Leandrueo 0 Denunciar post Postado Janeiro 29, 2011 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:24, on 29/1/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfi0.dll O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfi0.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfi0.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG8\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 9852 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Janeiro 29, 2011 Olá Leandrueo 1. *Baixe o AD-Remover e salve-o no desktop *Execute o AD-Remover *Clique [Clean] > [OK] > [sim] *O PC será reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt Compartilhar este post Link para o post Compartilhar em outros sites
Leandrueo 0 Denunciar post Postado Fevereiro 4, 2011 ======= REPORT FROM AD-REMOVER 2.0.0.2,D | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 29/01/11 at 16:00 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 15:59:14 on 04/02/2011, Normal boot Microsoft Windows XP Professional Service Pack 3 (X86) windows@ALESSANDRO ( ) ============== ACTION(S) ============== File deleted: C:\WINDOWS\system32\ConduitEngine.tmp File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder deleted: C:\Documents and Settings\windows\Dados de aplicativos\Mozilla\FireFox\Profiles\g9cswzeo.default\conduit Folder deleted: C:\Arquivos de programas\Ask.com Folder deleted: C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\AskToolbar Folder deleted: C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\ConduitEngine Folder deleted: C:\Arquivos de programas\ConduitEngine File deleted: C:\Arquivos de programas\Windows Live\Messenger\Riched20.dll (!) -- Temporary files deleted. -- File opened: C:\Documents and Settings\windows\Dados de aplicativos\Mozilla\FireFox\Profiles\g9cswzeo.default\Prefs.js -- Line deleted: user_pref("extensions.asktb.cbid", "5J"); Line deleted: user_pref("extensions.asktb.crumb", "2011.01.09+19.34.39-toolbar007iad-BR-UmlvIERlIEphbmVpcm8sQnJhem... Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&... Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR"); Line deleted: user_pref("extensions.asktb.fresh-install", false); Line deleted: user_pref("extensions.asktb.l", "dis"); Line deleted: user_pref("extensions.asktb.last-config-req", "1294630479980"); Line deleted: user_pref("extensions.asktb.locale", "pt_BR"); Line deleted: user_pref("extensions.asktb.o", "102869"); Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Line deleted: user_pref("extensions.asktb.qsrc", "2871"); Line deleted: user_pref("extensions.asktb.r", "3"); Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true); -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key deleted: HKLM\Software\Classes\CLSID\{17D87FC1-85B1-4EF1-8095-0B8E5A6E5A38} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17D87FC1-85B1-4EF1-8095-0B8E5A6E5A38} Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Classes\CLSID\{3925F040-6B1D-4EB6-A9C5-C4A9704B24B3} Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key deleted: HKLM\Software\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key deleted: HKLM\Software\Classes\Toolbar.CT2304157 Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\conduitEngine Key deleted: HKCU\Software\Ask.com Key deleted: HKCU\Software\AskToolbar Key deleted: HKCU\Software\Conduit Key deleted: HKCU\Software\conduitEngine Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAA33A1F-3414-42EB-A7AE-EB16CA065AB3} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== ** Mozilla Firefox Version [3.6.13 (pt-BR)] ** -- C:\Documents and Settings\windows\Dados de aplicativos\Mozilla\FireFox\Profiles\g9cswzeo.default\Prefs.js -- browser.download.dir, C:\\Documents and Settings\\windows\\Desktop browser.download.lastDir, C:\\Documents and Settings\\windows\\Desktop browser.startup.homepage, hxxp://www.globo.com/ browser.startup.homepage_override.mstone, rv:1.9.2.13 keyword.URL, hxxp://search.avg.com/route/?d=4cc72a25&v=6.010.006.004&i=23&tp=ab&iy=&ychte=br&lng=pt-BR&q= ======================================== ** Internet Explorer Version [6.0.2900.5512] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Arquivos de programas\Ad-Remover\Quarantine: 124 File(s) C:\Arquivos de programas\Ad-Remover\Backup: 27 File(s) C:\Ad-Report-CLEAN[1].txt - 22/11/2010 (16759 Byte(s)) C:\Ad-Report-CLEAN[2].txt - 04/02/2011 (2236 Byte(s)) End at: 16:00:46, 04/02/2011 ============== E.O.F ============== Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 4, 2011 *Baixe o OTL e salve-o no desktop *Execute-o e selecione a opção: Citar [X] Verificar All Users *Clique [Verificação Rápida] e cole os relatórios apresentados Compartilhar este post Link para o post Compartilhar em outros sites
Leandrueo 0 Denunciar post Postado Fevereiro 5, 2011 OTL Extras logfile created on: 5/2/2011 15:18:18 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\windows\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 894,00 Mb Total Physical Memory | 274,00 Mb Available Physical Memory | 31,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 74,52 Gb Total Space | 22,89 Gb Free Space | 30,72% Space Free | Partition Type: NTFS Drive D: | 480,69 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ALESSANDRO | User Name: windows | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1060284298-1960408961-842925246-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "57938:TCP" = 57938:TCP:*:Enabled:Pando Media Booster "57938:UDP" = 57938:UDP:*:Enabled:Pando Media Booster "58789:TCP" = 58789:TCP:*:Enabled:Pando Media Booster "58789:UDP" = 58789:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "57938:TCP" = 57938:TCP:*:Enabled:Pando Media Booster "57938:UDP" = 57938:UDP:*:Enabled:Pando Media Booster "8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher "8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher "8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher "8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher "8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby "8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby "8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client "8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client "6989:TCP" = 6989:TCP:*:Enabled:League of Legends Launcher "6989:UDP" = 6989:UDP:*:Enabled:League of Legends Launcher "58789:TCP" = 58789:TCP:*:Enabled:Pando Media Booster "58789:UDP" = 58789:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" = C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\AVG\AVG8\avgemc.exe" = C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Arquivos de programas\AVG\AVG8\avgupd.exe" = C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Arquivos de programas\AVG\AVG8\avgnsx.exe" = C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group) "C:\Documents and Settings\windows\Dados de aplicativos\PowerChallenge\PowerSoccer\PowerSoccer.exe" = C:\Documents and Settings\windows\Dados de aplicativos\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer -- () "C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\NGM\NGM.exe" = C:\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe" = C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos. "C:\Arquivos de programas\Google\Google Earth\client\googleearth.exe" = C:\Arquivos de programas\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth "C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby "C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client "C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Arquivos de programas\Steam\Steam.exe" = C:\Arquivos de programas\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\gPotato.com\Allods Online\bin\Launcher.exe" = C:\gPotato.com\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC) "C:\gPotato.com\Allods Online\bin\AOgame.exe" = C:\gPotato.com\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC) "C:\Arquivos de programas\Sports Interactive\Football Manager 2010\fm.exe" = C:\Arquivos de programas\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010 "C:\Arquivos de programas\Sports Interactive\Football Manager 2011\fm.exe" = C:\Arquivos de programas\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive) "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" = C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Arquivos de programas\Garena\Garena.exe" = C:\Arquivos de programas\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD) "C:\Arquivos de programas\iTunes\iTunes.exe" = C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Arquivos de programas\Garena HostBot v4.0\GarenaHostBot.exe" = C:\Arquivos de programas\Garena HostBot v4.0\GarenaHostBot.exe:*:Enabled:Garena HostBot - advanced hosting bot for garena -- (www.GarenaWorld.com) "C:\Arquivos de programas\Garena HostBot v4.0\ghost.exe" = C:\Arquivos de programas\Garena HostBot v4.0\ghost.exe:*:Enabled:ghost -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials "{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{564c9fa9-3609-4dad-9ef8-9899cd492ae6}" = Nero 9 Lite "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English "{90850416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil)) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger "{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.3 - Português "{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{CF58B132-4C67-4E0A-BE3D-8DADB1E32258}" = Vegas Movie Studio 9.0 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ad-Remover" = Ad-Remover By C_XX "Any Video Converter_is1" = Any Video Converter 3.0.5 "Ares" = Ares 2.1.3 "Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1 "AstrumNival Allods" = Allods Online 1.1.02.58 "AVG8Uninstall" = AVG Free 8.5 "Combat Arms" = Combat Arms "Football Manager 2011" = Football Manager 2011 "Garena" = Garena 2010 "Garena HostBot v4.04.0" = Garena HostBot v4.0 "HijackThis" = HijackThis 2.0.2 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1 "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.6.30 (remove only) "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "PhotoScape" = PhotoScape "uTorrent" = µTorrent "WinAVI Video Converter 10.5_is1" = WinAVI Video Converter "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Arquivo do WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XfireXO Toolbar" = XfireXO Toolbar "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.9 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1060284298-1960408961-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Power Loader" = Power Challenge Game Plugin "UnityWebPlayer" = Unity Web Player "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20/1/2011 18:01:02 | Computer Name = ALESSANDRO | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 27/1/2011 17:55:26 | Computer Name = ALESSANDRO | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 27/1/2011 17:55:31 | Computer Name = ALESSANDRO | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 28/1/2011 11:43:18 | Computer Name = ALESSANDRO | Source = Application Error | ID = 1000 Description = Aplicativo com falha plugin-container.exe, versão 1.9.2.3989, módulo com falha ntdll.dll, versão 5.1.2600.5755, endereço com falha 0x0000100b. Error - 28/1/2011 14:51:02 | Computer Name = ALESSANDRO | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 28/1/2011 14:51:04 | Computer Name = ALESSANDRO | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 28/1/2011 15:22:19 | Computer Name = ALESSANDRO | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 29/1/2011 15:49:03 | Computer Name = ALESSANDRO | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error - 30/1/2011 06:37:59 | Computer Name = ALESSANDRO | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error - 1/2/2011 19:31:56 | Computer Name = ALESSANDRO | Source = WindowsLiveMessenger | ID = 15728647 Description = [ System Events ] Error - 4/2/2011 13:59:45 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7034 Description = O serviço Java Quick Starter foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error - 4/2/2011 13:59:45 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7034 Description = O serviço AVG Free8 E-mail Scanner foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error - 4/2/2011 13:59:45 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7034 Description = O serviço LogMeIn Hamachi 2.0 Tunneling Engine foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error - 4/2/2011 13:59:49 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7034 Description = O serviço Application Virtualization Client foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error - 4/2/2011 14:03:52 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7023 Description = O serviço HID Input Service terminou com o erro: %%126 Error - 4/2/2011 15:59:05 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7023 Description = O serviço HID Input Service terminou com o erro: %%126 Error - 4/2/2011 22:54:04 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7023 Description = O serviço HID Input Service terminou com o erro: %%126 Error - 5/2/2011 07:21:12 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7023 Description = O serviço HID Input Service terminou com o erro: %%126 Error - 5/2/2011 12:01:07 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7023 Description = O serviço HID Input Service terminou com o erro: %%126 Error - 5/2/2011 12:27:57 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7023 Description = O serviço HID Input Service terminou com o erro: %%126 < End of report > OTL logfile created on: 5/2/2011 15:18:18 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\windows\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 894,00 Mb Total Physical Memory | 274,00 Mb Available Physical Memory | 31,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 74,52 Gb Total Space | 22,89 Gb Free Space | 30,72% Space Free | Partition Type: NTFS Drive D: | 480,69 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ALESSANDRO | User Name: windows | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/05 15:17:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\windows\Desktop\OTL.exe PRC - [2010/12/11 00:04:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe PRC - [2010/12/06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/09/21 16:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010/07/08 17:11:31 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgtray.exe PRC - [2010/04/24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/04/24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe PRC - [2010/02/28 03:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE PRC - [2010/01/20 11:38:52 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe PRC - [2010/01/20 11:38:38 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe PRC - [2010/01/13 11:45:17 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe PRC - [2010/01/13 11:45:17 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgnsx.exe PRC - [2010/01/13 11:45:17 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgrsx.exe PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe PRC - [2009/11/24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe PRC - [2008/04/14 10:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/13 17:21:20 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe ========== Modules (SafeList) ========== MOD - [2011/02/05 15:17:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\windows\Desktop\OTL.exe MOD - [2010/08/23 14:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de programas\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/04/27 19:01:00 | 003,530,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010/04/24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/04/24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/28 03:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2010/01/20 11:38:38 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2010/01/13 11:45:17 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008/04/13 17:21:20 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService) ========== Driver Services (SafeList) ========== DRV - [2010/04/24 02:10:54 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol) DRV - [2010/04/24 02:10:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir) DRV - [2010/04/24 02:10:50 | 000,211,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay) DRV - [2010/04/24 02:10:44 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs) DRV - [2010/04/21 00:13:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/02/03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010/01/27 00:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf) DRV - [2010/01/13 11:45:39 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/01/13 11:45:34 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/01/13 11:45:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/09/27 21:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/04/14 10:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/13 09:23:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2008/04/13 09:23:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) DRV - [2008/04/13 09:23:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2008/04/13 09:23:44 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent) DRV - [2008/04/13 09:23:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax) DRV - [2008/04/13 09:23:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) DRV - [2008/04/13 09:23:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2008/04/13 07:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2007/04/11 04:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfi0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.globo.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc72a25&v=6.010.006.004&i=23&tp=ab&iy=&ychte=br&lng=pt-BR&q=" FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/26 17:21:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/12/15 19:44:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/12/15 19:44:11 | 000,000,000 | ---D | M] [2010/01/19 21:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\windows\Dados de aplicativos\Mozilla\Extensions [2011/02/04 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\windows\Dados de aplicativos\Mozilla\Firefox\Profiles\g9cswzeo.default\extensions [2010/06/21 18:04:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\windows\Dados de aplicativos\Mozilla\Firefox\Profiles\g9cswzeo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/02/04 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions [2010/08/30 22:05:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/02/03 20:53:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/01/15 23:18:55 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml [2010/01/15 23:18:55 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2010/01/15 23:18:55 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2010/01/15 23:18:55 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2010/11/01 22:33:50 | 000,000,121 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfi0.dll (Conduit Ltd.) O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfi0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Arquivos de programas\XfireXO\tbXfi0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] File not found O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (Ares Development Group) O4 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003..\Run: [DAEMON Tools Lite] C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003..\Run: [steam] C:\Arquivos de programas\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1060284298-1960408961-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/13 11:05:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2003/05/21 15:11:08 | 000,061,440 | R--- | M] () - D:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2003/02/12 05:01:48 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/05 15:17:36 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\windows\Desktop\OTL.exe [2011/02/04 23:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight [2011/02/04 23:40:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Silverlight [2011/02/02 18:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\windows\Desktop\Filme_Strong_World.mp4 ONE PIECE [2011/01/21 12:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\windows\Dados de aplicativos\VDownloader [2011/01/21 12:18:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinPcap [2011/01/11 22:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\windows\Desktop\Nova pasta (2) [2011/01/11 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\windows\Dados de aplicativos\PhotoScape [2011/01/11 21:17:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\PhotoScape [2011/01/10 01:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\ManyCam [2011/01/10 01:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\windows\Dados de aplicativos\ManyCam [2011/01/10 01:30:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ManyCam [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/05 15:24:11 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/02/05 15:17:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\windows\Desktop\OTL.exe [2011/02/05 14:28:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/02/05 14:26:35 | 000,196,865 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011/02/05 14:26:18 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/02/05 14:26:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/05 12:32:59 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/05 12:00:25 | 000,014,677 | ---- | M] () -- C:\Documents and Settings\windows\Desktop\Supernatural_S06E12_HDTV_XviD-2HD_[eztv].6151094.TPB.torrent [2011/02/05 09:41:00 | 070,736,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/02/04 19:49:50 | 000,022,962 | ---- | M] () -- C:\Documents and Settings\windows\Desktop\misstakef18a0bc330aed33324b6d038bbdc4fff.rar [2011/02/04 15:59:09 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\windows\Desktop\AD-R.lnk [2011/02/01 17:07:03 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/01/26 17:34:18 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/01/21 12:18:43 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2011/01/11 21:31:04 | 000,022,528 | -H-- | M] () -- C:\Documents and Settings\windows\Desktop\photothumb.db [2011/01/10 01:30:41 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\windows\Desktop\ManyCam.lnk [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/02/05 12:00:24 | 000,014,677 | ---- | C] () -- C:\Documents and Settings\windows\Desktop\Supernatural_S06E12_HDTV_XviD-2HD_[eztv].6151094.TPB.torrent [2011/02/04 19:49:49 | 000,022,962 | ---- | C] () -- C:\Documents and Settings\windows\Desktop\misstakef18a0bc330aed33324b6d038bbdc4fff.rar [2011/01/21 12:18:42 | 000,444,283 | ---- | C] () -- C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe [2011/01/11 21:20:11 | 000,022,528 | -H-- | C] () -- C:\Documents and Settings\windows\Desktop\photothumb.db [2011/01/10 01:30:41 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\windows\Desktop\ManyCam.lnk [2010/12/10 23:52:33 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\windows\Dados de aplicativos\D2Info0 [2010/12/10 23:52:33 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\windows\Dados de aplicativos\DofusAppId0_2 [2010/10/21 06:34:49 | 000,102,154 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1060284298-1960408961-842925246-1003-0.dat [2010/10/21 06:34:43 | 000,102,154 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat [2010/06/28 23:51:01 | 000,300,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat [2010/04/21 00:13:13 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/04/10 22:27:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI [2010/03/23 18:18:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010/01/27 00:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2010/01/19 21:34:05 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/01/19 21:34:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/01/19 21:34:03 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/01/19 21:34:03 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/01/19 21:34:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/01/19 21:34:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/01/13 11:41:07 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/13 08:28:33 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/11/06 21:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll ========== LOP Check ========== [2010/07/07 02:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ashampoo [2010/10/26 17:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar [2010/04/21 00:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite [2010/08/25 23:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\FlyVPN [2010/03/19 19:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! [2010/04/03 15:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS [2010/12/10 12:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files [2010/07/06 19:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony [2010/04/05 22:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sports Interactive [2010/04/21 21:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [2010/07/14 17:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\VirtualizedApplications [2010/05/15 22:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/06/21 18:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\AnvSoft [2010/12/10 23:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\app [2010/07/07 02:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Ashampoo [2010/02/08 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\CRSpace [2010/04/21 00:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\DAEMON Tools Lite [2010/12/10 23:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Dofus 2 [2010/12/10 23:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/12/05 12:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Football Superstars [2010/07/25 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\LolClient [2011/01/10 01:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\ManyCam [2010/01/15 16:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\OpenArena [2011/01/11 21:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\PhotoScape [2010/02/23 20:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\PowerChallenge [2010/07/06 22:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Publish Providers [2010/12/10 23:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/10/18 23:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\SoftGrid Client [2010/07/06 22:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Sony [2010/04/05 22:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Sports Interactive [2010/07/11 21:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\TP [2010/09/24 23:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Unity [2011/02/05 12:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\uTorrent [2011/01/21 12:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\VDownloader [2010/07/22 12:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\WinAVI [2010/07/12 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\windows\Dados de aplicativos\Youtube Downloader HD ========== Purity Check ========== < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 5, 2011 OK...log limpo. 1. *Execute o AD-Remover *Clique [uninstall] > [Não] > [Close] 2. *Execute o OTL e clique [Limpeza] > [OK] *O PC será reiniciado Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 25, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites