Elwood 0 Denunciar post Postado Maio 18, 2011 Olá Alguns sites de propaganda começaram a abrir sozinhos de tempo em tempo. Depois disso reparei também que meu Microsoft Security Essential desativou sozinho e não consigo reativaro e nem abri-lo. Tentei instalar outros anti-virus free e e nenhum baixa, instala ou abre. Acredito que isso aconteceu depois que instalei um jogo crackeado. Abaixo o log do HiJackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:21:42, on 17/05/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Users\Avell\AppData\Roaming\dwm.exe C:\Users\Avell\AppData\Roaming\Microsoft\conhost.exe C:\Users\Avell\AppData\Local\Temp\csrss.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Program Files (x86)\FastStone Capture\FSCapture.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:55111 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Users\Avell\AppData\Local\Temp\csrss.exe F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 67.221.174.30 tagged.com O1 - Hosts: 204.9.178.11 typepad.com O1 - Hosts: 74.113.152.32 istockphoto.com O1 - Hosts: 208.94.0.38 yfrog.com O1 - Hosts: 123.125.50.22 126.com O1 - Hosts: 74.208.73.101 qvc.com O1 - Hosts: 174.36.28.11 SlideShare.com O1 - Hosts: 213.238.60.190 xing.com O1 - Hosts: 59.106.98.139 seesaa.net O1 - Hosts: 184.72.253.170 hootsuite.com O1 - Hosts: 211.151.146.16 soku.com O1 - Hosts: 72.32.120.222 metacafe.com O1 - Hosts: 204.11.109.133 tribalfusion.com O1 - Hosts: 207.154.14.31tripadvisor.com O1 - Hosts: 216.52.240.133 ustream.tv O1 - Hosts: 174.36.244.132 linkwithin.com O1 - Hosts: 121.67.203.61 scan.novirusthanks.org O1 - Hosts: 209.172.34.139 imagevenue.com O1 - Hosts: 91.206.232.220 booking.com O1 - Hosts: 118.69.251.6 vnexpress.net O1 - Hosts: 208.85.40.80 pandora.com O1 - Hosts: 194.116.241.57 softonic.com O1 - Hosts: 208.83.243.15 match.com202.57.69.84 nwt.com O1 - Hosts: 65.11.53.80 nttnavi.com O1 - Hosts: 72.51.41.235 nrk.no O1 - Hosts: 110.16.19.157 nozonedata.com O1 - Hosts: 76.106.43.251 nachtagenten.com O1 - Hosts: 195.82.124.124 musicmatch.com O1 - Hosts: 70.52.56.163 moscowtimes.com O1 - Hosts: 174.36.28.11 SlideShare.com O1 - Hosts: 61.178.63.198 mgd.com O1 - Hosts: 174.142.24.205 mediastorm.hu O1 - Hosts: 38.113.207.59 media-servers.com O1 - Hosts: 116.66.206.161 m5prod.com O1 - Hosts: 74.175.65.66 lupa.com O1 - Hosts: 207.200.66.53 liveintercom.com O1 - Hosts: 71.96.135.20 keenspace.com O1 - Hosts: 202.51.107.37 jetsoftware.com O1 - Hosts: 60.251.54.208 jamba.com O1 - Hosts: 222.161.3.133 ir.com O1 - Hosts: 200.24.227.170 investopedia.com O1 - Hosts: 202.149.24.216 choiceradio.com O1 - Hosts: 91.206.232.220 booking.com O1 - Hosts: 118.69.251.6 vnexpress.net O1 - Hosts: 141.76.45.18 chip.com O1 - Hosts: 128.006.192.15 redv.net O1 - Hosts: 194.42.17.124 cgi.com O1 - Hosts: 199.26.254.66 centcomm.com O1 - Hosts: 202.149.24.216 digitallook.com O1 - Hosts: 60.251.189.134 domainfactory.com O1 - Hosts: 222.161.3.133 dvdfocomm.nu O1 - Hosts: 157.95.56.15 e-kolay.com O1 - Hosts: 85.249.23.115 eurosport.com O1 - Hosts: 189.104.149.61 f1cd.com O1 - Hosts: 125.162.92.234 free6.com O1 - Hosts: 80.81.159.20 cdmworldsoftware.com O1 - Hosts: 117.102.101.219 grafika.com O1 - Hosts: 85.249.23.115 adware-delete.com O1 - Hosts: 69.89.22.135 hbv.com O1 - Hosts: 92.48.201.39 protectorsuite.com O1 - Hosts: 128.31.1.16 howstuffworks.com O1 - Hosts: 132.239.17.2 httpool.com O1 - Hosts: 85.249.23.117 hyena.com O1 - Hosts: 219.139.158.59 iinfo.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [conhost] C:\Users\Avell\AppData\Roaming\Microsoft\conhost.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [sNJQ66R8MU] C:\Users\Avell\AppData\Local\Temp\Jvc.exe O4 - HKCU\..\Run: [conhost] C:\Users\Avell\AppData\Roaming\Microsoft\conhost.exe O4 - Startup: FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files (x86)\Scpad\scpVista.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13861 bytes Fico no aguardo. Obrigado Elwood Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 18, 2011 Olá Elwood 1. *Baixe o HostsXpert e salve-o no desktop *Extraia para o desktop *Clique com o botão direito do mouse no HostsXpert e selecione "Executar como administrador" *Clique [Restore Microsoft's Hosts File] 2. *Baixe o MalwareBytes e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 18, 2011 Não consegui baixar o Malwarebytes pelo link que você postou, então fui até o baixaki e peguei por lá. Meu Microsoft Security Essentials continua inacessível. Abaixo o log com alguns problemas ainda. Obrigado, Elwood Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6611 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 18/05/2011 18:28:44 mbam-log-2011-05-18 (18-28-43).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 320839 Tempo decorrido: 29 minuto(s), 53 segundo(s) Processos de Memória Infectados: 6 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 4 Valores de Registro Infectados: 5 Itens de Dados no Registro Infectados: 1 Pastas Infectadas: 0 Arquivos Infectados: 29 Processos de Memória Infectados: c:\Windows\Jxucya.exe (Trojan.Downloader) -> 3132 -> Unloaded process successfully. c:\Users\A\AppData\Local\Temp\Jvc.exe (Trojan.Downloader) -> 3144 -> Failed to unload process. c:\Users\A\AppData\Local\Temp\Jvd.exe (Trojan.Downloader) -> 3156 -> Failed to unload process. c:\Users\A\AppData\Roaming\dwm.exe (Trojan.Downloader) -> 3184 -> Unloaded process successfully. c:\Users\A\AppData\Local\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> 3536 -> Unloaded process successfully. c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> 4024 -> Unloaded process successfully. Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Valores de Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU (Trojan.Downloader) -> Value: SNJQ66R8MU -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully. Itens de Dados no Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Cycbot.Gen) -> Bad: (C:\Users\Avell\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\Windows\Jxucya.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\Jvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\Jvd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\A\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully. c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully. c:\I\Backup\microsoft-office 2010 32bit pt-br final + crack\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully. c:\I\el\Fotos\Celular\20112009505.jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\1000000500002i\dumprep.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\1000000600002i\svchost.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\1000000800002i\svchost.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\1000000a00002i\rundll32.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\1000000b00002i\rundll32.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\1000000b00002i\verclsid.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\300000003400002i\dwwin.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\400000425d00002i\photoshop.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\I\pen drive\pen drive 2\cs3sportable\apcs3standalone\CSDATA\400000d00002i\sldshellextserver.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\C7EF.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\D364.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\gncd.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\icds.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\nspc.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\rs2r.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Windows\smax4pnp.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Windows\Temp\3df1af.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Tasks\sunmicro java update.job (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 18, 2011 *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Execute-o e aceite o contrato *Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação *Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas *Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop! *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 19, 2011 Olá Wings. Tentei várias vezes, de diferentes maneiras, fazer o Combofix funcionar, mas não roda. Não cheguei nem no contrato que você comentou. Ele começa a carregar aquela barra, as vezes até termina, mas dai fica "pensando e pensando" e então "desiste". =/ Na verdade havia estranhado que o HiJackThis, HostsXpert e Malwarebytes haviam funcionado de primeira, sem problemas! Pois desde que percebi que algo estava errado tentei instalar alguns programinhas no estilo Ad-aware, mas pelo jeito o virus não deixa eu instalar nada e ainda bloqueou o anti virus da Microsoft. Só então vim para o Fórum... Tem outra coisa que podemos tentar? Obrigado Elwood Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 19, 2011 1. *Renomei o Combofix para Uninstall e execute-o *Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK] 2. *Baixe o OTS e salve-o no desktop *Execute-o e selecione a opção: [x] Scan All Users *Clique [Quick Scan] e cole o relatório apresentado (OTS.txt localizado no desktop) Caso o relatório fique demasiadamente grande... *Acesse este link *Clique [Enviar arquivo] *Localize o arquivo OTS.txt no desktop *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado 3. *Baixe o GMER e salve-o no desktop *Desative temporariamente o antivírus *Feche todos os programas ativos, MSN, anti-spywares... *Saia da Internet *Execute-o *Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO] *Na coluna à direita, certifique-se de que as opções []IAT/EAT e []Show all estejam desmarcadas *Clique [scan] e aguarde o término *Clique [save...] e salve no desktop *Cole o relatório Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 20, 2011 Deu certo. DDS: . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Avell at 12:11:16,19 on 19/05/2011 Internet Explorer: 9.0.8112.16421 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4004.2607 [GMT -3:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Protector Suite\upeksvr.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Hotkey\PowerBiosServer.exe C:\Program Files (x86)\Scpad\scpVista.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Core Temp\Core Temp.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Protector Suite\psqltray.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Program Files (x86)\FastStone Capture\FSCapture.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Avell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Avell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Avell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Avell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskhost.exe C:\Users\Avell\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wermgr.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:55111 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - C:\Program Files (x86)\Scpad\scpsssh2.dll BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices StartupFolder: C:\Users\Avell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FASTST~1.LNK - C:\Program Files (x86)\FastStone Capture\FSCapture.exe StartupFolder: C:\Users\Avell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Enviar para o OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache {9030D464-4C02-4ABF-8ECC-5164760863C6} {B4F3A835-0E21-4959-BA22-42B3008E02FF} mRun-x64: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe AppInit_DLLs-X64: C:\Windows\system32\nvinitx.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-5-17 69376] R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-4-23 25960] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-5-7 18232] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-5-12 56776] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-30 13336] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 2151128] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-3-30 2218600] R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2010-11-18 32768] R2 scpVista;scpVista;C:\Program Files (x86)\Scpad\scpVista.exe [2011-5-15 136496] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-30 2655768] R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-30 317440] R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-3-30 174168] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-3-30 131600] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-20 56344] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-18 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-3-30 1102952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Serviço do Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-15 136176] S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-30 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Serviço do Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-15 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-7 59392] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-23 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-05-19 15:01:49 -------- d-----w- C:\Users\Avell\AppData\Local\{71428944-4CEB-49FD-BED3-125614E37B16} 2011-05-19 00:04:23 -------- d-----w- C:\32788R22FWJFW.0.tmp 2011-05-18 20:48:08 -------- d-----w- C:\Users\Avell\AppData\Roaming\Malwarebytes 2011-05-18 20:45:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-18 20:45:30 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-05-18 20:45:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-18 20:45:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-05-18 14:31:57 -------- d-----w- C:\Users\Avell\AppData\Local\{8C7987EA-4622-460D-9B38-37B2C9EAB932} 2011-05-18 03:00:46 -------- d-----w- C:\Users\Avell\AppData\Local\{9203980E-10FD-431E-8F10-F0A2ADBED942} 2011-05-18 01:21:06 -------- d-----w- C:\HiJackThis 2011-05-18 00:38:20 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-05-18 00:38:20 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-05-18 00:21:53 -------- d-----w- C:\Users\Avell\AppData\Local\Sunbelt Software 2011-05-18 00:21:30 -------- dc-h--w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-05-18 00:21:26 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-05-17 22:00:36 94208 --sha-r- C:\Windows\SysWow64\msrdcx.dll 2011-05-17 21:23:34 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{18A64F44-7845-43C0-B778-2058C405C4B6}\mpengine.dll 2011-05-17 21:00:33 -------- d--h--w- C:\Windows\msdownld.tmp 2011-05-17 21:00:25 -------- d-----w- C:\Windows\SysWow64\directx 2011-05-17 15:00:16 -------- d-----w- C:\Users\Avell\AppData\Local\{B8678D8A-48B6-495B-AD37-E5D6FBB6232E} 2011-05-16 22:25:04 -------- d-----w- C:\Program Files (x86)\Team17 2011-05-16 14:42:33 -------- d-----w- C:\Users\Avell\AppData\Local\{47372552-F426-420F-A16D-D2F56C339C6B} 2011-05-15 23:04:16 -------- d-----w- C:\Users\Avell\AppData\Roaming\FastStone 2011-05-15 23:03:52 -------- d-----w- C:\Program Files (x86)\FastStone Capture 2011-05-15 23:03:50 -------- d-----w- C:\Windows\SysWow64\drivers\etc 2011-05-15 22:02:59 -------- d-----w- C:\Program Files (x86)\Scpad 2011-05-15 15:21:24 -------- d-----w- C:\Users\Avell\AppData\Local\{D1010B9B-6EB2-4D27-965D-03C37F18C090} 2011-05-14 15:17:02 -------- d-----w- C:\Program Files (x86)\Samsung 2011-05-14 15:16:31 2194432 ----a-w- C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung ESWIN\Samsung_Format_Utility_V2.4.exe 2011-05-14 12:28:52 -------- d-----w- C:\Users\Avell\AppData\Local\{CC8D5017-A609-4356-82FC-1FE902380606} 2011-05-14 03:26:39 -------- d-----w- C:\Arquivos de Programas RFB 2011-05-14 01:41:44 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-05-14 01:41:44 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2011-05-14 01:32:19 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2011-05-14 01:32:07 -------- d-----w- C:\Windows\PCHEALTH 2011-05-14 01:30:13 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2011-05-14 00:47:42 -------- d-----w- C:\Program Files\CCleaner 2011-05-14 00:28:28 -------- d-----w- C:\Users\Avell\AppData\Local\{5731DA60-7FD0-44E5-A4C7-A6DC255E85E4} 2011-05-14 00:12:01 -------- d-----w- C:\Users\Avell\AppData\Local\Microsoft Help 2011-05-13 15:01:57 -------- d-----w- C:\Users\Avell\AppData\Local\{1A58807F-D012-439C-8F32-071F0F3E6C98} 2011-05-13 01:09:15 -------- d-----w- C:\Users\Avell\AppData\Local\{A6A0A939-8650-445B-97AF-A1B182E752CC} 2011-05-12 16:12:41 -------- d-----w- C:\Users\Avell\AppData\Roaming\BrOffice.org 2011-05-12 15:02:56 46664 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys 2011-05-12 15:02:35 -------- d-----w- C:\Program Files (x86)\GbPlugin 2011-05-12 15:02:35 -------- d-----w- C:\PROGRA~3\GbPlugin 2011-05-12 13:08:46 -------- d-----w- C:\Users\Avell\AppData\Local\{CA16810B-1D06-46C9-9FBF-CAA265F74B76} 2011-05-11 14:31:30 -------- d-----w- C:\Users\Avell\AppData\Local\{574E447A-C016-4F70-9A31-9C58D01F6BF4} 2011-05-11 13:29:23 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-05-11 13:29:22 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-05-11 13:29:22 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-05-11 13:29:13 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2011-05-11 13:29:13 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2011-05-11 13:29:13 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2011-05-11 13:29:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2011-05-11 13:29:13 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2011-05-11 13:29:13 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2011-05-11 13:29:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2011-05-10 23:22:24 -------- d-----w- C:\Users\Avell\AppData\Roaming\Windows Live Writer 2011-05-10 23:22:24 -------- d-----w- C:\Users\Avell\AppData\Local\Windows Live Writer 2011-05-10 14:30:47 -------- d-----w- C:\Users\Avell\AppData\Local\{BE94C280-AA25-4DE2-BE95-B8CC787B330E} 2011-05-09 12:12:36 -------- d-----w- C:\Users\Avell\AppData\Local\{4AE8CDE8-D168-4D7B-9D3C-BEAAB9EE8ADF} 2011-05-08 19:07:22 -------- d-----w- C:\Users\Avell\AppData\Local\Yahoo! 2011-05-08 18:26:08 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2011-05-08 18:25:49 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll 2011-05-08 18:25:49 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll 2011-05-08 18:12:15 -------- d-----w- C:\Users\Avell\AppData\Local\{BFEFB7D9-691F-4CCD-8EBA-59FA28BD4E26} 2011-05-08 02:49:13 159080 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin 2011-05-07 23:53:20 -------- d-----w- C:\Program Files (x86)\Alcohol Soft 2011-05-07 23:49:48 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys 2011-05-07 23:47:37 -------- d-----w- C:\Program Files (x86)\uTorrent 2011-05-07 23:45:44 -------- d-----w- C:\Users\Avell\AppData\Roaming\uTorrent 2011-05-07 23:40:50 32136 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe 2011-05-07 23:40:50 18232 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys 2011-05-07 23:40:50 -------- d-----w- C:\Users\Avell\AppData\Roaming\IObit 2011-05-07 23:40:47 -------- d-----w- C:\Program Files (x86)\IObit 2011-05-07 20:04:12 -------- d-----w- C:\Igor 2011-05-07 19:45:40 -------- d-----w- C:\Program Files\Core Temp 2011-05-07 19:34:50 -------- d-----w- C:\Program Files (x86)\Lavalys 2011-05-07 19:30:38 -------- d-----w- C:\Users\Avell\AppData\Roaming\ACD Systems 2011-05-07 19:30:38 -------- d-----w- C:\Users\Avell\AppData\Local\ACD Systems 2011-05-07 19:29:24 -------- d-----w- C:\PROGRA~3\ACD Systems 2011-05-07 19:29:18 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems 2011-05-07 19:29:18 -------- d-----w- C:\Program Files (x86)\ACD Systems 2011-05-07 19:28:18 -------- d-----w- C:\Users\Avell\AppData\Local\Downloaded Installations 2011-05-07 18:59:07 -------- d-----w- C:\Users\Avell\AppData\Local\{EA6C6455-1A3E-4432-85F2-A6CDBC52D081} 2011-05-07 18:59:07 -------- d-----w- C:\Users\Avell\AppData\Local\{55B0B980-EBEC-4E4E-91FA-45D9814A72B7} 2011-05-07 18:43:17 -------- d-----w- C:\Windows\SysWow64\Adobe 2011-05-07 18:40:40 -------- d-----w- C:\Users\Avell\AppData\Local\Adobe 2011-05-07 18:35:34 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2011-05-07 18:35:32 631808 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2011-05-07 18:35:32 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2011-05-07 18:35:32 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll 2011-05-07 18:35:32 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm 2011-05-07 18:35:32 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm 2011-05-07 18:35:31 80896 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2011-05-07 18:35:28 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2011-05-07 17:59:29 -------- d-----w- C:\Users\Avell\AppData\Local\Google 2011-05-07 17:59:01 -------- d-----w- C:\Users\Avell\AppData\Local\Deployment 2011-05-07 17:59:01 -------- d-----w- C:\Users\Avell\AppData\Local\Apps 2011-05-07 16:46:43 -------- d-----w- C:\PROGRA~3\VirtualizedApplications 2011-05-07 14:08:00 -------- d-----w- C:\Windows\System32\SPReview 2011-05-07 14:07:04 -------- d-----w- C:\Windows\System32\EventProviders 2011-05-07 14:04:02 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll 2011-05-07 14:04:02 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2011-05-07 14:04:02 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-05-07 14:04:02 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-05-07 14:01:59 777728 ----a-w- C:\Windows\System32\gpsvc.dll 2011-05-07 14:00:59 458752 ----a-w- C:\Windows\SysWow64\WSDApi.dll 2011-05-07 13:59:59 743424 ----a-w- C:\Windows\SysWow64\blackbox.dll 2011-05-07 13:58:59 9728 ----a-w- C:\Windows\System32\spwmp.dll 2011-05-07 13:55:38 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-05-07 13:55:38 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-05-07 13:55:38 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-05-07 13:55:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-05-07 13:55:16 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-05-07 13:54:44 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-05-07 13:54:44 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-05-07 03:54:35 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-05-07 03:54:35 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-05-07 03:54:35 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-05-07 03:54:34 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-05-07 03:54:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-05-07 03:46:59 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-05-07 03:46:59 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-05-06 15:02:19 -------- d-----w- C:\Users\Avell\AppData\Local\Power2Go 2011-05-06 14:59:01 1066544 ------w- C:\Windows\SysWow64\MFC71.dll 2011-05-06 14:59:01 1053232 ------w- C:\Windows\SysWow64\MFC71u.dll 2011-05-06 14:57:58 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-05-06 14:57:58 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-05-06 14:57:58 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-05-06 14:57:58 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-05-06 14:54:59 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-05-06 14:54:58 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-06 14:54:58 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{4F6BF1BA-8FDF-49B6-A8BA-D548085BB464}\gapaengine.dll 2011-05-06 14:54:22 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-04-23 14:17:06 -------- d-----w- C:\Windows\SysWow64\Wat 2011-04-23 14:17:06 -------- d-----w- C:\Windows\System32\Wat 2011-04-23 14:10:49 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-04-23 14:10:48 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-04-23 14:10:05 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-04-23 14:10:04 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-04-23 14:10:03 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-04-23 14:10:03 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-04-23 14:10:01 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-04-23 14:09:59 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-23 14:09:59 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-23 14:09:59 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-23 14:09:55 367616 ----a-w- C:\Windows\System32\atmfd.dll 2011-04-23 14:09:55 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-04-23 14:09:54 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-04-23 14:09:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-04-23 14:02:54 8411752 ----a-w- C:\Windows\System32\nvwgf2umx.dll 2011-04-22 20:01:48 -------- d-----w- C:\NVIDIA 2011-04-22 20:00:13 -------- d-----w- C:\Users\Avell\AppData\Local\SoftGrid Client . ==================== Find3M ==================== . 2011-05-07 16:39:49 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-05-07 16:39:48 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-04-17 14:07:06 94754 --sh--w- C:\Windows\jvs1.exe 2011-04-14 08:07:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-04-09 02:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll 2011-04-09 02:00:20 47616 ----a-w- C:\Windows\System32\drivers\dc3d.sys 2011-04-09 02:00:20 18944 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys 2011-04-08 02:19:16 849092 ----a-w- C:\Windows\System32\nvcoproc.bin 2011-04-08 02:19:16 797800 ----a-w- C:\Windows\System32\nv3dappshext.dll 2011-04-08 02:19:16 53864 ----a-w- C:\Windows\System32\nv3dappshextr.dll 2011-04-08 02:19:16 318056 ----a-w- C:\Windows\System32\nvhotkey.dll 2011-04-08 02:19:16 2582120 ----a-w- C:\Windows\System32\nvsvcr.dll 2011-04-08 02:19:16 117864 ----a-w- C:\Windows\System32\nvmctray.dll 2011-04-08 02:19:16 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe 2011-04-08 02:19:14 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll 2011-04-08 02:19:06 6338152 ----a-w- C:\Windows\System32\nvcpl.dll 2011-04-08 02:18:42 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll 2011-03-30 18:53:16 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2011-03-30 18:53:15 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2011-03-30 18:53:15 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-03-30 05:45:10 66884856 --sh--w- C:\Windows\setupa.exe 2011-03-26 04:29:38 167960 ----a-w- C:\Windows\System32\igfxtray.exe 2011-03-26 04:29:36 509976 ----a-w- C:\Windows\System32\igfxsrvc.exe 2011-03-26 04:29:36 418840 ----a-w- C:\Windows\System32\igfxpers.exe 2011-03-26 04:29:34 391704 ----a-w- C:\Windows\System32\hkcmd.exe 2011-03-26 04:29:34 239128 ----a-w- C:\Windows\System32\igfxext.exe 2011-03-26 04:29:30 4370456 ----a-w- C:\Windows\System32\GfxUI.exe 2011-03-26 04:29:30 179736 ----a-w- C:\Windows\System32\difx64.exe 2011-03-26 04:24:18 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2342.dll 2011-03-26 04:17:50 12262336 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys 2011-03-26 04:17:48 7473664 ----a-w- C:\Windows\System32\igdumd64.dll 2011-03-26 04:16:10 963116 ----a-w- C:\Windows\SysWow64\igkrng600.bin 2011-03-26 04:16:10 963116 ----a-w- C:\Windows\System32\igkrng600.bin 2011-03-26 04:16:10 216876 ----a-w- C:\Windows\SysWow64\igfcg600m.bin 2011-03-26 04:16:10 216876 ----a-w- C:\Windows\System32\igfcg600m.bin 2011-03-26 04:12:06 5692416 ----a-w- C:\Windows\SysWow64\igdumd32.dll 2011-03-26 04:08:46 575488 ----a-w- C:\Windows\SysWow64\igdumdx32.dll 2011-03-26 04:05:34 7386624 ----a-w- C:\Windows\System32\igd10umd64.dll 2011-03-26 04:02:08 6068736 ----a-w- C:\Windows\SysWow64\igd10umd32.dll 2011-03-26 03:54:14 19592704 ----a-w- C:\Windows\System32\ig4icd64.dll 2011-03-26 03:45:16 14294016 ----a-w- C:\Windows\SysWow64\ig4icd32.dll 2011-03-26 03:39:48 335872 ----a-w- C:\Windows\System32\igfxpph.dll 2011-03-26 03:39:44 380928 ----a-w- C:\Windows\System32\igfxTMM.dll 2011-03-26 03:39:38 28672 ----a-w- C:\Windows\System32\igfxexps.dll 2011-03-26 03:39:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll 2011-03-26 03:39:00 109056 ----a-w- C:\Windows\System32\hccutils.dll 2011-03-26 03:38:52 144896 ----a-w- C:\Windows\System32\gfxSrvc.dll 2011-03-26 03:38:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll 2011-03-26 03:38:50 385024 ----a-w- C:\Windows\System32\igfxdev.dll 2011-03-26 03:38:18 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc 2011-03-26 03:38:12 142336 ----a-w- C:\Windows\System32\igfxdo.dll 2011-03-26 03:38:10 9014784 ----a-w- C:\Windows\System32\igfxress.dll 2011-03-26 03:34:40 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll 2011-03-26 03:33:50 288768 ----a-w- C:\Windows\SysWow64\igfxdv32.dll 2011-03-26 03:28:24 142848 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll 2011-03-26 03:28:24 122368 ----a-w- C:\Windows\System32\igfxcmrt64.dll 2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll 2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-05 05:02:48 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll 2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe 2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys . ============= FINISH: 14:46:59,83 =============== GMER: GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-19 22:50:09 Windows 6.1.7601 Service Pack 1 Running: 5nsk0uer.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dd3b49f Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x07 0x43 0x6A 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF6 0x8E 0x56 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x21 0x62 0xD9 0xEF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dd3b49f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x07 0x43 0x6A 0x10 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF6 0x8E 0x56 0xF7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x21 0x62 0xD9 0xEF ... ---- EOF - GMER 1.0.15 ---- Ei... você tinha dito DDS, hehehehe Alterou o post??? Abaixo o OTS. Obrigado OTS logfile created on: 19/05/2011 22:54:36 - Run 1 OTS by OldTimer - Version 3.1.42.0 Folder = C:\Users\Avell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,48 Gb Total Space | 197,65 Gb Free Space | 42,46% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ITD Current User Name: Avell Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/19 22:54:13 | 000,645,632 | ---- | M] (OldTimer Tools) 5nsk0uer.exe -> C:\Users\Avell\Desktop\5nsk0uer.exe -> [2011/05/19 22:26:17 | 000,302,080 | ---- | M] () ad-awareadmin.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe -> [2011/05/17 21:37:23 | 001,744,312 | ---- | M] (Lavasoft Limited ) gbpsv.exe -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/04/18 15:13:40 | 000,056,776 | ---- | M] ( ) daemonu.exe -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -> [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) ad-aware90install.exe -> C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe -> [2010/12/03 06:06:07 | 002,985,360 | ---- | M] (Lavasoft ) aawwsc.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe -> [2010/12/03 06:05:32 | 000,755,096 | ---- | M] () hotkey.exe -> C:\Program Files (x86)\Hotkey\Hotkey.exe -> [2010/11/29 13:57:26 | 002,766,336 | ---- | M] () powerbiosserver.exe -> C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -> [2010/11/18 19:59:16 | 000,032,768 | ---- | M] () nusb3mon.exe -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe -> [2010/11/16 22:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/10/05 10:08:46 | 002,655,768 | R--- | M] (Intel Corporation) lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/10/05 10:08:42 | 000,325,656 | R--- | M] (Intel Corporation) fscapture.exe -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe -> [2010/09/06 14:08:26 | 001,062,400 | ---- | M] (FastStone Soft) scpvista.exe -> C:\Program Files (x86)\Scpad\scpVista.exe -> [2009/07/10 11:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) [Modules - Safe List] ots.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/19 22:54:13 | 000,645,632 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 08:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/13 22:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(NisSrv) [On_Demand | Stopped] -> c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) 64bit-(MsMpSvc) [Disabled | Stopped] -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) 64bit-(wlcrasvc) [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) (GbpSv) Gbp Service [unknown | Running] -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/04/18 15:13:40 | 000,056,776 | ---- | M] ( ) (nvUpdatusService) NVIDIA Update Service Daemon [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -> [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2011/03/30 23:52:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) (PowerBiosServer) PowerBiosServer [Auto | Running] -> C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -> [2010/11/18 19:59:16 | 000,032,768 | ---- | M] () (IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) (UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/10/05 10:08:46 | 002,655,768 | R--- | M] (Intel Corporation) (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/10/05 10:08:42 | 000,325,656 | R--- | M] (Intel Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (StarWindServiceAE) StarWind AE Service [Auto | Stopped] -> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) (scpVista) scpVista [Auto | Running] -> C:\Program Files (x86)\Scpad\scpVista.exe -> [2009/07/10 11:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\Lbd.sys -> [2011/05/17 21:37:44 | 000,069,376 | ---- | M] (Lavasoft AB) 64bit-(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\sptd.sys -> [2011/05/07 20:49:48 | 000,834,544 | ---- | M] () 64bit-(dc3d) Driver de detecção de dispositivos Microsoft Hardware [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) 64bit-(NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nuidfltr.sys -> [2011/04/08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) 64bit-(nvpciflt) nvpciflt [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\nvpciflt.sys -> [2011/04/08 02:14:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) 64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) 64bit-(SmartDefragDriver) SmartDefragDriver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SmartDefragDriver.sys -> [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () 64bit-(JMCR) JMCR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\jmcr.sys -> [2010/12/06 04:56:26 | 000,174,168 | ---- | M] (JMicron Technology Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 06:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) 64bit-(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3xhc.sys -> [2010/11/18 23:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) 64bit-(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3hub.sys -> [2010/11/18 23:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) 64bit-(JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\JME.sys -> [2010/11/10 07:07:20 | 000,131,600 | ---- | M] (JMicron Technology Corp.) 64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) 64bit-(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NisDrvWFP.sys -> [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) 64bit-(IntcDAud) Áudio do vídeo Intel(R) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) 64bit-(RTL8192Ce) Realtek Wireless LAN 802.11n PCI-E NIC Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\rtl8192ce.sys -> [2010/10/04 05:47:04 | 001,102,952 | R--- | M] (Realtek Semiconductor Corporation ) 64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) 64bit-(MEIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2010/09/20 22:59:38 | 000,056,344 | ---- | M] (Intel Corporation) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) (GbpKm) Gbp KernelMode [Kernel | Boot | Stopped] -> C:\Windows\system32\drivers\gbpkm.sys -> [2011/04/18 15:14:16 | 000,046,664 | ---- | M] (GAS Tecnologia) ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) Power Control [2011/05/06 12:06:05] [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -> [2009/09/04 13:16:14 | 000,146,928 | ---- | M] (CyberLink Corp.) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page" -> about:blank -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page Redirect Cache" -> http://br.msn.com/?ocid=iehp -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> pt-br -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> E3 79 98 36 BF 01 CC 01 [binary data] -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: "ProxyServer" -> http=127.0.0.1:55111 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: Main\\"Start Page Redirect Cache" -> http://br.msn.com/?ocid=iehp -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> pt-br -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> E3 79 98 36 BF 01 CC 01 [binary data] -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla < FireFox Extensions [user Folders] > -> < HOSTS File > ([2011/03/21 20:24:06 | 000,001,598 | -HS- | M] - 50 lines) -> C:\Windows\SysWOW64\drivers\etc\hosts -> First 25 entries... Reset Hosts 127.0.0.1 localhost 213.203.216.114 marketsamurai.com 204.9.178.11 typepad.com 74.113.152.32 istockphoto.com 208.94.0.38 yfrog.com 123.125.50.22 126.com 24.29.138.10 telegraph.co.uk 174.36.28.11 SlideShare.com 213.238.60.190 xing.com 59.106.98.139 seesaa.net 184.72.253.170 hootsuite.com 211.151.146.16 soku.com 74.208.73.101 qvc.com 67.221.174.30 tagged.com 72.32.120.222 metacafe.com 204.11.109.133 tribalfusion.com 207.154.14.31 tripadvisor.com 216.52.240.133 ustream.tv 174.36.244.132 linkwithin.com 80.82.137.230 thefreedictionary.com 121.67.203.61 scan.novirusthanks.org 209.172.34.139 imagevenue.com 91.206.232.220 booking.com 118.69.251.6 vnexpress.net < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2010/09/21 14:54:04 | 000,529,280 | ---- | M] (Microsoft Corp.) {B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/02/28 02:23:42 | 000,688,528 | ---- | M] (Microsoft Corporation) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} [HKLM] -> C:\Program Files (x86)\Scpad\scpsssh2.dll [ssh2 Class] -> [2010/09/13 11:59:18 | 000,218,448 | ---- | M] (Scopus Tecnologia Ltda) {B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/02/28 02:20:14 | 000,561,552 | ---- | M] (Microsoft Corporation) {C41A1C0E-EA6C-11D4-B1B8-444553540003} [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [GbIehObj Class] -> [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2011/03/26 01:29:34 | 000,391,704 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2011/03/26 01:29:38 | 000,167,960 | ---- | M] (Intel Corporation) "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2011/03/26 01:29:36 | 000,418,840 | ---- | M] (Intel Corporation) "PSQLLauncher" -> C:\Program Files\Protector Suite\launcher.exe ["C:\Program Files\Protector Suite\launcher.exe" /startup] -> [2010/04/27 13:20:26 | 000,084,744 | ---- | M] (UPEK Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2011/01/30 12:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) "NUSB3MON" -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ["C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"] -> [2010/11/16 22:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "uTorrent" -> C:\Program Files (x86)\uTorrent\uTorrent.exe ["C:\Program Files (x86)\uTorrent\uTorrent.exe"] -> [2011/05/07 20:47:38 | 000,399,736 | ---- | M] (BitTorrent, Inc.) < Run [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> &Enviar para o OneNote -> [res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105] -> File not found E&xportar para o Microsoft Excel -> [res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000] -> File not found < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [button: Enviar para o OneNote] -> [2010/02/28 07:04:54 | 000,803,728 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2010/02/28 07:04:54 | 000,803,728 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [button: &Anotações Vinculadas do OneNote] -> [2010/02/28 07:04:52 | 000,594,832 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2010/02/28 07:04:52 | 000,594,832 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab [shockwave Flash Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\\DhcpNameServer -> 192.168.1.1 (Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\Windows\system32\nvinitx.dll -> C:\Windows\SysNative\nvinitx.dll -> [2011/04/08 02:14:00 | 000,234,088 | ---- | M] (NVIDIA Corporation) *MultiFile Done* -> -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\Windows\SysWOW64\nvinit.dll -> C:\Windows\SysWOW64\nvinit.dll -> [2011/04/08 02:14:00 | 000,197,736 | ---- | M] (NVIDIA Corporation) *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 03:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 22:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2011/03/26 00:38:50 | 000,385,024 | ---- | M] (Intel Corporation) psfus -> C:\Arquivos de Programas\Protector Suite\psqlpwd.dll -> [2010/04/27 15:21:46 | 000,135,944 | ---- | M] (UPEK Inc.) < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> GbPluginCef -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll -> [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{A3717295-941D-416F-9384-ED1736729F1C}" [HKLM] -> C:\Program Files (x86)\Scpad\scpLIB.dll [CompIBBrd] -> [2009/07/10 11:52:50 | 000,202,032 | ---- | M] (Scopus Tecnologia Ltda) "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{E37CB5F0-51F5-4395-A808-5FA49E399003}" [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [GbPlugin ShlObj] -> [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {1420C58B-3066-47C1-AD57-0E801ADA2C1C} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {1627BA0D-C1DC-49A8-A24B-F18C2ED50103} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {1FBE4CA6-87EE-4149-8FC9-199A2A543859} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {30D58C4B-327F-4774-A8EA-405BB46F3247} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {37B0A903-F7B4-4028-B8F9-91F910F2A85B} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {3DB26248-514B-48C7-B49C-01501DE97D75} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {4BEC9A13-4B01-4E47-A78D-C6A6376B1C42} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {4D25EA0A-4966-4FCE-82AF-51FDD18F247E} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {4F4DFA19-46AA-4FCB-842E-F10EE69C45F6} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {512E1455-7C7B-40BE-98FE-BC4735253E76} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {5341453E-7DB6-4762-9222-5B25CBBF48A5} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {5502B9A4-2A73-4233-8D24-9B3891D4B1B8} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {5AA42A1F-5E52-40B6-8252-405C910AABB6} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {5FFD9A80-96F9-4518-B831-9290469610BB} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {858F5383-E0C7-426C-8F5C-B4464F06FD4A} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {8AEB134C-BE75-4DD5-B987-EF03F1CC6EF7} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {8B35D205-8C8B-4C6E-87B6-2BD1F5684FDB} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {941627FC-FCD3-4160-B603-8B3E98A0C9F3} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {974345AF-CD8A-47B3-828C-E14F9A217BE2} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {9F601AAD-86D2-4852-862F-466209CEAE0E} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {A9E2F9FC-117E-473A-AC4D-EC22FE4DFF3B} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {B924A983-8057-4CB7-9133-386F9F9D6345} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {D0538025-B754-4104-9C1C-9F33BA6FA468} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {DE44CD3C-DFC3-4182-927A-A722A18CD92F} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {EDFD795C-294F-483D-859C-29A4F7D59B17} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {090F7031-32B4-4981-B17E-EF0530C6A978} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {0A898794-70E2-43A4-B2CB-CB959EBC9AC8} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {1AE8628E-3065-4FBD-B863-C7E0EDEDAD36} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {1B696F76-38FE-4D17-9256-7091D8848061} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {292E5763-88BD-4C31-BA85-D0273A1CE66C} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {2E472072-B95D-475B-8AD5-AD165DC7EBC7} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | {313B1210-0BE8-47C8-A6E5-DA99E9FCC542} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {3A0D1D59-22AD-40FE-BF3D-FF0FB2253EB5} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {3D11D872-E8A2-48F7-AB5B-75CC4DD1B4A3} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {44FC142D-1A05-4111-A61F-69C5B3F760E5} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {5011C264-3287-44C5-9987-CAD098455D2B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {57C7DDB2-F836-4065-94DE-CF3C0846C973} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {58AAC552-0C57-4A55-89DF-61EE75832535} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {59DA7154-7E9C-4032-96FC-C910AA24C4AC} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {6FB9EAE8-6373-4BC2-B498-38121B5CC755} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {78019827-E61D-44F6-87D1-1074192A370F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {79A807AC-33DB-495A-84AC-57AD9A9714F6} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {8BB49814-6307-4301-9DE9-0E53BEDB13C4} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {8CF676FE-89E0-4636-BC73-68FB8F47DAAF} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {A278C0E5-A991-4DB2-8D12-75561FB2A654} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {A281DF82-C8A6-42EC-955A-2C412382A1B7} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {B7FFE4A7-CE00-477A-8128-6E0E45BC2AF9} -> dir=in | action=allow | name=cyberlink powerdvd | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe | {BB3C17D4-8905-4089-ADC8-D55B2A56D56E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {C87A1894-F4B2-400E-8CDA-E420F0C8566A} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {D86AE893-5395-4760-9862-095069451655} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {DCD6F286-1E3C-43F8-BDD1-3CDE8AEE90E8} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | {FA66B5D4-5BA3-4F46-B38E-FED8904DF2AF} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | TCP Query User{64219C85-8E59-432B-80CF-84C52899ECB5}C:\program files (x86)\google\google earth\client\googleearth.exe -> profile=private | protocol=6 | dir=in | action=allow | name=google earth | app=c:\program files (x86)\google\google earth\client\googleearth.exe | TCP Query User{7CEFFB66-58CB-4C45-9CE0-8A7D2A3A5F55}C:\program files (x86)\google\google earth\plugin\geplugin.exe -> profile=private | protocol=6 | dir=in | action=block | name=google earth | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | UDP Query User{9265B78C-CB50-41F2-A592-DC8F91DA13FE}C:\program files (x86)\google\google earth\client\googleearth.exe -> profile=private | protocol=17 | dir=in | action=allow | name=google earth | app=c:\program files (x86)\google\google earth\client\googleearth.exe | UDP Query User{E9FDC741-B897-4138-8DEB-88F7C63AEDFC}C:\program files (x86)\google\google earth\plugin\geplugin.exe -> profile=private | protocol=17 | dir=in | action=block | name=google earth | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Driver de CD-ROM -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 06:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/19 22:54:12 | 000,645,632 | ---- | C] (OldTimer Tools) {0C08B2D0-28F7-4162-BC80-ECC0E4FBA4A2} -> C:\Users\Avell\AppData\Local\{0C08B2D0-28F7-4162-BC80-ECC0E4FBA4A2} -> [2011/05/19 22:24:08 | 000,000,000 | ---D | C] 32788R22FWJFW -> C:\32788R22FWJFW -> [2011/05/19 12:04:16 | 000,000,000 | R--D | C] {71428944-4CEB-49FD-BED3-125614E37B16} -> C:\Users\Avell\AppData\Local\{71428944-4CEB-49FD-BED3-125614E37B16} -> [2011/05/19 12:01:49 | 000,000,000 | ---D | C] HiJackThis.exe -> C:\Users\Avell\Desktop\HiJackThis.exe -> [2011/05/18 18:55:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) Malwarebytes -> C:\Users\Avell\AppData\Roaming\Malwarebytes -> [2011/05/18 17:48:08 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/05/18 17:45:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/18 17:45:31 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/18 17:45:30 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/05/18 17:45:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/05/18 17:45:06 | 000,000,000 | ---D | C] HostsXpert -> C:\Users\Avell\Desktop\HostsXpert -> [2011/05/18 17:40:40 | 000,000,000 | ---D | C] mbam-setup-1.50.1.1100.exe -> C:\Users\Avell\Desktop\mbam-setup-1.50.1.1100.exe -> [2011/05/18 17:38:12 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) Blocos de Anotações do OneNote -> C:\Users\Avell\Documents\Blocos de Anotações do OneNote -> [2011/05/18 11:37:41 | 000,000,000 | ---D | C] {8C7987EA-4622-460D-9B38-37B2C9EAB932} -> C:\Users\Avell\AppData\Local\{8C7987EA-4622-460D-9B38-37B2C9EAB932} -> [2011/05/18 11:31:57 | 000,000,000 | ---D | C] {9203980E-10FD-431E-8F10-F0A2ADBED942} -> C:\Users\Avell\AppData\Local\{9203980E-10FD-431E-8F10-F0A2ADBED942} -> [2011/05/18 00:00:46 | 000,000,000 | ---D | C] HiJackThis -> C:\HiJackThis -> [2011/05/17 22:21:06 | 000,000,000 | ---D | C] Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2011/05/17 21:38:20 | 000,069,376 | ---- | C] (Lavasoft AB) SBREDrv.sys -> C:\Windows\SysNative\drivers\SBREDrv.sys -> [2011/05/17 21:38:20 | 000,049,752 | ---- | C] (Sunbelt Software) Sunbelt Software -> C:\Users\Avell\AppData\Local\Sunbelt Software -> [2011/05/17 21:21:53 | 000,000,000 | ---D | C] {2162CCC0-3A5F-4887-B51F-CE5F195B3620} -> C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} -> [2011/05/17 21:21:30 | 000,000,000 | -H-D | C] Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/17 21:21:26 | 000,000,000 | ---D | C] Lavasoft -> C:\ProgramData\Lavasoft -> [2011/05/17 21:21:26 | 000,000,000 | ---D | C] Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2011/05/17 21:21:26 | 000,000,000 | ---D | C] Ad-Aware90Install.exe -> C:\Users\Avell\Desktop\Ad-Aware90Install.exe -> [2011/05/17 21:20:02 | 130,359,064 | ---- | C] (Lavasoft ) directx -> C:\Windows\SysWow64\directx -> [2011/05/17 18:00:25 | 000,000,000 | ---D | C] {B8678D8A-48B6-495B-AD37-E5D6FBB6232E} -> C:\Users\Avell\AppData\Local\{B8678D8A-48B6-495B-AD37-E5D6FBB6232E} -> [2011/05/17 12:00:16 | 000,000,000 | ---D | C] Team17 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17 -> [2011/05/16 19:26:08 | 000,000,000 | ---D | C] Team17 -> C:\Program Files (x86)\Team17 -> [2011/05/16 19:25:04 | 000,000,000 | ---D | C] Codemasters -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters -> [2011/05/16 19:07:36 | 000,000,000 | ---D | C] Games -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games -> [2011/05/16 19:05:06 | 000,000,000 | ---D | C] {47372552-F426-420F-A16D-D2F56C339C6B} -> C:\Users\Avell\AppData\Local\{47372552-F426-420F-A16D-D2F56C339C6B} -> [2011/05/16 11:42:33 | 000,000,000 | ---D | C] Worms -> C:\Users\Avell\Desktop\Worms -> [2011/05/15 22:09:23 | 000,000,000 | ---D | C] Worms.Reloaded-SKIDROW -> C:\Users\Avell\Desktop\Worms.Reloaded-SKIDROW -> [2011/05/15 22:09:06 | 000,000,000 | ---D | C] FastStone -> C:\Users\Avell\AppData\Roaming\FastStone -> [2011/05/15 20:04:16 | 000,000,000 | ---D | C] FastStone Capture -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture -> [2011/05/15 20:03:54 | 000,000,000 | ---D | C] FastStone Capture -> C:\Program Files (x86)\FastStone Capture -> [2011/05/15 20:03:52 | 000,000,000 | ---D | C] etc -> C:\Windows\SysWow64\drivers\etc -> [2011/05/15 20:03:50 | 000,000,000 | ---D | C] Scpad -> C:\Program Files (x86)\Scpad -> [2011/05/15 19:02:59 | 000,000,000 | ---D | C] Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2011/05/15 16:59:59 | 000,000,000 | ---D | C] Google -> C:\Program Files (x86)\Google -> [2011/05/15 16:59:17 | 000,000,000 | ---D | C] Cofre pessoal - Atalho -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cofre pessoal - Atalho -> [2011/05/15 14:23:39 | 000,000,000 | R--D | C] {D1010B9B-6EB2-4D27-965D-03C37F18C090} -> C:\Users\Avell\AppData\Local\{D1010B9B-6EB2-4D27-965D-03C37F18C090} -> [2011/05/15 12:21:24 | 000,000,000 | ---D | C] Samsung ESWIN -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung ESWIN -> [2011/05/14 12:17:02 | 000,000,000 | ---D | C] Samsung ESWin -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ESWin -> [2011/05/14 12:17:02 | 000,000,000 | ---D | C] Samsung -> C:\Program Files (x86)\Samsung -> [2011/05/14 12:17:02 | 000,000,000 | ---D | C] {CC8D5017-A609-4356-82FC-1FE902380606} -> C:\Users\Avell\AppData\Local\{CC8D5017-A609-4356-82FC-1FE902380606} -> [2011/05/14 09:28:52 | 000,000,000 | ---D | C] Arquivos de Programas RFB -> C:\Arquivos de Programas RFB -> [2011/05/14 00:26:39 | 000,000,000 | ---D | C] Winamp -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp -> [2011/05/13 23:02:39 | 000,000,000 | ---D | C] Winamp -> C:\Users\Avell\AppData\Roaming\Winamp -> [2011/05/13 23:02:36 | 000,000,000 | ---D | C] Winamp -> C:\Program Files (x86)\Winamp -> [2011/05/13 23:02:36 | 000,000,000 | ---D | C] Microsoft Office -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office -> [2011/05/13 22:32:50 | 000,000,000 | ---D | C] Microsoft Synchronization Services -> C:\Program Files (x86)\Microsoft Synchronization Services -> [2011/05/13 22:32:19 | 000,000,000 | ---D | C] DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2011/05/13 22:32:18 | 000,000,000 | ---D | C] PCHEALTH -> C:\Windows\PCHEALTH -> [2011/05/13 22:32:07 | 000,000,000 | ---D | C] Microsoft Office -> C:\Arquivos de Programas\Microsoft Office -> [2011/05/13 22:30:43 | 000,000,000 | ---D | C] Microsoft Analysis Services -> C:\Program Files (x86)\Microsoft Analysis Services -> [2011/05/13 22:30:13 | 000,000,000 | ---D | C] Microsoft Office -> C:\Program Files (x86)\Microsoft Office -> [2011/05/13 22:29:40 | 000,000,000 | ---D | C] MSOCache -> C:\MSOCache -> [2011/05/13 22:29:25 | 000,000,000 | RH-D | C] CCleaner -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner -> [2011/05/13 21:47:42 | 000,000,000 | ---D | C] CCleaner -> C:\Arquivos de Programas\CCleaner -> [2011/05/13 21:47:42 | 000,000,000 | ---D | C] CyberLink PowerDVD -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD -> [2011/05/13 21:36:56 | 000,000,000 | ---D | C] {5731DA60-7FD0-44E5-A4C7-A6DC255E85E4} -> C:\Users\Avell\AppData\Local\{5731DA60-7FD0-44E5-A4C7-A6DC255E85E4} -> [2011/05/13 21:28:28 | 000,000,000 | ---D | C] Microsoft Help -> C:\Users\Avell\AppData\Local\Microsoft Help -> [2011/05/13 21:12:01 | 000,000,000 | ---D | C] Microsoft Help -> C:\ProgramData\Microsoft Help -> [2011/05/13 21:11:48 | 000,000,000 | ---D | C] {1A58807F-D012-439C-8F32-071F0F3E6C98} -> C:\Users\Avell\AppData\Local\{1A58807F-D012-439C-8F32-071F0F3E6C98} -> [2011/05/13 12:01:57 | 000,000,000 | ---D | C] {A6A0A939-8650-445B-97AF-A1B182E752CC} -> C:\Users\Avell\AppData\Local\{A6A0A939-8650-445B-97AF-A1B182E752CC} -> [2011/05/12 22:09:15 | 000,000,000 | ---D | C] Media Player Classic -> C:\Users\Avell\AppData\Roaming\Media Player Classic -> [2011/05/12 18:27:27 | 000,000,000 | ---D | C] BrOffice.org -> C:\Users\Avell\AppData\Roaming\BrOffice.org -> [2011/05/12 13:12:41 | 000,000,000 | ---D | C] gbpkm.sys -> C:\Windows\SysWow64\drivers\gbpkm.sys -> [2011/05/12 12:02:56 | 000,046,664 | ---- | C] (GAS Tecnologia) GbPlugin -> C:\ProgramData\GbPlugin -> [2011/05/12 12:02:35 | 000,000,000 | ---D | C] GbPlugin -> C:\Program Files (x86)\GbPlugin -> [2011/05/12 12:02:35 | 000,000,000 | ---D | C] {CA16810B-1D06-46C9-9FBF-CAA265F74B76} -> C:\Users\Avell\AppData\Local\{CA16810B-1D06-46C9-9FBF-CAA265F74B76} -> [2011/05/12 10:08:46 | 000,000,000 | ---D | C] {574E447A-C016-4F70-9A31-9C58D01F6BF4} -> C:\Users\Avell\AppData\Local\{574E447A-C016-4F70-9A31-9C58D01F6BF4} -> [2011/05/11 11:31:30 | 000,000,000 | ---D | C] Windows Live Writer -> C:\Users\Avell\AppData\Roaming\Windows Live Writer -> [2011/05/10 20:22:24 | 000,000,000 | ---D | C] Windows Live Writer -> C:\Users\Avell\AppData\Local\Windows Live Writer -> [2011/05/10 20:22:24 | 000,000,000 | ---D | C] {BE94C280-AA25-4DE2-BE95-B8CC787B330E} -> C:\Users\Avell\AppData\Local\{BE94C280-AA25-4DE2-BE95-B8CC787B330E} -> [2011/05/10 11:30:47 | 000,000,000 | ---D | C] {4AE8CDE8-D168-4D7B-9D3C-BEAAB9EE8ADF} -> C:\Users\Avell\AppData\Local\{4AE8CDE8-D168-4D7B-9D3C-BEAAB9EE8ADF} -> [2011/05/09 09:12:36 | 000,000,000 | ---D | C] BrowserPlus -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus -> [2011/05/08 16:07:23 | 000,000,000 | ---D | C] Yahoo! -> C:\Users\Avell\AppData\Local\Yahoo! -> [2011/05/08 16:07:22 | 000,000,000 | ---D | C] Electronic Arts -> C:\Users\Avell\Documents\Electronic Arts -> [2011/05/08 15:48:11 | 000,000,000 | ---D | C] WinRAR -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2011/05/08 15:36:51 | 000,000,000 | ---D | C] WinRAR -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2011/05/08 15:36:51 | 000,000,000 | ---D | C] WinRAR -> C:\Arquivos de Programas\WinRAR -> [2011/05/08 15:36:35 | 000,000,000 | ---D | C] WinRAR -> C:\Users\Avell\AppData\Roaming\WinRAR -> [2011/05/08 15:34:39 | 000,000,000 | ---D | C] Microsoft WSE -> C:\Program Files (x86)\Microsoft WSE -> [2011/05/08 15:26:08 | 000,000,000 | ---D | C] Electronic Arts -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts -> [2011/05/08 15:25:45 | 000,000,000 | ---D | C] Electronic Arts -> C:\Program Files (x86)\Electronic Arts -> [2011/05/08 15:20:25 | 000,000,000 | ---D | C] {BFEFB7D9-691F-4CCD-8EBA-59FA28BD4E26} -> C:\Users\Avell\AppData\Local\{BFEFB7D9-691F-4CCD-8EBA-59FA28BD4E26} -> [2011/05/08 15:12:15 | 000,000,000 | ---D | C] Alcohol 120% -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alcohol 120% -> [2011/05/07 21:00:23 | 000,000,000 | ---D | C] Alcohol 120% -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% -> [2011/05/07 20:59:17 | 000,000,000 | ---D | C] Alcohol Soft -> C:\Program Files (x86)\Alcohol Soft -> [2011/05/07 20:53:20 | 000,000,000 | ---D | C] uTorrent -> C:\Program Files (x86)\uTorrent -> [2011/05/07 20:47:37 | 000,000,000 | ---D | C] uTorrent -> C:\Users\Avell\AppData\Roaming\uTorrent -> [2011/05/07 20:45:44 | 000,000,000 | ---D | C] IObit -> C:\Users\Avell\AppData\Roaming\IObit -> [2011/05/07 20:40:50 | 000,000,000 | ---D | C] Smart Defrag 2 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 -> [2011/05/07 20:40:49 | 000,000,000 | ---D | C] IObit -> C:\Program Files (x86)\IObit -> [2011/05/07 20:40:47 | 000,000,000 | ---D | C] Igor -> C:\Igor -> [2011/05/07 17:04:12 | 000,000,000 | ---D | C] Core Temp -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp -> [2011/05/07 16:45:41 | 000,000,000 | ---D | C] Core Temp -> C:\Arquivos de Programas\Core Temp -> [2011/05/07 16:45:40 | 000,000,000 | ---D | C] Lavalys -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys -> [2011/05/07 16:34:54 | 000,000,000 | ---D | C] Lavalys -> C:\Program Files (x86)\Lavalys -> [2011/05/07 16:34:50 | 000,000,000 | ---D | C] ACD Systems -> C:\Users\Avell\AppData\Roaming\ACD Systems -> [2011/05/07 16:30:38 | 000,000,000 | ---D | C] ACD Systems -> C:\Users\Avell\AppData\Local\ACD Systems -> [2011/05/07 16:30:38 | 000,000,000 | ---D | C] ACD Systems -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems -> [2011/05/07 16:29:29 | 000,000,000 | ---D | C] ACD Systems -> C:\ProgramData\ACD Systems -> [2011/05/07 16:29:24 | 000,000,000 | ---D | C] ACD Systems -> C:\Program Files (x86)\Common Files\ACD Systems -> [2011/05/07 16:29:18 | 000,000,000 | ---D | C] ACD Systems -> C:\Program Files (x86)\ACD Systems -> [2011/05/07 16:29:18 | 000,000,000 | ---D | C] Downloaded Installations -> C:\Users\Avell\AppData\Local\Downloaded Installations -> [2011/05/07 16:28:18 | 000,000,000 | ---D | C] Adobe -> C:\Program Files (x86)\Common Files\Adobe -> [2011/05/07 16:03:53 | 000,000,000 | ---D | C] Meus arquivos recebidos -> C:\Users\Avell\Documents\Meus arquivos recebidos -> [2011/05/07 15:59:41 | 000,000,000 | ---D | C] {EA6C6455-1A3E-4432-85F2-A6CDBC52D081} -> C:\Users\Avell\AppData\Local\{EA6C6455-1A3E-4432-85F2-A6CDBC52D081} -> [2011/05/07 15:59:07 | 000,000,000 | ---D | C] {55B0B980-EBEC-4E4E-91FA-45D9814A72B7} -> C:\Users\Avell\AppData\Local\{55B0B980-EBEC-4E4E-91FA-45D9814A72B7} -> [2011/05/07 15:59:07 | 000,000,000 | ---D | C] Adobe -> C:\Windows\SysWow64\Adobe -> [2011/05/07 15:43:17 | 000,000,000 | ---D | C] Adobe AIR -> C:\Program Files (x86)\Common Files\Adobe AIR -> [2011/05/07 15:40:48 | 000,000,000 | ---D | C] Adobe -> C:\Users\Avell\AppData\Local\Adobe -> [2011/05/07 15:40:40 | 000,000,000 | ---D | C] K-Lite Codec Pack -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack -> [2011/05/07 15:35:36 | 000,000,000 | ---D | C] yv12vfw.dll -> C:\Windows\SysWow64\yv12vfw.dll -> [2011/05/07 15:35:32 | 000,237,568 | ---- | C] (www.helixcommunity.org) ac3acm.acm -> C:\Windows\SysWow64\ac3acm.acm -> [2011/05/07 15:35:32 | 000,151,552 | ---- | C] (fccHandler) K-Lite Codec Pack -> C:\Program Files (x86)\K-Lite Codec Pack -> [2011/05/07 15:35:28 | 000,000,000 | ---D | C] Java -> C:\Program Files (x86)\Common Files\Java -> [2011/05/07 15:11:58 | 000,000,000 | ---D | C] Google Chrome -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome -> [2011/05/07 15:00:02 | 000,000,000 | ---D | C] Google -> C:\Users\Avell\AppData\Local\Google -> [2011/05/07 14:59:29 | 000,000,000 | ---D | C] Deployment -> C:\Users\Avell\AppData\Local\Deployment -> [2011/05/07 14:59:01 | 000,000,000 | ---D | C] Apps -> C:\Users\Avell\AppData\Local\Apps -> [2011/05/07 14:59:01 | 000,000,000 | ---D | C] Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2011/05/07 14:10:43 | 000,000,000 | ---D | C] VirtualizedApplications -> C:\ProgramData\VirtualizedApplications -> [2011/05/07 13:46:43 | 000,000,000 | ---D | C] SPReview -> C:\Windows\SysNative\SPReview -> [2011/05/07 11:08:00 | 000,000,000 | ---D | C] EventProviders -> C:\Windows\SysNative\EventProviders -> [2011/05/07 11:07:04 | 000,000,000 | ---D | C] fms.dll -> C:\Windows\SysNative\fms.dll -> [2011/05/07 11:00:39 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) fms.dll -> C:\Windows\SysWow64\fms.dll -> [2011/05/07 10:59:58 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) CyberLink -> C:\Users\Avell\Documents\CyberLink -> [2011/05/06 12:03:57 | 000,000,000 | ---D | C] CyberLink -> C:\Users\Avell\AppData\Roaming\CyberLink -> [2011/05/06 12:03:56 | 000,000,000 | ---D | C] Power2Go -> C:\Users\Avell\AppData\Local\Power2Go -> [2011/05/06 12:02:19 | 000,000,000 | ---D | C] CyberLink DVD Suite -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite -> [2011/05/06 11:59:08 | 000,000,000 | ---D | C] Wat -> C:\Windows\SysWow64\Wat -> [2011/04/23 11:17:06 | 000,000,000 | ---D | C] Wat -> C:\Windows\SysNative\Wat -> [2011/04/23 11:17:06 | 000,000,000 | ---D | C] OpenCL.dll -> C:\Windows\SysNative\OpenCL.dll -> [2011/04/23 11:02:54 | 000,067,176 | ---- | C] (Khronos Group) OpenCL.dll -> C:\Windows\SysWow64\OpenCL.dll -> [2011/04/23 11:02:54 | 000,057,960 | ---- | C] (Khronos Group) NVIDIA -> C:\NVIDIA -> [2011/04/22 17:01:48 | 000,000,000 | ---D | C] SoftGrid Client -> C:\Users\Avell\AppData\Local\SoftGrid Client -> [2011/04/22 17:00:13 | 000,000,000 | ---D | C] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 1 C:\*.tmp files -> C:\*.tmp -> [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/19 22:54:13 | 000,645,632 | ---- | M] (OldTimer Tools) 5nsk0uer.exe -> C:\Users\Avell\Desktop\5nsk0uer.exe -> [2011/05/19 22:26:17 | 000,302,080 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/05/19 22:23:44 | 000,001,062 | ---- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/05/19 22:04:36 | 000,001,066 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> [2011/05/19 22:04:00 | 000,001,078 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/19 19:44:08 | 000,015,008 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/19 19:44:08 | 000,015,008 | -H-- | M] () obhm.job -> C:\Windows\tasks\obhm.job -> [2011/05/19 19:35:24 | 000,000,298 | -HS- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/05/19 19:35:18 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/05/19 19:35:11 | 3149,008,896 | -HS- | M] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> [2011/05/19 15:10:11 | 000,001,026 | ---- | M] () dds.scr -> C:\Users\Avell\Desktop\dds.scr -> [2011/05/19 12:05:44 | 000,625,664 | ---- | M] () Uninstall.exe -> C:\Users\Avell\Desktop\Uninstall.exe -> [2011/05/18 21:39:58 | 004,351,251 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/05/18 19:51:41 | 001,523,558 | ---- | M] () prfh0416.dat -> C:\Windows\SysNative\prfh0416.dat -> [2011/05/18 19:51:41 | 000,665,904 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/05/18 19:51:41 | 000,618,108 | ---- | M] () prfc0416.dat -> C:\Windows\SysNative\prfc0416.dat -> [2011/05/18 19:51:41 | 000,129,094 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/05/18 19:51:41 | 000,107,388 | ---- | M] () HiJackThis.exe -> C:\Users\Avell\Desktop\HiJackThis.exe -> [2011/05/18 18:55:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2011/05/18 17:42:18 | 000,000,698 | ---- | M] () OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/05/18 11:48:05 | 000,001,293 | ---- | M] () mbam-setup-1.50.1.1100.exe -> C:\Users\Avell\Desktop\mbam-setup-1.50.1.1100.exe -> [2011/05/18 11:38:36 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) mbam-setup.exe -> C:\Users\Avell\Desktop\mbam-setup.exe -> [2011/05/18 11:36:06 | 000,001,106 | ---- | M] () HostsXpert.zip -> C:\Users\Avell\Desktop\HostsXpert.zip -> [2011/05/18 10:39:34 | 000,357,766 | ---- | M] () DC2E.8D3 -> C:\Users\Avell\AppData\Roaming\DC2E.8D3 -> [2011/05/17 22:51:56 | 000,013,322 | ---- | M] () rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2011/05/17 21:41:07 | 000,000,064 | ---- | M] () rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2011/05/17 21:41:07 | 000,000,044 | ---- | M] () SBREDrv.sys -> C:\Windows\SysNative\drivers\SBREDrv.sys -> [2011/05/17 21:38:19 | 000,049,752 | ---- | M] (Sunbelt Software) Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2011/05/17 21:37:44 | 000,069,376 | ---- | M] (Lavasoft AB) Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/17 21:21:30 | 000,001,145 | ---- | M] () Ad-Aware90Install.exe -> C:\Users\Avell\Desktop\Ad-Aware90Install.exe -> [2011/05/17 21:16:54 | 130,359,064 | ---- | M] (Lavasoft ) msrdcx.dll -> C:\Windows\SysWow64\msrdcx.dll -> [2011/05/17 19:00:36 | 000,094,208 | RHS- | M] () Worms.exe - Atalho.lnk -> C:\Users\Avell\Desktop\Worms.exe - Atalho.lnk -> [2011/05/17 17:50:50 | 000,000,999 | ---- | M] () ax_files.xml -> C:\Users\Avell\Documents\ax_files.xml -> [2011/05/17 00:32:25 | 000,000,708 | ---- | M] () Worms Reloaded.lnk -> C:\Users\Public\Desktop\Worms Reloaded.lnk -> [2011/05/16 19:26:09 | 000,002,102 | ---- | M] () FastStone Capture.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk -> [2011/05/15 20:05:56 | 000,001,164 | ---- | M] () Igor.lnk -> C:\Users\Avell\Desktop\Igor.lnk -> [2011/05/14 00:21:41 | 000,000,772 | ---- | M] () Msft_Kernel_NuidFltr_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf -> [2011/05/13 22:44:51 | 000,000,000 | -H-- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/05/13 22:39:00 | 000,430,256 | ---- | M] () Msft_Kernel_dc3d_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf -> [2011/05/10 11:49:37 | 000,000,000 | -H-- | M] () The Sims™ 3.lnk -> C:\Users\Public\Desktop\The Sims™ 3.lnk -> [2011/05/08 15:25:45 | 000,002,082 | ---- | M] () SmartDefrag.job -> C:\Windows\tasks\SmartDefrag.job -> [2011/05/07 20:51:09 | 000,000,408 | ---- | M] () sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2011/05/07 20:49:48 | 000,834,544 | ---- | M] () ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2011/05/07 11:13:48 | 000,072,822 | ---- | M] () ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2011/05/07 11:13:46 | 000,072,822 | ---- | M] () 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 1 C:\*.tmp files -> C:\*.tmp -> [Files - No Company Name] 5nsk0uer.exe -> C:\Users\Avell\Desktop\5nsk0uer.exe -> [2011/05/19 22:26:17 | 000,302,080 | ---- | C] () dds.scr -> C:\Users\Avell\Desktop\dds.scr -> [2011/05/19 12:06:00 | 000,625,664 | ---- | C] () Uninstall.exe -> C:\Users\Avell\Desktop\Uninstall.exe -> [2011/05/18 21:39:57 | 004,351,251 | ---- | C] () HostsXpert.zip -> C:\Users\Avell\Desktop\HostsXpert.zip -> [2011/05/18 17:38:13 | 000,357,766 | ---- | C] () mbam-setup.exe -> C:\Users\Avell\Desktop\mbam-setup.exe -> [2011/05/18 17:38:12 | 000,001,106 | ---- | C] () OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/05/18 11:37:55 | 000,001,293 | ---- | C] () rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2011/05/17 21:41:07 | 000,000,064 | ---- | C] () rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2011/05/17 21:41:07 | 000,000,044 | ---- | C] () Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/17 21:21:30 | 000,001,145 | ---- | C] () obhm.job -> C:\Windows\tasks\obhm.job -> [2011/05/17 19:00:37 | 000,000,298 | -HS- | C] () msrdcx.dll -> C:\Windows\SysWow64\msrdcx.dll -> [2011/05/17 19:00:36 | 000,094,208 | RHS- | C] () DC2E.8D3 -> C:\Users\Avell\AppData\Roaming\DC2E.8D3 -> [2011/05/17 19:00:32 | 000,013,322 | ---- | C] () Worms.exe - Atalho.lnk -> C:\Users\Avell\Desktop\Worms.exe - Atalho.lnk -> [2011/05/17 17:50:50 | 000,000,999 | ---- | C] () Worms Reloaded.lnk -> C:\Users\Public\Desktop\Worms Reloaded.lnk -> [2011/05/16 19:26:09 | 000,002,102 | ---- | C] () FastStone Capture.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk -> [2011/05/15 20:05:56 | 000,001,164 | ---- | C] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/05/15 16:59:20 | 000,001,066 | ---- | C] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/05/15 16:59:20 | 000,001,062 | ---- | C] () Igor.lnk -> C:\Users\Avell\Desktop\Igor.lnk -> [2011/05/14 00:21:41 | 000,000,772 | ---- | C] () Msft_Kernel_NuidFltr_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf -> [2011/05/13 22:44:51 | 000,000,000 | -H-- | C] () Msft_Kernel_dc3d_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf -> [2011/05/10 11:49:37 | 000,000,000 | -H-- | C] () The Sims™ 3.lnk -> C:\Users\Public\Desktop\The Sims™ 3.lnk -> [2011/05/08 15:25:45 | 000,002,082 | ---- | C] () ax_files.xml -> C:\Users\Avell\Documents\ax_files.xml -> [2011/05/07 21:00:32 | 000,000,708 | ---- | C] () sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2011/05/07 20:49:48 | 000,834,544 | ---- | C] () SmartDefragBootTime.exe -> C:\Windows\SysNative\SmartDefragBootTime.exe -> [2011/05/07 20:40:50 | 000,032,136 | ---- | C] () SmartDefragDriver.sys -> C:\Windows\SysNative\drivers\SmartDefragDriver.sys -> [2011/05/07 20:40:50 | 000,018,232 | ---- | C] () SmartDefrag.job -> C:\Windows\tasks\SmartDefrag.job -> [2011/05/07 20:39:46 | 000,000,408 | ---- | C] () Adobe Reader X.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> [2011/05/07 16:03:57 | 000,002,441 | ---- | C] () unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2011/05/07 15:35:34 | 000,175,616 | ---- | C] () avisplitter.ini -> C:\Windows\avisplitter.ini -> [2011/05/07 15:35:34 | 000,000,038 | ---- | C] () xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2011/05/07 15:35:32 | 000,631,808 | ---- | C] () xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2011/05/07 15:35:32 | 000,243,200 | ---- | C] () ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2011/05/07 15:35:31 | 000,080,896 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> [2011/05/07 14:59:31 | 000,001,078 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> [2011/05/07 14:59:31 | 000,001,026 | ---- | C] () ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2011/05/07 11:13:48 | 000,072,822 | ---- | C] () ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2011/05/07 11:13:46 | 000,072,822 | ---- | C] () systemsf.ebd -> C:\Windows\SysNative\systemsf.ebd -> [2011/05/07 11:02:06 | 000,347,904 | ---- | C] () ScavengeSpace.xml -> C:\Windows\SysNative\ScavengeSpace.xml -> [2011/05/07 10:59:16 | 000,010,429 | ---- | C] () RacRules.xml -> C:\Windows\SysWow64\RacRules.xml -> [2011/05/07 10:58:51 | 000,105,559 | ---- | C] () RacRules.xml -> C:\Windows\SysNative\RacRules.xml -> [2011/05/07 10:58:51 | 000,105,559 | ---- | C] () tcpbidi.xml -> C:\Windows\SysWow64\tcpbidi.xml -> [2011/05/07 10:58:23 | 000,001,041 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/03/31 01:49:18 | 001,516,106 | ---- | C] () THXCfg_SP_APOIM.ini -> C:\Windows\THXCfg_SP_APOIM.ini -> [2011/03/30 23:52:46 | 000,001,313 | ---- | C] () THXCfg_HP_APOIM.ini -> C:\Windows\THXCfg_HP_APOIM.ini -> [2011/03/30 23:52:46 | 000,001,212 | ---- | C] () THXCfg_APOIM.ini -> C:\Windows\THXCfg_APOIM.ini -> [2011/03/30 23:52:46 | 000,001,212 | ---- | C] () APOMngr.DLL -> C:\Windows\SysWow64\APOMngr.DLL -> [2011/03/30 23:52:44 | 000,185,856 | ---- | C] () CmdRtr.DLL -> C:\Windows\SysWow64\CmdRtr.DLL -> [2011/03/30 23:52:44 | 000,073,728 | ---- | C] () ISSRemoveSP.exe -> C:\Windows\SysWow64\ISSRemoveSP.exe -> [2011/03/30 23:40:58 | 000,451,072 | ---- | C] () OEM.ini -> C:\Windows\OEM.ini -> [2011/03/30 23:34:58 | 000,000,101 | R--- | C] () Bison.ini -> C:\Windows\Bison.ini -> [2011/03/30 23:34:58 | 000,000,020 | R--- | C] () IntelMEFWVer.dll -> C:\Windows\SysWow64\drivers\IntelMEFWVer.dll -> [2011/03/30 23:25:25 | 000,008,192 | R--- | C] () igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2011/03/30 22:29:56 | 000,145,804 | ---- | C] () igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2011/03/26 01:16:10 | 000,963,116 | ---- | C] () igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2011/03/26 01:16:10 | 000,216,876 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 02:38:36 | 000,067,584 | --S- | C] () NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 23:35:51 | 000,000,741 | ---- | C] () dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 23:34:42 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2009/07/13 21:10:29 | 000,043,131 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 18:03:59 | 000,364,544 | ---- | C] () mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 18:26:10 | 000,673,088 | ---- | C] () [File - Lop Check] ACD Systems -> C:\Users\Avell\AppData\Roaming\ACD Systems -> [2011/05/07 16:30:38 | 000,000,000 | ---D | M] BrOffice.org -> C:\Users\Avell\AppData\Roaming\BrOffice.org -> [2011/05/12 13:12:41 | 000,000,000 | ---D | M] IObit -> C:\Users\Avell\AppData\Roaming\IObit -> [2011/05/07 20:40:50 | 000,000,000 | ---D | M] Protector Suite -> C:\Users\Avell\AppData\Roaming\Protector Suite -> [2011/03/30 23:50:34 | 000,000,000 | ---D | M] SoftGrid Client -> C:\Users\Avell\AppData\Roaming\SoftGrid Client -> [2011/05/13 21:34:40 | 000,000,000 | ---D | M] TP -> C:\Users\Avell\AppData\Roaming\TP -> [2011/03/30 15:34:31 | 000,000,000 | ---D | M] uTorrent -> C:\Users\Avell\AppData\Roaming\uTorrent -> [2011/05/19 22:29:45 | 000,000,000 | ---D | M] Windows Live Writer -> C:\Users\Avell\AppData\Roaming\Windows Live Writer -> [2011/05/10 20:22:24 | 000,000,000 | ---D | M] obhm.job -> C:\Windows\Tasks\obhm.job -> [2011/05/19 19:35:24 | 000,000,298 | -HS- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 02:08:49 | 000,023,672 | ---- | M] () SmartDefrag.job -> C:\Windows\Tasks\SmartDefrag.job -> [2011/05/07 20:51:09 | 000,000,408 | ---- | M] () [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 20, 2011 *Selecione e copie o código abaixo: [unregister Dlls] [Processes - Safe List] YY -> 5nsk0uer.exe -> C:\Users\Avell\Desktop\5nsk0uer.exe [Registry - Safe List] < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> YN -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: "ProxyServer" -> http=127.0.0.1:55111 < HOSTS File > ([2011/03/21 20:24:06 | 000,001,598 | -HS- | M] - 50 lines) -> C:\Windows\SysWOW64\drivers\etc\hosts YN -> Reset Hosts -> [Files/Folders - Created Within 30 Days] NY -> HostsXpert -> C:\Users\Avell\Desktop\HostsXpert [Files/Folders - Modified Within 30 Days] NY -> HostsXpert.zip -> C:\Users\Avell\Desktop\HostsXpert.zip [Empty Temp Folders] [Reboot] *Execute o OTS *Clique no espaço abaixo de "Paste Fix Here", e cole o código *Clique [Run Fix] *O PC será reiniciado *Cole o relatório apresentado Informe se resolveu. Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 20, 2011 A Central de Ações continua informando que o "Serviço Central de Segurança está desativado" e eu continuo sem conseguir abrir o meu anti-virus Microsoft Security Essentials. Será que ele está apenas corrompido, ou estou infectado ainda? Abaixo o log do OTS All Processes Killed [Processes - Safe List] No active process named 5nsk0uer.exe was found! C:\Users\Avell\Desktop\5nsk0uer.exe moved successfully. [Registry - Safe List] Registry value HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully. HOSTS file reset successfully! [Files/Folders - Created Within 30 Days] C:\Users\Avell\Desktop\HostsXpert folder moved successfully. [Files/Folders - Modified Within 30 Days] C:\Users\Avell\Desktop\HostsXpert.zip moved successfully. [Empty Temp Folders] User: All Users User: Avell ->Temp folder emptied: 23761445 bytes ->Temporary Internet Files folder emptied: 8855013 bytes ->Java cache emptied: 22751 bytes ->Google Chrome cache emptied: 40889582 bytes ->Flash cache emptied: 57444 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Todos os Usuários User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Usuário Padrão ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 6331877 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67939 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 76,00 mb < End of fix log > OTS by OldTimer - Version 3.1.42.0 fix logfile created on 05202011_122000 Files\Folders moved on Reboot... C:\Users\Avell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 20, 2011 1. *Execute o OTS *Clique [CleanUp] > [Yes] *O PC será reiniciado 2. *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 20, 2011 O NOD32 localizou dois problemas com dois arquivos bastante antigos que estão comigo desde meus computador anterior (este com virus é bem novo). Não acredito que seja esse o problema. O log está vazio... contém apenas isto: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK A central continua desativada e o anti virus não abre. Será que é melhor apelar e formatar? Obrigado pela ajuda. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 20, 2011 Desinstale o antivírus. Baixe e instale-o novamente. Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 20, 2011 Já havia tentado e acabei de fazer de novo. Download direto do site da microsoft. Nao abre, e a central nao ativa. Este site abaixo acaba de abrir sozinho... http://toques.blinkogold.com.br/premios2/?77tadunit=ea82a05c&77tentry=bacpre2&bac=1&zz=011&capid=331&program=6878&banner=143660&affiliate=CD694 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 20, 2011 1. *Clique [iniciar] > [Executar] > digite: services.msc *Clique [OK] *Na coluna a esquerda, lá embaixo Clique [Padrão] *Localize o serviço "Central de Segurança" *Altere o Tipo de Inicialização para "Automático" *Clique [iniciar] > [Aplicar] > [OK] 2. *Baixe novamente o OTS e salve-o no desktop *Execute-o e selecione a opção: [x] Scan All Users *Clique [Quick Scan] e cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 20, 2011 1) Fiz duas vezes, reiniciando... continua igual 2) OTS logfile created on: 20/05/2011 20:17:35 - Run 1 OTS by OldTimer - Version 3.1.42.0 Folder = C:\Users\Avell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,48 Gb Total Space | 196,52 Gb Free Space | 42,22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ITD Current User Name: Avell Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/20 20:17:19 | 000,645,632 | ---- | M] (OldTimer Tools) utorrent.exe -> C:\Program Files (x86)\uTorrent\uTorrent.exe -> [2011/05/07 20:47:38 | 000,399,736 | ---- | M] (BitTorrent, Inc.) gbpsv.exe -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/04/18 15:13:40 | 000,056,776 | ---- | M] ( ) daemonu.exe -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -> [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) hotkey.exe -> C:\Program Files (x86)\Hotkey\Hotkey.exe -> [2010/11/29 13:57:26 | 002,766,336 | ---- | M] () powerbiosserver.exe -> C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -> [2010/11/18 19:59:16 | 000,032,768 | ---- | M] () nusb3mon.exe -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe -> [2010/11/16 22:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/10/05 10:08:46 | 002,655,768 | R--- | M] (Intel Corporation) lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/10/05 10:08:42 | 000,325,656 | R--- | M] (Intel Corporation) fscapture.exe -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe -> [2010/09/06 14:08:26 | 001,062,400 | ---- | M] (FastStone Soft) scpvista.exe -> C:\Program Files (x86)\Scpad\scpVista.exe -> [2009/07/10 11:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) [Modules - Safe List] ots.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/20 20:17:19 | 000,645,632 | ---- | M] (OldTimer Tools) nvinit.dll -> C:\Windows\SysWOW64\nvinit.dll -> [2011/04/08 02:14:00 | 000,197,736 | ---- | M] (NVIDIA Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 08:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/13 22:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(NisSrv) [On_Demand | Stopped] -> c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) 64bit-(MsMpSvc) [Disabled | Stopped] -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) 64bit-(wlcrasvc) [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) (GbpSv) Gbp Service [unknown | Running] -> C:\PROGRA~2\GbPlugin\GbpSv.exe -> [2011/04/18 15:13:40 | 000,056,776 | ---- | M] ( ) (nvUpdatusService) NVIDIA Update Service Daemon [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -> [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2011/03/30 23:52:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) (PowerBiosServer) PowerBiosServer [Auto | Running] -> C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -> [2010/11/18 19:59:16 | 000,032,768 | ---- | M] () (IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) (UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/10/05 10:08:46 | 002,655,768 | R--- | M] (Intel Corporation) (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/10/05 10:08:42 | 000,325,656 | R--- | M] (Intel Corporation) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (StarWindServiceAE) StarWind AE Service [Auto | Stopped] -> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) (scpVista) scpVista [Auto | Running] -> C:\Program Files (x86)\Scpad\scpVista.exe -> [2009/07/10 11:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] 64bit-(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\Lbd.sys -> [2011/05/17 21:37:44 | 000,069,376 | ---- | M] (Lavasoft AB) 64bit-(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\sptd.sys -> [2011/05/07 20:49:48 | 000,834,544 | ---- | M] () 64bit-(dc3d) Driver de detecção de dispositivos Microsoft Hardware [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) 64bit-(NuidFltr) NUID filter driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nuidfltr.sys -> [2011/04/08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) 64bit-(nvpciflt) nvpciflt [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\nvpciflt.sys -> [2011/04/08 02:14:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) 64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) 64bit-(SmartDefragDriver) SmartDefragDriver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SmartDefragDriver.sys -> [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () 64bit-(JMCR) JMCR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\jmcr.sys -> [2010/12/06 04:56:26 | 000,174,168 | ---- | M] (JMicron Technology Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 06:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) 64bit-(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3xhc.sys -> [2010/11/18 23:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) 64bit-(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3hub.sys -> [2010/11/18 23:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) 64bit-(JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\JME.sys -> [2010/11/10 07:07:20 | 000,131,600 | ---- | M] (JMicron Technology Corp.) 64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) 64bit-(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NisDrvWFP.sys -> [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) 64bit-(IntcDAud) Áudio do vídeo Intel(R) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) 64bit-(RTL8192Ce) Realtek Wireless LAN 802.11n PCI-E NIC Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\rtl8192ce.sys -> [2010/10/04 05:47:04 | 001,102,952 | R--- | M] (Realtek Semiconductor Corporation ) 64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) 64bit-(MEIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2010/09/20 22:59:38 | 000,056,344 | ---- | M] (Intel Corporation) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) (GbpKm) Gbp KernelMode [Kernel | Boot | Stopped] -> C:\Windows\system32\drivers\gbpkm.sys -> [2011/04/18 15:14:16 | 000,046,664 | ---- | M] (GAS Tecnologia) ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) Power Control [2011/05/06 12:06:05] [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -> [2009/09/04 13:16:14 | 000,146,928 | ---- | M] (CyberLink Corp.) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page" -> about:blank -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page Redirect Cache" -> http://br.msn.com/?ocid=iehp -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> pt-br -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> E3 79 98 36 BF 01 CC 01 [binary data] -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: Main\\"Start Page Redirect Cache" -> http://br.msn.com/?ocid=iehp -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> pt-br -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> E3 79 98 36 BF 01 CC 01 [binary data] -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla < FireFox Extensions [user Folders] > -> < HOSTS File > ([2011/05/20 12:20:00 | 000,000,050 | RH-- | M] - 1 lines) -> C:\Windows\SysWOW64\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2010/09/21 14:54:04 | 000,529,280 | ---- | M] (Microsoft Corp.) {B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/02/28 02:23:42 | 000,688,528 | ---- | M] (Microsoft Corporation) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} [HKLM] -> C:\Program Files (x86)\Scpad\scpsssh2.dll [ssh2 Class] -> [2010/09/13 11:59:18 | 000,218,448 | ---- | M] (Scopus Tecnologia Ltda) {B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/02/28 02:20:14 | 000,561,552 | ---- | M] (Microsoft Corporation) {C41A1C0E-EA6C-11D4-B1B8-444553540003} [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [GbIehObj Class] -> [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2011/03/26 01:29:34 | 000,391,704 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2011/03/26 01:29:38 | 000,167,960 | ---- | M] (Intel Corporation) "MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2010/11/30 13:26:32 | 001,436,224 | ---- | M] (Microsoft Corporation) "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2011/03/26 01:29:36 | 000,418,840 | ---- | M] (Intel Corporation) "PSQLLauncher" -> C:\Program Files\Protector Suite\launcher.exe ["C:\Program Files\Protector Suite\launcher.exe" /startup] -> [2010/04/27 13:20:26 | 000,084,744 | ---- | M] (UPEK Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2011/01/30 12:45:14 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) "NUSB3MON" -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ["C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"] -> [2010/11/16 22:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "uTorrent" -> C:\Program Files (x86)\uTorrent\uTorrent.exe ["C:\Program Files (x86)\uTorrent\uTorrent.exe"] -> [2011/05/07 20:47:38 | 000,399,736 | ---- | M] (BitTorrent, Inc.) < Run [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> &Enviar para o OneNote -> [res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105] -> File not found E&xportar para o Microsoft Excel -> [res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000] -> File not found < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [button: Enviar para o OneNote] -> [2010/02/28 07:04:54 | 000,803,728 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2010/02/28 07:04:54 | 000,803,728 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [button: &Anotações Vinculadas do OneNote] -> [2010/02/28 07:04:52 | 000,594,832 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2010/02/28 07:04:52 | 000,594,832 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\] > -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos-beta/OnlineScanner.cab [OnlineScanner Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab [shockwave Flash Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\\DhcpNameServer -> 192.168.1.1 (Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\Windows\system32\nvinitx.dll -> C:\Windows\SysNative\nvinitx.dll -> [2011/04/08 02:14:00 | 000,234,088 | ---- | M] (NVIDIA Corporation) *MultiFile Done* -> -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\Windows\SysWOW64\nvinit.dll -> C:\Windows\SysWOW64\nvinit.dll -> [2011/04/08 02:14:00 | 000,197,736 | ---- | M] (NVIDIA Corporation) *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 03:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 22:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2011/03/26 00:38:50 | 000,385,024 | ---- | M] (Intel Corporation) psfus -> C:\Arquivos de Programas\Protector Suite\psqlpwd.dll -> [2010/04/27 15:21:46 | 000,135,944 | ---- | M] (UPEK Inc.) < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> GbPluginCef -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll -> [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{A3717295-941D-416F-9384-ED1736729F1C}" [HKLM] -> C:\Program Files (x86)\Scpad\scpLIB.dll [CompIBBrd] -> [2009/07/10 11:52:50 | 000,202,032 | ---- | M] (Scopus Tecnologia Ltda) "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{E37CB5F0-51F5-4395-A808-5FA49E399003}" [HKLM] -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [GbPlugin ShlObj] -> [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {1420C58B-3066-47C1-AD57-0E801ADA2C1C} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {1627BA0D-C1DC-49A8-A24B-F18C2ED50103} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {1FBE4CA6-87EE-4149-8FC9-199A2A543859} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {30D58C4B-327F-4774-A8EA-405BB46F3247} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {37B0A903-F7B4-4028-B8F9-91F910F2A85B} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {3DB26248-514B-48C7-B49C-01501DE97D75} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {4BEC9A13-4B01-4E47-A78D-C6A6376B1C42} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {4D25EA0A-4966-4FCE-82AF-51FDD18F247E} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {4F4DFA19-46AA-4FCB-842E-F10EE69C45F6} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {512E1455-7C7B-40BE-98FE-BC4735253E76} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {5341453E-7DB6-4762-9222-5B25CBBF48A5} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {5502B9A4-2A73-4233-8D24-9B3891D4B1B8} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {5AA42A1F-5E52-40B6-8252-405C910AABB6} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {5FFD9A80-96F9-4518-B831-9290469610BB} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {858F5383-E0C7-426C-8F5C-B4464F06FD4A} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {8AEB134C-BE75-4DD5-B987-EF03F1CC6EF7} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {8B35D205-8C8B-4C6E-87B6-2BD1F5684FDB} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {941627FC-FCD3-4160-B603-8B3E98A0C9F3} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {974345AF-CD8A-47B3-828C-E14F9A217BE2} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {9F601AAD-86D2-4852-862F-466209CEAE0E} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {A9E2F9FC-117E-473A-AC4D-EC22FE4DFF3B} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {B924A983-8057-4CB7-9133-386F9F9D6345} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {D0538025-B754-4104-9C1C-9F33BA6FA468} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {DE44CD3C-DFC3-4182-927A-A722A18CD92F} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {EDFD795C-294F-483D-859C-29A4F7D59B17} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {090F7031-32B4-4981-B17E-EF0530C6A978} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {0A898794-70E2-43A4-B2CB-CB959EBC9AC8} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {1AE8628E-3065-4FBD-B863-C7E0EDEDAD36} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {1B696F76-38FE-4D17-9256-7091D8848061} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {292E5763-88BD-4C31-BA85-D0273A1CE66C} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {2E472072-B95D-475B-8AD5-AD165DC7EBC7} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | {313B1210-0BE8-47C8-A6E5-DA99E9FCC542} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {3A0D1D59-22AD-40FE-BF3D-FF0FB2253EB5} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {3D11D872-E8A2-48F7-AB5B-75CC4DD1B4A3} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {44FC142D-1A05-4111-A61F-69C5B3F760E5} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {5011C264-3287-44C5-9987-CAD098455D2B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {57C7DDB2-F836-4065-94DE-CF3C0846C973} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {58AAC552-0C57-4A55-89DF-61EE75832535} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {59DA7154-7E9C-4032-96FC-C910AA24C4AC} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {6FB9EAE8-6373-4BC2-B498-38121B5CC755} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {78019827-E61D-44F6-87D1-1074192A370F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {79A807AC-33DB-495A-84AC-57AD9A9714F6} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {8BB49814-6307-4301-9DE9-0E53BEDB13C4} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {8CF676FE-89E0-4636-BC73-68FB8F47DAAF} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {A278C0E5-A991-4DB2-8D12-75561FB2A654} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {A281DF82-C8A6-42EC-955A-2C412382A1B7} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {B7FFE4A7-CE00-477A-8128-6E0E45BC2AF9} -> dir=in | action=allow | name=cyberlink powerdvd | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe | {BB3C17D4-8905-4089-ADC8-D55B2A56D56E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {C87A1894-F4B2-400E-8CDA-E420F0C8566A} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {D86AE893-5395-4760-9862-095069451655} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {DCD6F286-1E3C-43F8-BDD1-3CDE8AEE90E8} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | {FA66B5D4-5BA3-4F46-B38E-FED8904DF2AF} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | TCP Query User{64219C85-8E59-432B-80CF-84C52899ECB5}C:\program files (x86)\google\google earth\client\googleearth.exe -> profile=private | protocol=6 | dir=in | action=allow | name=google earth | app=c:\program files (x86)\google\google earth\client\googleearth.exe | TCP Query User{7CEFFB66-58CB-4C45-9CE0-8A7D2A3A5F55}C:\program files (x86)\google\google earth\plugin\geplugin.exe -> profile=private | protocol=6 | dir=in | action=block | name=google earth | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | UDP Query User{9265B78C-CB50-41F2-A592-DC8F91DA13FE}C:\program files (x86)\google\google earth\client\googleearth.exe -> profile=private | protocol=17 | dir=in | action=allow | name=google earth | app=c:\program files (x86)\google\google earth\client\googleearth.exe | UDP Query User{E9FDC741-B897-4138-8DEB-88F7C63AEDFC}C:\program files (x86)\google\google earth\plugin\geplugin.exe -> profile=private | protocol=17 | dir=in | action=block | name=google earth | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Driver de CD-ROM -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 06:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/20 20:17:12 | 000,645,632 | ---- | C] (OldTimer Tools) Microsoft Security Client -> C:\Program Files (x86)\Microsoft Security Client -> [2011/05/20 19:54:30 | 000,000,000 | ---D | C] Microsoft Security Client -> C:\Arquivos de Programas\Microsoft Security Client -> [2011/05/20 19:54:24 | 000,000,000 | ---D | C] YoudaGames -> C:\Users\Avell\AppData\Roaming\YoudaGames -> [2011/05/20 18:29:31 | 000,000,000 | ---D | C] ESET -> C:\Program Files (x86)\ESET -> [2011/05/20 17:39:23 | 000,000,000 | ---D | C] {A29E9B02-579B-4316-BFA3-F635D9137974} -> C:\Users\Avell\AppData\Local\{A29E9B02-579B-4316-BFA3-F635D9137974} -> [2011/05/20 12:03:21 | 000,000,000 | ---D | C] {0C08B2D0-28F7-4162-BC80-ECC0E4FBA4A2} -> C:\Users\Avell\AppData\Local\{0C08B2D0-28F7-4162-BC80-ECC0E4FBA4A2} -> [2011/05/19 22:24:08 | 000,000,000 | ---D | C] 32788R22FWJFW -> C:\32788R22FWJFW -> [2011/05/19 12:04:16 | 000,000,000 | R--D | C] {71428944-4CEB-49FD-BED3-125614E37B16} -> C:\Users\Avell\AppData\Local\{71428944-4CEB-49FD-BED3-125614E37B16} -> [2011/05/19 12:01:49 | 000,000,000 | ---D | C] HiJackThis.exe -> C:\Users\Avell\Desktop\HiJackThis.exe -> [2011/05/18 18:55:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) Malwarebytes -> C:\Users\Avell\AppData\Roaming\Malwarebytes -> [2011/05/18 17:48:08 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/05/18 17:45:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/18 17:45:31 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/18 17:45:30 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/05/18 17:45:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/05/18 17:45:06 | 000,000,000 | ---D | C] mbam-setup-1.50.1.1100.exe -> C:\Users\Avell\Desktop\mbam-setup-1.50.1.1100.exe -> [2011/05/18 17:38:12 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) Survivor -> C:\Users\Avell\Desktop\Survivor -> [2011/05/18 13:53:34 | 000,000,000 | ---D | C] Blocos de Anotações do OneNote -> C:\Users\Avell\Documents\Blocos de Anotações do OneNote -> [2011/05/18 11:37:41 | 000,000,000 | ---D | C] {8C7987EA-4622-460D-9B38-37B2C9EAB932} -> C:\Users\Avell\AppData\Local\{8C7987EA-4622-460D-9B38-37B2C9EAB932} -> [2011/05/18 11:31:57 | 000,000,000 | ---D | C] {9203980E-10FD-431E-8F10-F0A2ADBED942} -> C:\Users\Avell\AppData\Local\{9203980E-10FD-431E-8F10-F0A2ADBED942} -> [2011/05/18 00:00:46 | 000,000,000 | ---D | C] HiJackThis -> C:\HiJackThis -> [2011/05/17 22:21:06 | 000,000,000 | ---D | C] Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2011/05/17 21:38:20 | 000,069,376 | ---- | C] (Lavasoft AB) SBREDrv.sys -> C:\Windows\SysNative\drivers\SBREDrv.sys -> [2011/05/17 21:38:20 | 000,049,752 | ---- | C] (Sunbelt Software) Sunbelt Software -> C:\Users\Avell\AppData\Local\Sunbelt Software -> [2011/05/17 21:21:53 | 000,000,000 | ---D | C] Lavasoft -> C:\ProgramData\Lavasoft -> [2011/05/17 21:21:26 | 000,000,000 | ---D | C] Ad-Aware90Install.exe -> C:\Users\Avell\Desktop\Ad-Aware90Install.exe -> [2011/05/17 21:20:02 | 130,359,064 | ---- | C] (Lavasoft ) directx -> C:\Windows\SysWow64\directx -> [2011/05/17 18:00:25 | 000,000,000 | ---D | C] {B8678D8A-48B6-495B-AD37-E5D6FBB6232E} -> C:\Users\Avell\AppData\Local\{B8678D8A-48B6-495B-AD37-E5D6FBB6232E} -> [2011/05/17 12:00:16 | 000,000,000 | ---D | C] Team17 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17 -> [2011/05/16 19:26:08 | 000,000,000 | ---D | C] Team17 -> C:\Program Files (x86)\Team17 -> [2011/05/16 19:25:04 | 000,000,000 | ---D | C] Codemasters -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters -> [2011/05/16 19:07:36 | 000,000,000 | ---D | C] Games -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games -> [2011/05/16 19:05:06 | 000,000,000 | ---D | C] {47372552-F426-420F-A16D-D2F56C339C6B} -> C:\Users\Avell\AppData\Local\{47372552-F426-420F-A16D-D2F56C339C6B} -> [2011/05/16 11:42:33 | 000,000,000 | ---D | C] Worms -> C:\Users\Avell\Desktop\Worms -> [2011/05/15 22:09:23 | 000,000,000 | ---D | C] Worms.Reloaded-SKIDROW -> C:\Users\Avell\Desktop\Worms.Reloaded-SKIDROW -> [2011/05/15 22:09:06 | 000,000,000 | ---D | C] FastStone -> C:\Users\Avell\AppData\Roaming\FastStone -> [2011/05/15 20:04:16 | 000,000,000 | ---D | C] FastStone Capture -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture -> [2011/05/15 20:03:54 | 000,000,000 | ---D | C] FastStone Capture -> C:\Program Files (x86)\FastStone Capture -> [2011/05/15 20:03:52 | 000,000,000 | ---D | C] etc -> C:\Windows\SysWow64\drivers\etc -> [2011/05/15 20:03:50 | 000,000,000 | ---D | C] Scpad -> C:\Program Files (x86)\Scpad -> [2011/05/15 19:02:59 | 000,000,000 | ---D | C] Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2011/05/15 16:59:59 | 000,000,000 | ---D | C] Google -> C:\Program Files (x86)\Google -> [2011/05/15 16:59:17 | 000,000,000 | ---D | C] Cofre pessoal - Atalho -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cofre pessoal - Atalho -> [2011/05/15 14:23:39 | 000,000,000 | R--D | C] {D1010B9B-6EB2-4D27-965D-03C37F18C090} -> C:\Users\Avell\AppData\Local\{D1010B9B-6EB2-4D27-965D-03C37F18C090} -> [2011/05/15 12:21:24 | 000,000,000 | ---D | C] Samsung ESWIN -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung ESWIN -> [2011/05/14 12:17:02 | 000,000,000 | ---D | C] Samsung ESWin -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung ESWin -> [2011/05/14 12:17:02 | 000,000,000 | ---D | C] Samsung -> C:\Program Files (x86)\Samsung -> [2011/05/14 12:17:02 | 000,000,000 | ---D | C] {CC8D5017-A609-4356-82FC-1FE902380606} -> C:\Users\Avell\AppData\Local\{CC8D5017-A609-4356-82FC-1FE902380606} -> [2011/05/14 09:28:52 | 000,000,000 | ---D | C] Arquivos de Programas RFB -> C:\Arquivos de Programas RFB -> [2011/05/14 00:26:39 | 000,000,000 | ---D | C] Winamp -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp -> [2011/05/13 23:02:39 | 000,000,000 | ---D | C] Winamp -> C:\Users\Avell\AppData\Roaming\Winamp -> [2011/05/13 23:02:36 | 000,000,000 | ---D | C] Winamp -> C:\Program Files (x86)\Winamp -> [2011/05/13 23:02:36 | 000,000,000 | ---D | C] Microsoft Office -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office -> [2011/05/13 22:32:50 | 000,000,000 | ---D | C] Microsoft Synchronization Services -> C:\Program Files (x86)\Microsoft Synchronization Services -> [2011/05/13 22:32:19 | 000,000,000 | ---D | C] DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2011/05/13 22:32:18 | 000,000,000 | ---D | C] PCHEALTH -> C:\Windows\PCHEALTH -> [2011/05/13 22:32:07 | 000,000,000 | ---D | C] Microsoft Office -> C:\Arquivos de Programas\Microsoft Office -> [2011/05/13 22:30:43 | 000,000,000 | ---D | C] Microsoft Analysis Services -> C:\Program Files (x86)\Microsoft Analysis Services -> [2011/05/13 22:30:13 | 000,000,000 | ---D | C] Microsoft Office -> C:\Program Files (x86)\Microsoft Office -> [2011/05/13 22:29:40 | 000,000,000 | ---D | C] MSOCache -> C:\MSOCache -> [2011/05/13 22:29:25 | 000,000,000 | RH-D | C] CCleaner -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner -> [2011/05/13 21:47:42 | 000,000,000 | ---D | C] CCleaner -> C:\Arquivos de Programas\CCleaner -> [2011/05/13 21:47:42 | 000,000,000 | ---D | C] CyberLink PowerDVD -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD -> [2011/05/13 21:36:56 | 000,000,000 | ---D | C] {5731DA60-7FD0-44E5-A4C7-A6DC255E85E4} -> C:\Users\Avell\AppData\Local\{5731DA60-7FD0-44E5-A4C7-A6DC255E85E4} -> [2011/05/13 21:28:28 | 000,000,000 | ---D | C] Microsoft Help -> C:\Users\Avell\AppData\Local\Microsoft Help -> [2011/05/13 21:12:01 | 000,000,000 | ---D | C] Microsoft Help -> C:\ProgramData\Microsoft Help -> [2011/05/13 21:11:48 | 000,000,000 | ---D | C] {1A58807F-D012-439C-8F32-071F0F3E6C98} -> C:\Users\Avell\AppData\Local\{1A58807F-D012-439C-8F32-071F0F3E6C98} -> [2011/05/13 12:01:57 | 000,000,000 | ---D | C] {A6A0A939-8650-445B-97AF-A1B182E752CC} -> C:\Users\Avell\AppData\Local\{A6A0A939-8650-445B-97AF-A1B182E752CC} -> [2011/05/12 22:09:15 | 000,000,000 | ---D | C] Media Player Classic -> C:\Users\Avell\AppData\Roaming\Media Player Classic -> [2011/05/12 18:27:27 | 000,000,000 | ---D | C] BrOffice.org -> C:\Users\Avell\AppData\Roaming\BrOffice.org -> [2011/05/12 13:12:41 | 000,000,000 | ---D | C] gbpkm.sys -> C:\Windows\SysWow64\drivers\gbpkm.sys -> [2011/05/12 12:02:56 | 000,046,664 | ---- | C] (GAS Tecnologia) GbPlugin -> C:\ProgramData\GbPlugin -> [2011/05/12 12:02:35 | 000,000,000 | ---D | C] GbPlugin -> C:\Program Files (x86)\GbPlugin -> [2011/05/12 12:02:35 | 000,000,000 | ---D | C] {CA16810B-1D06-46C9-9FBF-CAA265F74B76} -> C:\Users\Avell\AppData\Local\{CA16810B-1D06-46C9-9FBF-CAA265F74B76} -> [2011/05/12 10:08:46 | 000,000,000 | ---D | C] {574E447A-C016-4F70-9A31-9C58D01F6BF4} -> C:\Users\Avell\AppData\Local\{574E447A-C016-4F70-9A31-9C58D01F6BF4} -> [2011/05/11 11:31:30 | 000,000,000 | ---D | C] Windows Live Writer -> C:\Users\Avell\AppData\Roaming\Windows Live Writer -> [2011/05/10 20:22:24 | 000,000,000 | ---D | C] Windows Live Writer -> C:\Users\Avell\AppData\Local\Windows Live Writer -> [2011/05/10 20:22:24 | 000,000,000 | ---D | C] {BE94C280-AA25-4DE2-BE95-B8CC787B330E} -> C:\Users\Avell\AppData\Local\{BE94C280-AA25-4DE2-BE95-B8CC787B330E} -> [2011/05/10 11:30:47 | 000,000,000 | ---D | C] {4AE8CDE8-D168-4D7B-9D3C-BEAAB9EE8ADF} -> C:\Users\Avell\AppData\Local\{4AE8CDE8-D168-4D7B-9D3C-BEAAB9EE8ADF} -> [2011/05/09 09:12:36 | 000,000,000 | ---D | C] BrowserPlus -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus -> [2011/05/08 16:07:23 | 000,000,000 | ---D | C] Yahoo! -> C:\Users\Avell\AppData\Local\Yahoo! -> [2011/05/08 16:07:22 | 000,000,000 | ---D | C] Electronic Arts -> C:\Users\Avell\Documents\Electronic Arts -> [2011/05/08 15:48:11 | 000,000,000 | ---D | C] WinRAR -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2011/05/08 15:36:51 | 000,000,000 | ---D | C] WinRAR -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2011/05/08 15:36:51 | 000,000,000 | ---D | C] WinRAR -> C:\Arquivos de Programas\WinRAR -> [2011/05/08 15:36:35 | 000,000,000 | ---D | C] WinRAR -> C:\Users\Avell\AppData\Roaming\WinRAR -> [2011/05/08 15:34:39 | 000,000,000 | ---D | C] Microsoft WSE -> C:\Program Files (x86)\Microsoft WSE -> [2011/05/08 15:26:08 | 000,000,000 | ---D | C] Electronic Arts -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts -> [2011/05/08 15:25:45 | 000,000,000 | ---D | C] Electronic Arts -> C:\Program Files (x86)\Electronic Arts -> [2011/05/08 15:20:25 | 000,000,000 | ---D | C] {BFEFB7D9-691F-4CCD-8EBA-59FA28BD4E26} -> C:\Users\Avell\AppData\Local\{BFEFB7D9-691F-4CCD-8EBA-59FA28BD4E26} -> [2011/05/08 15:12:15 | 000,000,000 | ---D | C] Alcohol 120% -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alcohol 120% -> [2011/05/07 21:00:23 | 000,000,000 | ---D | C] Alcohol 120% -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% -> [2011/05/07 20:59:17 | 000,000,000 | ---D | C] Alcohol Soft -> C:\Program Files (x86)\Alcohol Soft -> [2011/05/07 20:53:20 | 000,000,000 | ---D | C] uTorrent -> C:\Program Files (x86)\uTorrent -> [2011/05/07 20:47:37 | 000,000,000 | ---D | C] uTorrent -> C:\Users\Avell\AppData\Roaming\uTorrent -> [2011/05/07 20:45:44 | 000,000,000 | ---D | C] IObit -> C:\Users\Avell\AppData\Roaming\IObit -> [2011/05/07 20:40:50 | 000,000,000 | ---D | C] Smart Defrag 2 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 -> [2011/05/07 20:40:49 | 000,000,000 | ---D | C] IObit -> C:\Program Files (x86)\IObit -> [2011/05/07 20:40:47 | 000,000,000 | ---D | C] Igor -> C:\Igor -> [2011/05/07 17:04:12 | 000,000,000 | ---D | C] Core Temp -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp -> [2011/05/07 16:45:41 | 000,000,000 | ---D | C] Core Temp -> C:\Arquivos de Programas\Core Temp -> [2011/05/07 16:45:40 | 000,000,000 | ---D | C] Lavalys -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys -> [2011/05/07 16:34:54 | 000,000,000 | ---D | C] Lavalys -> C:\Program Files (x86)\Lavalys -> [2011/05/07 16:34:50 | 000,000,000 | ---D | C] ACD Systems -> C:\Users\Avell\AppData\Roaming\ACD Systems -> [2011/05/07 16:30:38 | 000,000,000 | ---D | C] ACD Systems -> C:\Users\Avell\AppData\Local\ACD Systems -> [2011/05/07 16:30:38 | 000,000,000 | ---D | C] ACD Systems -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems -> [2011/05/07 16:29:29 | 000,000,000 | ---D | C] ACD Systems -> C:\ProgramData\ACD Systems -> [2011/05/07 16:29:24 | 000,000,000 | ---D | C] ACD Systems -> C:\Program Files (x86)\Common Files\ACD Systems -> [2011/05/07 16:29:18 | 000,000,000 | ---D | C] ACD Systems -> C:\Program Files (x86)\ACD Systems -> [2011/05/07 16:29:18 | 000,000,000 | ---D | C] Downloaded Installations -> C:\Users\Avell\AppData\Local\Downloaded Installations -> [2011/05/07 16:28:18 | 000,000,000 | ---D | C] Adobe -> C:\Program Files (x86)\Common Files\Adobe -> [2011/05/07 16:03:53 | 000,000,000 | ---D | C] Meus arquivos recebidos -> C:\Users\Avell\Documents\Meus arquivos recebidos -> [2011/05/07 15:59:41 | 000,000,000 | ---D | C] {EA6C6455-1A3E-4432-85F2-A6CDBC52D081} -> C:\Users\Avell\AppData\Local\{EA6C6455-1A3E-4432-85F2-A6CDBC52D081} -> [2011/05/07 15:59:07 | 000,000,000 | ---D | C] {55B0B980-EBEC-4E4E-91FA-45D9814A72B7} -> C:\Users\Avell\AppData\Local\{55B0B980-EBEC-4E4E-91FA-45D9814A72B7} -> [2011/05/07 15:59:07 | 000,000,000 | ---D | C] Adobe -> C:\Windows\SysWow64\Adobe -> [2011/05/07 15:43:17 | 000,000,000 | ---D | C] Adobe AIR -> C:\Program Files (x86)\Common Files\Adobe AIR -> [2011/05/07 15:40:48 | 000,000,000 | ---D | C] Adobe -> C:\Users\Avell\AppData\Local\Adobe -> [2011/05/07 15:40:40 | 000,000,000 | ---D | C] K-Lite Codec Pack -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack -> [2011/05/07 15:35:36 | 000,000,000 | ---D | C] yv12vfw.dll -> C:\Windows\SysWow64\yv12vfw.dll -> [2011/05/07 15:35:32 | 000,237,568 | ---- | C] (www.helixcommunity.org) ac3acm.acm -> C:\Windows\SysWow64\ac3acm.acm -> [2011/05/07 15:35:32 | 000,151,552 | ---- | C] (fccHandler) K-Lite Codec Pack -> C:\Program Files (x86)\K-Lite Codec Pack -> [2011/05/07 15:35:28 | 000,000,000 | ---D | C] Java -> C:\Program Files (x86)\Common Files\Java -> [2011/05/07 15:11:58 | 000,000,000 | ---D | C] Google Chrome -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome -> [2011/05/07 15:00:02 | 000,000,000 | ---D | C] Google -> C:\Users\Avell\AppData\Local\Google -> [2011/05/07 14:59:29 | 000,000,000 | ---D | C] Deployment -> C:\Users\Avell\AppData\Local\Deployment -> [2011/05/07 14:59:01 | 000,000,000 | ---D | C] Apps -> C:\Users\Avell\AppData\Local\Apps -> [2011/05/07 14:59:01 | 000,000,000 | ---D | C] Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2011/05/07 14:10:43 | 000,000,000 | ---D | C] VirtualizedApplications -> C:\ProgramData\VirtualizedApplications -> [2011/05/07 13:46:43 | 000,000,000 | ---D | C] SPReview -> C:\Windows\SysNative\SPReview -> [2011/05/07 11:08:00 | 000,000,000 | ---D | C] EventProviders -> C:\Windows\SysNative\EventProviders -> [2011/05/07 11:07:04 | 000,000,000 | ---D | C] fms.dll -> C:\Windows\SysNative\fms.dll -> [2011/05/07 11:00:39 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) fms.dll -> C:\Windows\SysWow64\fms.dll -> [2011/05/07 10:59:58 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) CyberLink -> C:\Users\Avell\Documents\CyberLink -> [2011/05/06 12:03:57 | 000,000,000 | ---D | C] CyberLink -> C:\Users\Avell\AppData\Roaming\CyberLink -> [2011/05/06 12:03:56 | 000,000,000 | ---D | C] Power2Go -> C:\Users\Avell\AppData\Local\Power2Go -> [2011/05/06 12:02:19 | 000,000,000 | ---D | C] CyberLink DVD Suite -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite -> [2011/05/06 11:59:08 | 000,000,000 | ---D | C] Wat -> C:\Windows\SysWow64\Wat -> [2011/04/23 11:17:06 | 000,000,000 | ---D | C] Wat -> C:\Windows\SysNative\Wat -> [2011/04/23 11:17:06 | 000,000,000 | ---D | C] OpenCL.dll -> C:\Windows\SysNative\OpenCL.dll -> [2011/04/23 11:02:54 | 000,067,176 | ---- | C] (Khronos Group) OpenCL.dll -> C:\Windows\SysWow64\OpenCL.dll -> [2011/04/23 11:02:54 | 000,057,960 | ---- | C] (Khronos Group) NVIDIA -> C:\NVIDIA -> [2011/04/22 17:01:48 | 000,000,000 | ---D | C] SoftGrid Client -> C:\Users\Avell\AppData\Local\SoftGrid Client -> [2011/04/22 17:00:13 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Users\Avell\Desktop\OTS.exe -> [2011/05/20 20:17:19 | 000,645,632 | ---- | M] (OldTimer Tools) GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/05/20 20:14:04 | 000,001,062 | ---- | M] () obhm.job -> C:\Windows\tasks\obhm.job -> [2011/05/20 20:14:00 | 000,000,298 | -HS- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/05/20 20:13:46 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011/05/20 20:13:38 | 3149,008,896 | -HS- | M] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> [2011/05/20 20:04:00 | 000,001,078 | ---- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/05/20 20:04:00 | 000,001,066 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/20 19:56:14 | 000,015,008 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/20 19:56:14 | 000,015,008 | -H-- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/05/20 19:56:00 | 001,523,558 | ---- | M] () prfh0416.dat -> C:\Windows\SysNative\prfh0416.dat -> [2011/05/20 19:56:00 | 000,665,904 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/05/20 19:56:00 | 000,618,108 | ---- | M] () prfc0416.dat -> C:\Windows\SysNative\prfc0416.dat -> [2011/05/20 19:56:00 | 000,129,094 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/05/20 19:56:00 | 000,107,388 | ---- | M] () epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/05/20 19:54:55 | 000,001,912 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/05/20 19:54:31 | 001,517,030 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> [2011/05/20 15:04:00 | 000,001,026 | ---- | M] () hosts -> C:\Windows\SysWow64\drivers\etc\hosts -> [2011/05/20 12:20:00 | 000,000,050 | RH-- | M] () Uninstall.exe -> C:\Users\Avell\Desktop\Uninstall.exe -> [2011/05/18 21:39:58 | 004,351,251 | ---- | M] () HiJackThis.exe -> C:\Users\Avell\Desktop\HiJackThis.exe -> [2011/05/18 18:55:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2011/05/18 17:42:18 | 000,000,698 | ---- | M] () OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/05/18 11:48:05 | 000,001,293 | ---- | M] () mbam-setup-1.50.1.1100.exe -> C:\Users\Avell\Desktop\mbam-setup-1.50.1.1100.exe -> [2011/05/18 11:38:36 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) mbam-setup.exe -> C:\Users\Avell\Desktop\mbam-setup.exe -> [2011/05/18 11:36:06 | 000,001,106 | ---- | M] () DC2E.8D3 -> C:\Users\Avell\AppData\Roaming\DC2E.8D3 -> [2011/05/17 22:51:56 | 000,013,322 | ---- | M] () rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2011/05/17 21:41:07 | 000,000,064 | ---- | M] () rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2011/05/17 21:41:07 | 000,000,044 | ---- | M] () SBREDrv.sys -> C:\Windows\SysNative\drivers\SBREDrv.sys -> [2011/05/17 21:38:19 | 000,049,752 | ---- | M] (Sunbelt Software) Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2011/05/17 21:37:44 | 000,069,376 | ---- | M] (Lavasoft AB) Ad-Aware90Install.exe -> C:\Users\Avell\Desktop\Ad-Aware90Install.exe -> [2011/05/17 21:16:54 | 130,359,064 | ---- | M] (Lavasoft ) msrdcx.dll -> C:\Windows\SysWow64\msrdcx.dll -> [2011/05/17 19:00:36 | 000,094,208 | RHS- | M] () Worms.exe - Atalho.lnk -> C:\Users\Avell\Desktop\Worms.exe - Atalho.lnk -> [2011/05/17 17:50:50 | 000,000,999 | ---- | M] () ax_files.xml -> C:\Users\Avell\Documents\ax_files.xml -> [2011/05/17 00:32:25 | 000,000,708 | ---- | M] () Worms Reloaded.lnk -> C:\Users\Public\Desktop\Worms Reloaded.lnk -> [2011/05/16 19:26:09 | 000,002,102 | ---- | M] () FastStone Capture.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk -> [2011/05/15 20:05:56 | 000,001,164 | ---- | M] () Igor.lnk -> C:\Users\Avell\Desktop\Igor.lnk -> [2011/05/14 00:21:41 | 000,000,772 | ---- | M] () Msft_Kernel_NuidFltr_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf -> [2011/05/13 22:44:51 | 000,000,000 | -H-- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/05/13 22:39:00 | 000,430,256 | ---- | M] () Msft_Kernel_dc3d_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf -> [2011/05/10 11:49:37 | 000,000,000 | -H-- | M] () The Sims™ 3.lnk -> C:\Users\Public\Desktop\The Sims™ 3.lnk -> [2011/05/08 15:25:45 | 000,002,082 | ---- | M] () SmartDefrag.job -> C:\Windows\tasks\SmartDefrag.job -> [2011/05/07 20:51:09 | 000,000,408 | ---- | M] () sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2011/05/07 20:49:48 | 000,834,544 | ---- | M] () ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2011/05/07 11:13:48 | 000,072,822 | ---- | M] () ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2011/05/07 11:13:46 | 000,072,822 | ---- | M] () [Files - No Company Name] Microsoft Security Essentials.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> [2011/05/20 19:54:27 | 000,001,900 | ---- | C] () Uninstall.exe -> C:\Users\Avell\Desktop\Uninstall.exe -> [2011/05/18 21:39:57 | 004,351,251 | ---- | C] () mbam-setup.exe -> C:\Users\Avell\Desktop\mbam-setup.exe -> [2011/05/18 17:38:12 | 000,001,106 | ---- | C] () OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/05/18 11:37:55 | 000,001,293 | ---- | C] () rp_stats.dat -> C:\Windows\SysWow64\rp_stats.dat -> [2011/05/17 21:41:07 | 000,000,064 | ---- | C] () rp_rules.dat -> C:\Windows\SysWow64\rp_rules.dat -> [2011/05/17 21:41:07 | 000,000,044 | ---- | C] () obhm.job -> C:\Windows\tasks\obhm.job -> [2011/05/17 19:00:37 | 000,000,298 | -HS- | C] () msrdcx.dll -> C:\Windows\SysWow64\msrdcx.dll -> [2011/05/17 19:00:36 | 000,094,208 | RHS- | C] () DC2E.8D3 -> C:\Users\Avell\AppData\Roaming\DC2E.8D3 -> [2011/05/17 19:00:32 | 000,013,322 | ---- | C] () Worms.exe - Atalho.lnk -> C:\Users\Avell\Desktop\Worms.exe - Atalho.lnk -> [2011/05/17 17:50:50 | 000,000,999 | ---- | C] () Worms Reloaded.lnk -> C:\Users\Public\Desktop\Worms Reloaded.lnk -> [2011/05/16 19:26:09 | 000,002,102 | ---- | C] () FastStone Capture.lnk -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk -> [2011/05/15 20:05:56 | 000,001,164 | ---- | C] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/05/15 16:59:20 | 000,001,066 | ---- | C] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/05/15 16:59:20 | 000,001,062 | ---- | C] () Igor.lnk -> C:\Users\Avell\Desktop\Igor.lnk -> [2011/05/14 00:21:41 | 000,000,772 | ---- | C] () Msft_Kernel_NuidFltr_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf -> [2011/05/13 22:44:51 | 000,000,000 | -H-- | C] () Msft_Kernel_dc3d_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf -> [2011/05/10 11:49:37 | 000,000,000 | -H-- | C] () The Sims™ 3.lnk -> C:\Users\Public\Desktop\The Sims™ 3.lnk -> [2011/05/08 15:25:45 | 000,002,082 | ---- | C] () ax_files.xml -> C:\Users\Avell\Documents\ax_files.xml -> [2011/05/07 21:00:32 | 000,000,708 | ---- | C] () sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2011/05/07 20:49:48 | 000,834,544 | ---- | C] () SmartDefragBootTime.exe -> C:\Windows\SysNative\SmartDefragBootTime.exe -> [2011/05/07 20:40:50 | 000,032,136 | ---- | C] () SmartDefragDriver.sys -> C:\Windows\SysNative\drivers\SmartDefragDriver.sys -> [2011/05/07 20:40:50 | 000,018,232 | ---- | C] () SmartDefrag.job -> C:\Windows\tasks\SmartDefrag.job -> [2011/05/07 20:39:46 | 000,000,408 | ---- | C] () Adobe Reader X.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> [2011/05/07 16:03:57 | 000,002,441 | ---- | C] () unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2011/05/07 15:35:34 | 000,175,616 | ---- | C] () avisplitter.ini -> C:\Windows\avisplitter.ini -> [2011/05/07 15:35:34 | 000,000,038 | ---- | C] () xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2011/05/07 15:35:32 | 000,631,808 | ---- | C] () xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2011/05/07 15:35:32 | 000,243,200 | ---- | C] () ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2011/05/07 15:35:31 | 000,080,896 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000UA.job -> [2011/05/07 14:59:31 | 000,001,078 | ---- | C] () GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1559956080-708438421-4766739-1000Core.job -> [2011/05/07 14:59:31 | 000,001,026 | ---- | C] () ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2011/05/07 11:13:48 | 000,072,822 | ---- | C] () ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2011/05/07 11:13:46 | 000,072,822 | ---- | C] () systemsf.ebd -> C:\Windows\SysNative\systemsf.ebd -> [2011/05/07 11:02:06 | 000,347,904 | ---- | C] () ScavengeSpace.xml -> C:\Windows\SysNative\ScavengeSpace.xml -> [2011/05/07 10:59:16 | 000,010,429 | ---- | C] () RacRules.xml -> C:\Windows\SysWow64\RacRules.xml -> [2011/05/07 10:58:51 | 000,105,559 | ---- | C] () RacRules.xml -> C:\Windows\SysNative\RacRules.xml -> [2011/05/07 10:58:51 | 000,105,559 | ---- | C] () tcpbidi.xml -> C:\Windows\SysWow64\tcpbidi.xml -> [2011/05/07 10:58:23 | 000,001,041 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/03/31 01:49:18 | 001,517,030 | ---- | C] () THXCfg_SP_APOIM.ini -> C:\Windows\THXCfg_SP_APOIM.ini -> [2011/03/30 23:52:46 | 000,001,313 | ---- | C] () THXCfg_HP_APOIM.ini -> C:\Windows\THXCfg_HP_APOIM.ini -> [2011/03/30 23:52:46 | 000,001,212 | ---- | C] () THXCfg_APOIM.ini -> C:\Windows\THXCfg_APOIM.ini -> [2011/03/30 23:52:46 | 000,001,212 | ---- | C] () APOMngr.DLL -> C:\Windows\SysWow64\APOMngr.DLL -> [2011/03/30 23:52:44 | 000,185,856 | ---- | C] () CmdRtr.DLL -> C:\Windows\SysWow64\CmdRtr.DLL -> [2011/03/30 23:52:44 | 000,073,728 | ---- | C] () ISSRemoveSP.exe -> C:\Windows\SysWow64\ISSRemoveSP.exe -> [2011/03/30 23:40:58 | 000,451,072 | ---- | C] () OEM.ini -> C:\Windows\OEM.ini -> [2011/03/30 23:34:58 | 000,000,101 | R--- | C] () Bison.ini -> C:\Windows\Bison.ini -> [2011/03/30 23:34:58 | 000,000,020 | R--- | C] () IntelMEFWVer.dll -> C:\Windows\SysWow64\drivers\IntelMEFWVer.dll -> [2011/03/30 23:25:25 | 000,008,192 | R--- | C] () igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2011/03/30 22:29:56 | 000,145,804 | ---- | C] () igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2011/03/26 01:16:10 | 000,963,116 | ---- | C] () igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2011/03/26 01:16:10 | 000,216,876 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 02:38:36 | 000,067,584 | --S- | C] () NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 23:35:51 | 000,000,741 | ---- | C] () dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 23:34:42 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2009/07/13 21:10:29 | 000,043,131 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 18:03:59 | 000,364,544 | ---- | C] () mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 18:26:10 | 000,673,088 | ---- | C] () [File - Lop Check] ACD Systems -> C:\Users\Avell\AppData\Roaming\ACD Systems -> [2011/05/07 16:30:38 | 000,000,000 | ---D | M] BrOffice.org -> C:\Users\Avell\AppData\Roaming\BrOffice.org -> [2011/05/12 13:12:41 | 000,000,000 | ---D | M] IObit -> C:\Users\Avell\AppData\Roaming\IObit -> [2011/05/07 20:40:50 | 000,000,000 | ---D | M] Protector Suite -> C:\Users\Avell\AppData\Roaming\Protector Suite -> [2011/03/30 23:50:34 | 000,000,000 | ---D | M] SoftGrid Client -> C:\Users\Avell\AppData\Roaming\SoftGrid Client -> [2011/05/13 21:34:40 | 000,000,000 | ---D | M] TP -> C:\Users\Avell\AppData\Roaming\TP -> [2011/03/30 15:34:31 | 000,000,000 | ---D | M] uTorrent -> C:\Users\Avell\AppData\Roaming\uTorrent -> [2011/05/20 20:14:08 | 000,000,000 | ---D | M] Windows Live Writer -> C:\Users\Avell\AppData\Roaming\Windows Live Writer -> [2011/05/10 20:22:24 | 000,000,000 | ---D | M] YoudaGames -> C:\Users\Avell\AppData\Roaming\YoudaGames -> [2011/05/20 18:29:31 | 000,000,000 | ---D | M] obhm.job -> C:\Windows\Tasks\obhm.job -> [2011/05/20 20:14:00 | 000,000,298 | -HS- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 02:08:49 | 000,025,590 | ---- | M] () SmartDefrag.job -> C:\Windows\Tasks\SmartDefrag.job -> [2011/05/07 20:51:09 | 000,000,408 | ---- | M] () [File - Purity Scan] [Alternate Data Streams] @Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst < End of report > Deixa eu acrescentar um novo sintoma. Quando pesquiso no google e clico em um dos links de respostas, ao invés de abrir a pagina que cliquei abrem páginas como essas abaixo: http://search.br.b00kmarks.com/search.php?keyword=state+of+play+imdb http://www.liutilities.com/products/campaigns/affiliate/cb/offer/myadwise/sp/B1/ Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 20, 2011 *Selecione e copie o código abaixo: [unregister Dlls] [Files/Folders - Modified Within 30 Days] NY -> obhm.job -> C:\Windows\tasks\obhm.job *Execute o OTS *Clique no espaço abaixo de "Paste Fix Here", e cole o código *Clique [Run Fix] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 21, 2011 [Files/Folders - Modified Within 30 Days] C:\Windows\tasks\obhm.job moved successfully. < End of fix log > OTS by OldTimer - Version 3.1.42.0 fix logfile created on 05202011_210216 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 21, 2011 *Baixe o GMER e salve-o no desktop *Feche todos os programas ativos, MSN, anti-spywares... *Saia da Internet *Clique com o botão direito do mouse no GMER e selecione "Executar como administrador" *Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO] *Na coluna da direita, desmarque a opção []IAT/EAT *Clique [scan] *Ao término clique [Copy] > [save...] e salve no desktop *Cole o relatório Compartilhar este post Link para o post Compartilhar em outros sites
Elwood 0 Denunciar post Postado Maio 21, 2011 Tentei como administrador e apresentou o seguinte erro: O Windows nao pode encontrar "bla bla bla". Certifique-se que o nome foi digitado corretamente. Quando tento sem ser administrador aparece: A versão do arquivonao eh compativel com o Windows em execucao. Consulte as infomracoesde sistema de computadores para verificar se se você precisa da versao x86 ou x64 do prgrama eentre em contatoc com o editor do soft. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 21, 2011 OK...esqueci que seu Windows é 64bit. 1. *Delete o GMER 2. *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Execute-o e aceite o contrato *Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop! *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
