6AE4DE5B7B0] - 02/11/2006 - 09:02:47 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys

O58 - SDL:[MD5.B432C6063D4C621241C2B6E05CA0C3E3] - 18/01/2008 - 00:31:30 ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys

O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 15/07/2009 - 09:08:24 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\system32\drivers\TFsExDisk.sys

O58 - SDL:[MD5.697F0446134CDC8F99E69306184FBBB4] - 20/01/2008 - 23:46:56 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys

O58 - SDL:[MD5.31707F09846056651EA2C37858F5DDB0] - 02/11/2006 - 08:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys

O58 - SDL:[MD5.85E5E43ED5B48C8376281BAB519271B7] - 20/01/2008 - 23:46:52 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\system32\drivers\ulsata2.sys

O58 - SDL:[MD5.FA3CA291F80EE13A1AC210492A7DFBB9] - 23/05/2007 - 22:47:28 ---A- . (.Chicony Electronics Co., Ltd. - UVCFTR_S.sys.) -- C:\Windows\system32\drivers\UVCFTR_S.SYS

O58 - SDL:[MD5.3A4B01C2BDB07DFEF29B0B369487503A] - 26/12/2008 - 12:56:04 ---A- . (.Avnex - Avnex Ltd. Virtual Audio Device (WDM).) -- C:\Windows\system32\drivers\vcsvad.sys

O58 - SDL:[MD5.8294B6C3FDB6C33F24E150DE647ECDAA] - 20/01/2008 - 23:46:50 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys

O58 - SDL:[MD5.A68F455ED2673835209318DD61BFBB0E] - 20/01/2008 - 23:47:25 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys

O58 - SDL:[MD5.57BA73B5B321291E5114CB21350E1EA0] - 20/01/2008 - 23:46:57 ---A- . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\Windows\system32\drivers\VSTAZL6.SYS

O58 - SDL:[MD5.B5C348B265178FB9EE55ADDB3929485D] - 20/01/2008 - 23:46:57 ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\Windows\system32\drivers\VSTCNXT6.SYS

O58 - SDL:[MD5.E6CD7F641916484B0141D191A390D866] - 20/01/2008 - 23:46:57 ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\Windows\system32\drivers\VSTDPV6.SYS

O58 - SDL:[MD5.F22E443518BC599D12888DAF292A56D8] - 18/10/2007 - 19:37:10 ---A- . (.Conexant Systems, Inc. - Modem Audio Device Driver.) -- C:\Windows\system32\drivers\XAudio64.sys

O58 - SDL:[MD5.B681CADB266B151061E7BAA82B0D77B7] - 24/07/2008 - 14:03:00 ---A- . (.Marvell - Miniport Driver for Marvell Yukon Ethernet Controller..) -- C:\Windows\system32\drivers\yk60x64.sys

O58 - SDL:[MD5.C6E5276C00EBDEB096BB5EF4B797D1B6] - 11/06/2008 - 16:13:24 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\SysWOW64\drivers\int15.sys

O58 - SDL:[MD5.8C7FA71CB1EBCD3EDE8958D27B1BF0B4] - 11/06/2008 - 16:13:24 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\SysWOW64\drivers\int15_64.sys

O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 25/10/2007 - 17:26:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\StarOpen.sys

O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 15/07/2009 - 09:08:24 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys

 

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.)

O63 - Logiciel: OTL - (.OldTimer.)

 

 

---\\ Observateur d'évènement d'application (OEA) (O66)

O66 - EventLog: ID=59 (LiveUpdate) - (.Pas de propriétaire - Pas de description.) -- C:\ProgramData\Symantec\LiveUpdate\Downloads\1263898196jtun_emt64nav2k8encful.m25.seg1.zip"}; (.not file.)

O66 - EventLog: ID=100 (MySQL) - (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\EasyPHP5.3.0\www\lab\server\mysql\share\english\errmsg.sys' (.not file.)

O66 - EventLog: ID=100 (MySQL) - (.Pas de propriétaire - Pas de description.) -- C:\Users\EasyPHP-5.3.2\mysql\share\Parado\errmsg.sys' (.not file.)

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe

O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\\i0lbbbcf.default\searchplugins\askcom.xml

 

 

 

End of the scan (620 lines in 01mn 54s)

[DigRam 144]

Boa Noite! Katiane

 

<@> Abra a ferramenta "ZHPDiag".

<@> Clique no menu "ZHPFix" < > --> OK.

<@> Selecione a(s) linha(s) que está(ão) na Quote,marcando a(s) caixinha(s). ( Space )

 

O4 - HKLM\..\Run: [WinLogT] . (.LightComm - Register Connection.) -- C:\Windows\WinLogT.exe

O42 - Logiciel: Java™ 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM]

O42 - Logiciel: Java™ 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM]

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Bonjour

O44 - LFC:[MD5.65DABB831DA51500DFA31B40252803E2] - 08/04/2010 - 20:20:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\jestertb.dll [20992]

O51 - MPSK:{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- McNbQT.EXe (.not file.)

O69 - SBI: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\\i0lbbbcf.default\searchplugins\askcom.xml

<@> Á seguir,clique em "Nettoyer" --> Aguarde!

<@> Ps: Selecione e copie,esta tela,para Bloco de Notas.

<@> Poste seu conteúdo: Rapport de suppression .. <-- Texto!

000000000000000000000000

000000000000000000000000

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

[Katiane 0]

DigRam, assim que marco as caixinhas indicadas na quote e clico em "Nettoyer", no ZHPDiag, abre uma caixa indicando a mensagem:

 

"Erreur système. Code: 740

A operação solicitada requer elevação"

 

Então, clico em OK e aparece aquele símbolo de tempo do windows como se estivesse em execução, mas nada acontece.

[DigRam 144]

DigRam, assim que marco as caixinhas indicadas na quote e clico em "Nettoyer", no ZHPDiag, abre uma caixa indicando a mensagem:

 

"Erreur système. Code: 740

A operação solicitada requer elevação"

 

Então, clico em OK e aparece aquele símbolo de tempo do windows como se estivesse em execução, mas nada acontece.

//////////\\\\\\\\\\

Opa! Katiane

 

<!> Estando logada na conta administrador,execute o procedimento em "Modo de Segurança".

<!> Ps: Normalmente,isso funciona!

 

Abraços!

[Katiane 0]

DigRam, realizei o procedimento no Modo de Segurança. Aparece a seguinte mensagem:

 

"Windows Installer: O serviço Windows Installer não pôde ser acessado. Isso pode ocorrer se o serviço Windows installer não tiver sido devidamente instalado. Entre em contato com a equipe de suporte para obter ajuda".

 

Cliquei OK. A mensagem apareceu novamente. Mais um OK e parece que deu certo. Segue o log do ZHPFix:

 

ZHPFix v1.12.3094 by Nicolas Coolman - Rapport de suppression du 02/05/2010 17:50:10

Fichier d'export Registre : C:\ZHPExportRegistry-02-05-2010-17-50-20.txt

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

 

 

Processus mémoire :

(Néant)

 

Module mémoire :

(Néant)

 

Clé du Registre :

O51 - MPSK:{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- McNbQT.EXe (.not file.) => Clé supprimée avec succès

 

Valeur du Registre :

O4 - HKLM\..\Run: [WinLogT] . (.LightComm - Register Connection.) -- C:\Windows\WinLogT.exe => Valeur supprimée avec succès

 

Elément de données du Registre :

(Néant)

 

Dossier :

C:\Program Files (x86)\Bonjour => Fichier supprimé au reboot

 

Fichier :

c:\windows\winlogt.exe => Fichier supprimé au reboot

c:\windows\jestertb.dll => Fichier supprimé au reboot

mcnbqt.exe => Fichier absent

 

Logiciel :

O42 - Logiciel: Java 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM] => Logiciel supprimé avec succès

O42 - Logiciel: Java 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] => Logiciel supprimé avec succès

 

Script Registre :

(Néant)

 

Master Boot Record :

(Néant)

 

Autre :

O69 - SBI: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\\i0lbbbcf.default\searchplugins\askcom.xml => Format Non supporté

 

 

Récapitulatif :

Processus mémoire : 0

Module mémoire : 0

Clé du Registre : 1

Valeur du Registre : 1

Elément de données du Registre : 0

Dossier : 1

Fichier : 3

Logiciel : 2

Master Boot Record : 0

Autre : 1

 

End of the scan

-------------------

-------------------

Fiz o procedimento indicado com o USBFix. Porém, assim que terminou, ficou aparecendo a mensagem de que o Windows Explorer parou de funcionar. Em seguida aparecia "O Windows Explorer está reiniciando". Isso direto. Então, salvei o log do USBFix, desconectei o pendrive e reiniciei. Após reiniciar, não ficou aparecendo a mensagem do Windows Explorer. Segue o relatório do USBFix:

 

 

############################## | UsbFix V6.110 |

 

User : Usuario (Administrators) # USUARIO-PC

Update on 29/04/2010 by El Desaparecido , C_XX & Chimay8

Start at: 18:19:47 | 02/05/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Core2 Duo CPU P8400 @ 2.26GHz

Microsoft® Windows Vista™ Home Premium (6.0.6001 64-bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

Windows Firewall Status : Disabled

 

C:\ -> Local Fixed Disk # 288,09 Go (189,47 Go free) [OS] # NTFS

D:\ -> CD-ROM Disc

E:\ -> CD-ROM Disc

F:\ -> Removable Disk # 1,87 Go (1,05 Go free) # FAT

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\$Recycle.Bin\S-1-5-21-810750167-987513962-2786433228-1000

Supprimido ! C:\$Recycle.Bin\S-1-5-21-810750167-987513962-2786433228-500

F:\autorun.inf -> ficheiro chamado : "F:\mCNbQT.EXe" ( Ausente ! )

Supprimido ! F:\autorun.inf

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{254c4fc7-f95a-11de-8513-001d72ef4ac4}\Shell\AutoRun\Command

 

################## | Listing |

 

[20/04/2010 13:12|--a------|14498] C:\0x0416.ini

[20/04/2010 13:13|--a------|104448] C:\1046.MST

[20/01/2008 23:50|-rahs----|333203] C:\bootmgr

[09/10/2008 16:06|-ra-s----|8192] C:\BOOTSECT.BAK

[09/10/2008 16:09|--a------|165] C:\Labelprint.log

[?|?|?] C:\pagefile.sys

[24/02/2009 12:24|--a------|163] C:\power2go.log

[20/11/2008 12:41|--a------|1850112] C:\TEImage.bin

[02/05/2010 18:23|--a------|1562] C:\UsbFix.txt

[02/05/2010 17:50|--a------|5886] C:\ZHPExportRegistry-02-05-2010-17-50-20.txt

[24/03/2010 08:40|--a------|20992] F:\ficha-resumo hessen.doc

[30/04/2010 16:37|--a------|1467161] F:\msnspymaster.exe

[22/04/2010 12:23|--a------|5918776] F:\mbam-setup-1.45.exe

 

################## | Vaccinação |

 

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# F:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_Usuario-PC.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.110 ! |

 

Dica: clique dentro desta caixa para carregar o editor

 

DigRam, segue o log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:51, on 02/05/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18444)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugin-container.exe

C:\Users\Usuario\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

 

--

End of file - 7749 bytes

[DigRam 144]

Boa Noite! Katiane

 

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:files

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Bonjour

:services

Bonjour Service

:commands

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-

 

Abraços!

[Katiane 0]

O relatório do OTL:

 

All processes killed

========== FILES ==========

C:\Program Files (x86)\Bonjour\mDNSResponder.exe moved successfully.

C:\Program Files (x86)\Bonjour folder moved successfully.

========== SERVICES/DRIVERS ==========

Service Bonjour Service stopped successfully!

Service Bonjour Service deleted successfully!

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: AppData

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Usuario

->Flash cache emptied: 1043 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Usuario

->Temp folder emptied: 46976 bytes

->Temporary Internet Files folder emptied: 3939772 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 39616790 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 711168 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5508912 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 130990 bytes

 

Total Files Cleaned = 48,00 mb

 

 

OTL by OldTimer - Version 3.2.4.0 log created on 05022010_231335

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

[DigRam 144]

Bom Dia! Katiane

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_Usuario-PC.zip : http://chiquitine.ch...mple/Upload.php

Obrigado pela sua contribuição.

<!> Contribua,caso queira,enviando o arquivo em destaque para o link dado àcima.

000000000000000000000

000000000000000000000

<@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

000000000000000000000

<!> Seus logs estão limpos!

<!> Ps: A memória,ainda,apresenta falhas?

 

Abraços!

[Katiane 0]

DigRam, a quantidade de espaço liberado no HD foi bem grande (impressionante!) depois desses procedimentos que você indicou. Além disso, a quantidade de memória pra realizar os processos agora é bem menor. Quanto às falhas de memória, assim que inicio o note, o gerenciador de desempenho indica muitas (o que não sei se é normal), mas em pouco tempo volta a zero e permanece assim.

 

Só tenho a agradecer pela sua ajuda. :clap:

 

Ah, pra finalizar, o que eu posso fazer daqui pra frente, em termos de limpeza, pra manter o computador livre dessas pragas?

 

;) Valeu, mesmo!!

[DigRam 144]

DigRam, a quantidade de espaço liberado no HD foi bem grande (impressionante!) depois desses procedimentos que você indicou. Além disso, a quantidade de memória pra realizar os processos agora é bem menor. Quanto às falhas de memória, assim que inicio o note, o gerenciador de desempenho indica muitas (o que não sei se é normal), mas em pouco tempo volta a zero e permanece assim.

 

Só tenho a agradecer pela sua ajuda. :clap:

 

Ah, pra finalizar, o que eu posso fazer daqui pra frente, em termos de limpeza, pra manter o computador livre dessas pragas?

 

;) Valeu, mesmo!!

/////////////\\\\\\\\\\\\\\

Boa Tarde! Katiane

 

<!> Vai aqui:

 

<1> Atualize o computador,buscando seus novos patches. ( Windows Update )

<2> Evite entulhar o computador com programas desnecessários e raramente utilizados.

<3> Utilize o CCleaner à cada 3 dias.

<4> Cuidado com a inserção de pendrives,mas...,felizmente,a ferramenta UsbFix promoveu vacinações.

<5> Atualize seus softwares de proteção.

<6> Navegue utilizando o Firefox. <-- Muito mais seguro!

<7> À cada 20 dias,desfragmente o Disco.

<8> Utilize o scandisk,para corrigir erros lógicos,que possam surgir.

 

<!> Creio ser básica estas recomendações!

 

Abraços!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.