[Resolvido] &nbspsvchost.exe

[aaadrianooo 0]

Boa noite!

 

-> Pc travando direto,CPU 100% ao iniciar o computador...

-> Envio de emails simultâneos para contatos que eu nem tenho...

________________________________________________________________

 

Segue LOG para análise

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:18:35, on 04/07/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Control Center\CCenter.exe

C:\Program Files\FSP\FspUip.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Usuario\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [Control Center] C:\Program Files\Control Center\CCenter.exe

O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue

O4 - HKCU\..\Run: [Google Update] "C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [cacaoweb] "C:\Users\Usuario\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com.br/s/v/67.18/uploader2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6EA3E8EE-B85F-457C-BB86-AE46D5595F57}: NameServer = 192.168.0.1

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

--

End of file - 10851 bytes

 

______________________________________

 

Quem puder ajudar, eu agradeço!

[wings 22]

Olá aaadrianooo

 

 

1.

*Baixe o Cacaokiller e salve-o no desktop

*Clique com o botão direito nele e selecione "Executar como administrador"

*Tecle 2 > [ENTER]

*Cole o relatório apresentado

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Clique com o botão direito nele e selecione "Executar como administrador"

*Clique [scan] e cole o relatório apresentado

[aaadrianooo 0]

============================================================

########### Cacaokiller By Juju666 ###########

============================================================

Version 1.1.0.0

Windows XP 32bits

Exécuté par Usuario le 04/07/2011 à 15:09:01

 

##################### Suppression:

 

### Fichiers et dossiers supprimés:

 

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of cacaoweb.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of opera.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of msnmsgr.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of iexplore.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of firefox.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of safari.exe

 

### Vérification :

 

 

### Objets du registre supprimés :

 

 

 

### Terminé avec succès le 04/07/2011 à 15:09:16 !!!

 

============================================================

########### Cacaokiller By Juju666 ---- Terminé ###########

============================================================

 

__________________________________________________________________________________________________

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Launched at 15:05:44 on 04/07/2011, Normal boot

 

Microsoft Windows 7 Professional (X86)

Usuario@BATKAVERNA (CCE Capella & IbexPeak-M Chipset)

 

============== SEARCH ==============

 

 

 

Key found: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Google Chrome Version [12.0.742.112] ****

 

 

-- C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Preferences - homepage: hxxp://www.google.com/

Preferences - homepage_is_newtabpage: true

Plugin - "Picasa" (Enabled: true)

 

========================================

 

**** Internet Explorer Version [8.0.7600.16385] ****

 

HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie

HKCU_Main|Search bar - hxxp://www.oquefazernainternet.com/

HKCU_Main|Search Page - hxxp://www.oquefazernainternet.com/

HKCU_Main|Start Page - hxxp://www.google.com.br/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157

HKLM_Main|Default_Search_URL - hxxp://www.oquefazernainternet.com/

HKLM_Main|Search Page - hxxp://www.oquefazernainternet.com/

HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157

HKCU_SearchScopes\{7C734FA1-D304-4083-9CFA-8FE2AFED504D} - "Wikipedia (br)" (hxxp://br.wikipedia.org/w/index.php?title=Dibar:Klask&search={searchTerms})

HKCU_Toolbar\WebBrowser|{4064EA35-578D-4073-A834-C96D82CBCF40} (C:\Program Files\Save Flash\SaveFlash.dll)

HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll)

HKLM_Toolbar|{4064EA35-578D-4073-A834-C96D82CBCF40} (C:\Program Files\Save Flash\SaveFlash.dll)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5} - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

BHO\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - "Free Download Manager" (C:\Program Files\Free Download Manager\iefdm2.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)

C:\Program Files\Ad-Remover\Backup: 2 File(s)

 

C:\Ad-Report-SCAN[1].txt - 04/07/2011 14:59:03 (3199 Byte(s))

C:\Ad-Report-SCAN[2].txt - 04/07/2011 15:05:52 (3125 Byte(s))

 

End at: 15:07:24, 04/07/2011

 

============== E.O.F ==============

[wings 22]

1.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

O4 - HKCU\..\Run: [cacaoweb] "C:\Users\Usuario\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer

*Feche o hijack

 

2.

*Execute o cacaokiller e tecle 4 > [ENTER]

 

3.

*Execute o AD-Remover, clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

 

4.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

5.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

Caso já tenhas o Malwarebytes instalado....

 

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione [x] Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

[aaadrianooo 0]

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Versão da Base de Dados: 7025

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

05/07/2011 03:08:49

mbam-log-2011-07-05 (03-08-49).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 262307

Tempo decorrido: 1 hora(s), 14 minuto(s), 2 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\Users\Public\Desktop\control center.lnk (Rogue.ControlCenter) -> Quarantined and deleted successfully.

[wings 22]

1.

*Troque a senha do seu e-mail.

 

2.

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione a opção:

[x] Scan All Users

*Clique [Quick Scan] e cole o relatório apresentado

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Selecione [x] 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[aaadrianooo 0]

OTS logfile created on: 06/07/2011 17:58:57 - Run 1
OTS by OldTimer - Version 3.1.44.0     Folder = C:\Users\Usuario\Desktop
Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 246,63 Gb Total Space | 203,95 Gb Free Space | 82,70% Space Free | Partition Type: NTFS
Drive D: | 219,03 Gb Total Space | 171,88 Gb Free Space | 78,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BATKAVERNA
Current User Name: Usuario
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan

[Processes - Safe List]
ots.exe -> C:\Users\Usuario\Desktop\OTS.exe -> [2011/07/06 17:57:51 | 000,645,120 | ---- | M] (OldTimer Tools)
armsvc.exe -> C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
sched.exe -> C:\Arquivos de Programas\Avira\AntiVir Desktop\sched.exe -> [2011/06/01 01:08:48 | 000,136,360 | ---- | M] (Avira GmbH)
avguard.exe -> C:\Arquivos de Programas\Avira\AntiVir Desktop\avguard.exe -> [2011/04/05 18:12:57 | 000,269,480 | ---- | M] (Avira GmbH)
msnmsgr.exe -> C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe -> [2010/11/10 01:54:18 | 004,240,760 | ---- | M] (Microsoft Corporation)
utorrent.exe -> C:\Arquivos de Programas\uTorrent\uTorrent.exe -> [2010/09/30 02:26:23 | 000,487,800 | ---- | M] (BitTorrent, Inc.)
seaport.exe -> C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation)
wlidsvc.exe -> C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -> [2010/09/21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.)
wlidsvcm.exe -> C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE -> [2010/09/21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.)
fdm.exe -> C:\Arquivos de Programas\Free Download Manager\fdm.exe -> [2010/09/08 18:11:50 | 003,788,847 | ---- | M] (FreeDownloadManager.ORG)
avgnt.exe -> C:\Arquivos de Programas\Avira\AntiVir Desktop\avgnt.exe -> [2010/09/03 14:44:21 | 000,281,768 | ---- | M] (Avira GmbH)
onenotem.exe -> C:\Arquivos de Programas\Microsoft Office\Office14\ONENOTEM.EXE -> [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation)
msosync.exe -> C:\Arquivos de Programas\Microsoft Office\Office14\MSOSYNC.EXE -> [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation)
nbagent.exe -> C:\Arquivos de Programas\Nero\Nero 10\Nero BackItUp\NBAgent.exe -> [2010/02/22 16:17:50 | 001,226,024 | ---- | M] (Nero AG)
nasvc.exe -> C:\Arquivos de Programas\Nero\Update\NASvc.exe -> [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG)
ccenter.exe -> C:\Arquivos de Programas\Control Center\CCenter.exe -> [2010/02/03 09:10:24 | 000,799,744 | ---- | M] ()
avshadow.exe -> C:\Arquivos de Programas\Avira\AntiVir Desktop\avshadow.exe -> [2010/01/14 21:11:42 | 000,076,968 | ---- | M] (Avira GmbH)
fspuip.exe -> C:\Arquivos de Programas\FSP\FspUip.exe -> [2009/11/09 18:42:50 | 003,342,336 | ---- | M] (Sentelic Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
iaanotif.exe -> C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2009/10/13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation)
uns.exe -> C:\Arquivos de Programas\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation)
lms.exe -> C:\Arquivos de Programas\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation)
wmpnetwk.exe -> C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -> [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation)
conhost.exe -> C:\Windows\System32\conhost.exe -> [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation)
pwrisovm.exe -> C:\Arquivos de Programas\PowerISO\PWRISOVM.EXE -> [2007/04/09 09:23:11 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.)

[Modules - Safe List]
ots.exe -> C:\Users\Usuario\Desktop\OTS.exe -> [2011/07/06 17:57:51 | 000,645,120 | ---- | M] (OldTimer Tools)
sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2009/07/13 22:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation)
sechost.dll -> C:\Windows\System32\sechost.dll -> [2009/07/13 22:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation)
profapi.dll -> C:\Windows\System32\profapi.dll -> [2009/07/13 22:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation)
kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2009/07/13 22:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation)
dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009/07/13 22:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation)
devobj.dll -> C:\Windows\System32\devobj.dll -> [2009/07/13 22:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation)
cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009/07/13 22:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation)
cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2009/07/13 22:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 22:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated)
(AntiVirSchedulerService) Avira AntiVir Programador [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/06/01 01:08:48 | 000,136,360 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/04/05 18:12:57 | 000,269,480 | ---- | M] (Avira GmbH)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation)
(Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -> [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation)
(NAUpdate) Nero Update [Auto | Running] -> C:\Program Files\Nero\Update\NASvc.exe -> [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation)
(UNS) Intel(R) Management & Security Application User Notification Service [Auto | Running] -> C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Arquivos de Programas\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation)
(WwanSvc) Configuração Automática de WWAN [On_Demand | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009/07/13 22:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation)
(WbioSrvc) Serviço de Biometria do Windows [On_Demand | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009/07/13 22:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
(Power) Energia [Auto | Running] -> C:\Windows\System32\umpo.dll -> [2009/07/13 22:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation)
(Themes) Temas [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009/07/13 22:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)
(sppuinotify) Serviço de Notificação da SPP [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2009/07/13 22:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation)
(StorSvc) Serviço de Armazenamento [On_Demand | Stopped] -> C:\Windows\System32\StorSvc.dll -> [2009/07/13 22:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation)
(RpcEptMapper) Mapeador de Ponto de Extremidade RPC [unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 22:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)
(SensrSvc) Brilho Adaptável [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)
(PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation)
(PNRPsvc) Protocolo PNRP [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(p2pimsvc) Gerenciador de Identidades de Rede de Mesmo Nível [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(HomeGroupProvider) Provedor do Grupo Doméstico [On_Demand | Running] -> C:\Windows\System32\provsvc.dll -> [2009/07/13 22:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(PNRPAutoReg) Serviço de Publicação de Nome de Computador do PNRP [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009/07/13 22:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Arquivos de Programas\Windows Defender\MpSvc.dll -> [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
(HomeGroupListener) Escuta do Grupo Doméstico [On_Demand | Stopped] -> C:\Windows\System32\ListSvc.dll -> [2009/07/13 22:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation)
(FontCache) Serviço de Cache de Fontes do Windows [On_Demand | Running] -> C:\Windows\System32\FntCache.dll -> [2009/07/13 22:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation)
(Dhcp) Cliente DHCP [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2009/07/13 22:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(defragsvc) Desfragmentador de Disco [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009/07/13 22:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
(BDESVC) Serviço de Criptografia de Unidade de Disco BitLocker [unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009/07/13 22:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)
(AxInstSV) Instalador do ActiveX (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2009/07/13 22:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
(AppIDSvc) Identidade do Aplicativo [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009/07/13 22:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation)
(sppsvc) Proteção de Software [Auto | Stopped] -> C:\Windows\System32\sppsvc.exe -> [2009/07/13 22:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
(avipbb) avipbb [Kernel | System | Running] -> C:\Windows\System32\drivers\avipbb.sys -> [2011/04/05 18:13:45 | 000,137,656 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\System32\drivers\avgntflt.sys -> [2011/04/05 18:13:43 | 000,061,960 | ---- | M] (Avira GmbH)
(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\fssfltr.sys -> [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/06/17 14:29:17 | 000,028,520 | ---- | M] (Avira GmbH)
(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\ksecpkg.sys -> [2009/12/11 04:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation)
(IntcDAud) Áudio do vídeo Intel(R) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\IntcDAud.sys -> [2009/11/27 02:13:40 | 000,209,920 | ---- | M] (Intel(R) Corporation)
(fspad_wlh32) Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\fspad_wlh32.sys -> [2009/11/09 18:42:46 | 000,042,496 | ---- | M] (Sentelic Corporation)
(Impcd) Impcd [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Impcd.sys -> [2009/10/26 09:39:02 | 000,125,696 | ---- | M] (Intel Corporation)
(HECI) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HECI.sys -> [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation)
(athur) Wireless Network Adapter Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athur.sys -> [2009/08/14 10:10:12 | 001,334,784 | ---- | M] (Atheros Communications, Inc.)
(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\hwpolicy.sys -> [2009/07/13 22:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation)
(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\fsdepends.sys -> [2009/07/13 22:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation)
(vmbus) Barramento da Máquina Virtual [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vmbus.sys -> [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation)
(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vhdmp.sys -> [2009/07/13 22:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation)
(storflt) Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vmstorfl.sys -> [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation)
(vdrvroot) Driver de enumerador da unidade virtual Microsoft [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vdrvroot.sys -> [2009/07/13 22:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation)
(storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\storvsc.sys -> [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\wimmount.sys -> [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\System32\drivers\rdyboost.sys -> [2009/07/13 22:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation)
(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\pcw.sys -> [2009/07/13 22:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation)
(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\cng.sys -> [2009/07/13 22:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation)
(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\rdpbus.sys -> [2009/07/13 21:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation)
(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\System32\drivers\RDPREFMP.sys -> [2009/07/13 21:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation)
(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\agilevpn.sys -> [2009/07/13 20:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation)
(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\wfplwf.sys -> [2009/07/13 20:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation)
(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/13 20:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation)
(vwifimp) Microsoft Virtual WiFi Miniport Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\vwifimp.sys -> [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation)
(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\vwififlt.sys -> [2009/07/13 20:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation)
(vwifibus) Driver de Barramento WiFi Virtual [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\vwifibus.sys -> [2009/07/13 20:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation)
(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\1394ohci.sys -> [2009/07/13 20:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation)
(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\umpass.sys -> [2009/07/13 20:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mshidkmdf.sys -> [2009/07/13 20:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation)
(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MTConfig.sys -> [2009/07/13 20:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation)
(CompositeBus) Driver Enumerador de Barramento de Composição [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CompositeBus.sys -> [2009/07/13 20:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation)
(scfilter) Driver de Filtro de Classe PnP de Cartão inteligente [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\scfilter.sys -> [2009/07/13 20:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation)
(s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vms3cap.sys -> [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation)
(VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\VMBusHID.sys -> [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation)
(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\System32\drivers\discache.sys -> [2009/07/13 20:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation)
(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\acpipmi.sys -> [2009/07/13 20:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation)
(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdppm.sys -> [2009/07/13 20:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation)
(netr73) RT73 USB Wireless LAN Card Driver for Vista [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\netr73.sys -> [2009/07/13 19:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.)
(RTL8187Se) Placa de rede sem fios Realtek RTL8187SE, 802.11b/g, de 54 Mbps e PCIE [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\rtl8187Se.sys -> [2009/07/01 08:03:10 | 000,372,224 | ---- | M] (Realtek Semiconductor Corporation                           )
(avgio) avgio [Kernel | System | Running] -> C:\Arquivos de Programas\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(tpsacpi) TPS Firmware Extension Device Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\tpsacpi.SYS -> [2008/08/27 11:06:00 | 000,010,728 | ---- | M] (TPS Corporation)
(SCDEmu) SCDEmu [Kernel | System | Running] -> C:\Windows\System32\drivers\scdemu.sys -> [2007/04/09 09:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://fr.msn.com/ -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.oquefazernainternet.com/ -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.oquefazernainternet.com/ -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\] > -> -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\: Main\\"Start Page" -> http://fr.msn.com/ -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\: Main\\"Start Page Redirect Cache" -> http://www.oquefazernainternet.com/ -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> pt-br -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 80 76 4A 43 17 20 CC 01  [binary data] -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\: SearchURL\\"" ->  -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [user Folders] > -> 
 -> C:\Users\Usuario\AppData\Roaming\mozilla\Extensions -> [2010/10/04 20:46:09 | 000,000,000 | ---D | M]
 -> C:\Users\Usuario\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2010/10/04 20:46:09 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/06/10 18:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [search Helper] -> [2010/09/22 11:03:38 | 000,191,792 | ---- | M] (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2010/03/25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2010/09/21 13:08:38 | 000,439,168 | ---- | M] (Microsoft Corp.)
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} [HKLM] -> C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll [Windows Live Messenger Companion Helper] -> [2010/11/10 01:07:26 | 000,393,600 | ---- | M] (Microsoft Corporation)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/02/28 02:20:14 | 000,561,552 | ---- | M] (Microsoft Corporation)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Arquivos de Programas\Free Download Manager\iefdm2.dll [Free Download Manager] -> [2010/09/08 18:12:12 | 000,143,360 | ---- | M] ()
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Arquivos de Programas\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [bing Bar BHO] -> [2010/09/22 12:19:36 | 000,612,616 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{4064EA35-578D-4073-A834-C96D82CBCF40}" [HKLM] -> C:\Arquivos de Programas\Save Flash\SaveFlash.dll [&Save Flash] -> [2010/06/01 04:44:20 | 001,210,368 | ---- | M] (PilotGroup LLC)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Arquivos de Programas\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100] -> [2010/09/22 12:19:36 | 000,612,616 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\] > -> HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{4064EA35-578D-4073-A834-C96D82CBCF40}" [HKLM] -> C:\Arquivos de Programas\Save Flash\SaveFlash.dll [&Save Flash] -> [2010/06/01 04:44:20 | 001,210,368 | ---- | M] (PilotGroup LLC)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010/09/03 14:44:21 | 000,281,768 | ---- | M] (Avira GmbH)
"BCSSync" -> C:\Program Files\Microsoft Office\Office14\BCSSync.exe ["C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices] -> [2010/03/13 14:54:26 | 000,091,520 | ---- | M] (Microsoft Corporation)
"Control Center" -> C:\Arquivos de Programas\Control Center\CCenter.exe [C:\Program Files\Control Center\CCenter.exe] -> [2010/02/03 09:10:24 | 000,799,744 | ---- | M] ()
"fspuip" -> C:\Program Files\FSP\fspuip.exe ["C:\Program Files\FSP\fspuip.exe"] -> [2009/11/09 18:42:50 | 003,342,336 | ---- | M] (Sentelic Corporation)
"IAAnotif" -> C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009/10/13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation)
"Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation)
"NBAgent" -> C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe ["C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart] -> [2010/02/22 16:17:50 | 001,226,024 | ---- | M] (Nero AG)
"PWRISOVM.EXE" -> C:\Arquivos de Programas\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> [2007/04/09 09:23:11 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 22:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 22:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\] > -> HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Free Download Manager" -> C:\Program Files\Free Download Manager\fdm.exe [C:\Program Files\Free Download Manager\fdm.exe -autorun] -> [2010/09/08 18:11:50 | 003,788,847 | ---- | M] (FreeDownloadManager.ORG)
"OfficeSyncProcess" -> C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE ["C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"] -> [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation)
"uTorrent" -> C:\Program Files\uTorrent\uTorrent.exe ["C:\Program Files\uTorrent\uTorrent.exe"] -> [2010/09/30 02:26:23 | 000,487,800 | ---- | M] (BitTorrent, Inc.)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLinkedConnections" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/12/02 00:35:18 | 004,280,320 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/12/02 00:35:18 | 004,280,320 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\] > -> HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/12/02 00:35:18 | 004,280,320 | ---- | M] (Google Inc.)
Baixar com o Free Download Manager -> C:\Program Files\Free Download Manager\dllink.htm [file://C:\Program Files\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 000,002,140 | ---- | M] ()
Baixar tudo com o Free Download Manager -> C:\Program Files\Free Download Manager\dlall.htm [file://C:\Program Files\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 000,000,893 | ---- | M] ()
Baixar vídeo com o Free Download Manager -> C:\Program Files\Free Download Manager\dlfvideo.htm [file://C:\Program Files\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 000,001,706 | ---- | M] ()
Download selecionado pelo Free Download Manager -> C:\Program Files\Free Download Manager\dlselected.htm [file://C:\Program Files\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 000,000,463 | ---- | M] ()
E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000] -> [2010/03/13 14:53:52 | 020,753,760 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{0000036B-C524-4050-81A0-243669A86B9F}:{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} [HKLM] -> C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll [button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600] -> [2010/11/10 01:07:26 | 000,393,600 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll [button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004] -> [2010/11/10 01:15:56 | 000,188,256 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll [Menu: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003] -> [2010/11/10 01:15:56 | 000,188,256 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [button: Enviar para o OneNote] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [button: &Anotações Vinculadas do OneNote] -> [2010/02/28 04:41:04 | 000,496,528 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2010/02/28 04:41:04 | 000,496,528 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\] > -> HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\] > -> HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1647895026-1292580321-627541049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{3D3B42C2-11BF-4732-A304-A01384B70D68} [HKLM] -> http://picasaweb.google.com.br/s/v/67.18/uploader2.cab [uploadListView Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 11.0.0.1 8.8.8.8 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0E3EA854-2066-42EF-9074-47CBD4DF5C3F}\\DhcpNameServer -> 11.0.0.1 8.8.8.8   (Wireless G USB Adapter) -> 
{4D1791A2-3143-495F-BBE8-4BCA2308DE8E}\\DhcpNameServer -> 200.144.5.60 200.144.5.9   (RT73 USB Wireless LAN Card) -> 
{6EA3E8EE-B85F-457C-BB86-AE46D5595F57}\\NameServer -> 192.168.0.1   (NIC Fast Ethernet PCI-E Realtek Família RTL8102E/RTL8103E (NDIS 6.20)) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2010/03/25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation)
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\System32\pku2u.dll -> [2009/07/13 22:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
livessp -> C:\Windows\System32\livessp.dll -> [2010/09/21 13:03:14 | 000,208,768 | ---- | M] (Microsoft Corp.)
*MultiFile Done* -> -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> Driver de CD-ROM -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 18:42:20 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Usuario\Desktop\OTS.exe -> [2011/07/06 17:56:33 | 000,645,120 | ---- | C] (OldTimer Tools)
{CBFF90A5-57D2-49D3-9421-98DC1A4F0893} -> C:\Users\Usuario\AppData\Local\{CBFF90A5-57D2-49D3-9421-98DC1A4F0893} -> [2011/07/06 11:33:52 | 000,000,000 | ---D | C]
{44083456-49EE-4AB5-9CFE-1CC56FE703F9} -> C:\Users\Usuario\AppData\Local\{44083456-49EE-4AB5-9CFE-1CC56FE703F9} -> [2011/07/06 11:02:29 | 000,000,000 | ---D | C]
{D0166A1D-1AD7-43B4-8083-8A1FE443AE52} -> C:\Users\Usuario\AppData\Local\{D0166A1D-1AD7-43B4-8083-8A1FE443AE52} -> [2011/07/06 03:55:24 | 000,000,000 | ---D | C]
{C15306C8-8E4F-4612-BD31-A64FA9CB74CB} -> C:\Users\Usuario\AppData\Local\{C15306C8-8E4F-4612-BD31-A64FA9CB74CB} -> [2011/07/06 01:39:55 | 000,000,000 | ---D | C]
{8F0DA098-C3DE-4EF0-84A3-110257409C71} -> C:\Users\Usuario\AppData\Local\{8F0DA098-C3DE-4EF0-84A3-110257409C71} -> [2011/07/05 13:39:10 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Usuario\AppData\Roaming\Malwarebytes -> [2011/07/05 01:42:43 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/07/05 01:42:25 | 000,039,984 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/07/05 01:42:25 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/07/05 01:42:23 | 000,000,000 | ---D | C]
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/07/05 01:42:20 | 000,022,712 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Arquivos de Programas\Malwarebytes' Anti-Malware -> [2011/07/05 01:42:20 | 000,000,000 | ---D | C]
{7F80A3BD-FB92-4D32-93AA-E76D3636980B} -> C:\Users\Usuario\AppData\Local\{7F80A3BD-FB92-4D32-93AA-E76D3636980B} -> [2011/07/05 01:38:36 | 000,000,000 | ---D | C]
mbam-setup-1.51.0.1200.exe -> C:\Users\Usuario\Desktop\mbam-setup-1.51.0.1200.exe -> [2011/07/05 01:05:48 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    )
{BF02D824-7C83-4D32-8168-1A40A9B98321} -> C:\Users\Usuario\AppData\Local\{BF02D824-7C83-4D32-8168-1A40A9B98321} -> [2011/07/05 00:49:54 | 000,000,000 | ---D | C]
{81A074F8-54BC-4132-84E7-910B52D15D9C} -> C:\Users\Usuario\AppData\Local\{81A074F8-54BC-4132-84E7-910B52D15D9C} -> [2011/07/04 15:05:16 | 000,000,000 | ---D | C]
{3C8EA7E2-A16F-451E-B3F5-403AC847D2E2} -> C:\Users\Usuario\AppData\Local\{3C8EA7E2-A16F-451E-B3F5-403AC847D2E2} -> [2011/07/04 13:26:51 | 000,000,000 | ---D | C]
eTeks -> C:\Users\Usuario\eTeks -> [2011/07/04 05:17:36 | 000,000,000 | ---D | C]
eTeks Sweet Home 3D -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D -> [2011/07/04 05:05:30 | 000,000,000 | ---D | C]
Sweet Home 3D -> C:\Arquivos de Programas\Sweet Home 3D -> [2011/07/04 05:05:16 | 000,000,000 | ---D | C]
{03038A11-0D77-4898-96D7-F3BEB8F45FF7} -> C:\Users\Usuario\AppData\Local\{03038A11-0D77-4898-96D7-F3BEB8F45FF7} -> [2011/07/04 01:14:44 | 000,000,000 | ---D | C]
{73097C00-C3D7-402C-9F3A-C26BAD88FCB3} -> C:\Users\Usuario\AppData\Local\{73097C00-C3D7-402C-9F3A-C26BAD88FCB3} -> [2011/07/04 00:43:18 | 000,000,000 | ---D | C]
{85AB01A4-F15A-4019-88C1-01596902B450} -> C:\Users\Usuario\AppData\Local\{85AB01A4-F15A-4019-88C1-01596902B450} -> [2011/07/03 15:19:41 | 000,000,000 | ---D | C]
{536FD2D8-201B-49DB-8FC3-9B941EF1B80F} -> C:\Users\Usuario\AppData\Local\{536FD2D8-201B-49DB-8FC3-9B941EF1B80F} -> [2011/07/03 11:06:47 | 000,000,000 | ---D | C]
{03B487AA-D69E-476F-A8E0-37CE647C9495} -> C:\Users\Usuario\AppData\Local\{03B487AA-D69E-476F-A8E0-37CE647C9495} -> [2011/07/02 23:53:56 | 000,000,000 | ---D | C]
{7C188333-C303-44B1-ABF2-F5DF6A2E9A6B} -> C:\Users\Usuario\AppData\Local\{7C188333-C303-44B1-ABF2-F5DF6A2E9A6B} -> [2011/07/02 14:14:05 | 000,000,000 | ---D | C]
{A8821B19-C657-484A-B4E9-20518B69DDA7} -> C:\Users\Usuario\AppData\Local\{A8821B19-C657-484A-B4E9-20518B69DDA7} -> [2011/07/02 02:01:53 | 000,000,000 | ---D | C]
{5F3C7691-0393-47EB-822F-695EA13AAC0D} -> C:\Users\Usuario\AppData\Local\{5F3C7691-0393-47EB-822F-695EA13AAC0D} -> [2011/07/01 11:09:23 | 000,000,000 | ---D | C]
{10448EF9-23AC-4D56-ADB2-9988CFAD3BF9} -> C:\Users\Usuario\AppData\Local\{10448EF9-23AC-4D56-ADB2-9988CFAD3BF9} -> [2011/07/01 00:45:51 | 000,000,000 | ---D | C]
{A035D79E-DD56-4867-AEFE-3D05A6AAC51B} -> C:\Users\Usuario\AppData\Local\{A035D79E-DD56-4867-AEFE-3D05A6AAC51B} -> [2011/06/30 14:40:42 | 000,000,000 | ---D | C]
{9F15DE7C-5E6F-40FB-ADB6-AD8CDB343B86} -> C:\Users\Usuario\AppData\Local\{9F15DE7C-5E6F-40FB-ADB6-AD8CDB343B86} -> [2011/06/30 00:48:31 | 000,000,000 | ---D | C]
{0E5CC4F8-BE6E-4EF0-964A-BB6E813D7744} -> C:\Users\Usuario\AppData\Local\{0E5CC4F8-BE6E-4EF0-964A-BB6E813D7744} -> [2011/06/29 14:57:22 | 000,000,000 | ---D | C]
{8BBAED17-4833-4506-8226-095A86A62DDE} -> C:\Users\Usuario\AppData\Local\{8BBAED17-4833-4506-8226-095A86A62DDE} -> [2011/06/29 02:56:19 | 000,000,000 | ---D | C]
{C60F70A3-77F8-4E45-A95B-C551BD43F56E} -> C:\Users\Usuario\AppData\Local\{C60F70A3-77F8-4E45-A95B-C551BD43F56E} -> [2011/06/29 01:12:01 | 000,000,000 | ---D | C]
{D5BCA9D8-6062-4834-86B1-703985CC6BB6} -> C:\Users\Usuario\AppData\Local\{D5BCA9D8-6062-4834-86B1-703985CC6BB6} -> [2011/06/29 00:52:25 | 000,000,000 | ---D | C]
{6B370F47-1815-4532-B99B-F3738046CE33} -> C:\Users\Usuario\AppData\Local\{6B370F47-1815-4532-B99B-F3738046CE33} -> [2011/06/28 11:42:20 | 000,000,000 | ---D | C]
{9F921795-0B29-47CE-A27C-C2BC8B76CBDC} -> C:\Users\Usuario\AppData\Local\{9F921795-0B29-47CE-A27C-C2BC8B76CBDC} -> [2011/06/28 00:52:23 | 000,000,000 | ---D | C]
{3EECF821-6DE0-4A53-9520-2650F4DBF49E} -> C:\Users\Usuario\AppData\Local\{3EECF821-6DE0-4A53-9520-2650F4DBF49E} -> [2011/06/27 14:28:23 | 000,000,000 | ---D | C]
{3C054B4B-DEE1-48A6-91B6-490577F4B9B1} -> C:\Users\Usuario\AppData\Local\{3C054B4B-DEE1-48A6-91B6-490577F4B9B1} -> [2011/06/26 21:46:31 | 000,000,000 | ---D | C]
{5B01B00E-2181-4D5B-947B-6D658E8EDEA8} -> C:\Users\Usuario\AppData\Local\{5B01B00E-2181-4D5B-947B-6D658E8EDEA8} -> [2011/06/26 02:46:31 | 000,000,000 | ---D | C]
{9523753A-5C95-4A2F-97D8-E988A9A99EB6} -> C:\Users\Usuario\AppData\Local\{9523753A-5C95-4A2F-97D8-E988A9A99EB6} -> [2011/06/25 12:56:52 | 000,000,000 | ---D | C]
{A59428E6-1AC9-4F2B-A484-3E097B8F130A} -> C:\Users\Usuario\AppData\Local\{A59428E6-1AC9-4F2B-A484-3E097B8F130A} -> [2011/06/25 02:51:08 | 000,000,000 | ---D | C]
{ECE51325-D7D2-4DD8-BF3A-40809EB629CD} -> C:\Users\Usuario\AppData\Local\{ECE51325-D7D2-4DD8-BF3A-40809EB629CD} -> [2011/06/24 11:35:42 | 000,000,000 | ---D | C]
{FDE4501F-4B64-4794-A9AF-525DA9EECFD8} -> C:\Users\Usuario\AppData\Local\{FDE4501F-4B64-4794-A9AF-525DA9EECFD8} -> [2011/06/24 00:48:58 | 000,000,000 | ---D | C]
{AA254030-39D1-4278-95E9-9B19297CA919} -> C:\Users\Usuario\AppData\Local\{AA254030-39D1-4278-95E9-9B19297CA919} -> [2011/06/23 10:35:03 | 000,000,000 | ---D | C]
{10D00FB7-FED7-456F-846A-5E786422050A} -> C:\Users\Usuario\AppData\Local\{10D00FB7-FED7-456F-846A-5E786422050A} -> [2011/06/23 00:50:33 | 000,000,000 | ---D | C]
{F955313D-D31A-4C01-A0B4-5D52A1522E71} -> C:\Users\Usuario\AppData\Local\{F955313D-D31A-4C01-A0B4-5D52A1522E71} -> [2011/06/22 11:12:24 | 000,000,000 | ---D | C]
{3B6FAEDF-94D4-4C07-B26A-9A9B6ABF3C22} -> C:\Users\Usuario\AppData\Local\{3B6FAEDF-94D4-4C07-B26A-9A9B6ABF3C22} -> [2011/06/22 08:24:07 | 000,000,000 | ---D | C]
{8E1035C0-EDA6-412E-B3D0-46AED4129AC9} -> C:\Users\Usuario\AppData\Local\{8E1035C0-EDA6-412E-B3D0-46AED4129AC9} -> [2011/06/21 16:37:01 | 000,000,000 | ---D | C]
{2875C8DF-588F-43F4-85B3-CDD17E5046A0} -> C:\Users\Usuario\AppData\Local\{2875C8DF-588F-43F4-85B3-CDD17E5046A0} -> [2011/06/21 13:11:53 | 000,000,000 | ---D | C]
{E12E73B5-F0EE-47F7-9A78-628305FACE49} -> C:\Users\Usuario\AppData\Local\{E12E73B5-F0EE-47F7-9A78-628305FACE49} -> [2011/06/21 01:16:16 | 000,000,000 | ---D | C]
{B41AF705-2B56-4266-9730-358937347C68} -> C:\Users\Usuario\AppData\Local\{B41AF705-2B56-4266-9730-358937347C68} -> [2011/06/20 11:57:45 | 000,000,000 | ---D | C]
CCleaner -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner -> [2011/06/20 00:43:51 | 000,000,000 | ---D | C]
CCleaner -> C:\Arquivos de Programas\CCleaner -> [2011/06/20 00:43:49 | 000,000,000 | ---D | C]
{D0FE456B-AA8C-4D93-8FE3-D93E7C5224AA} -> C:\Users\Usuario\AppData\Local\{D0FE456B-AA8C-4D93-8FE3-D93E7C5224AA} -> [2011/06/20 00:38:08 | 000,000,000 | ---D | C]
{F37BAA6A-431F-48C1-BCB6-3D5CD1FC37CE} -> C:\Users\Usuario\AppData\Local\{F37BAA6A-431F-48C1-BCB6-3D5CD1FC37CE} -> [2011/06/19 10:48:25 | 000,000,000 | ---D | C]
{5AFDE234-D70E-4A01-83F1-FB398DAACF92} -> C:\Users\Usuario\AppData\Local\{5AFDE234-D70E-4A01-83F1-FB398DAACF92} -> [2011/06/19 02:57:13 | 000,000,000 | ---D | C]
{0C2E6A57-8395-4D88-B96F-FD003E70F419} -> C:\Users\Usuario\AppData\Local\{0C2E6A57-8395-4D88-B96F-FD003E70F419} -> [2011/06/18 12:42:31 | 000,000,000 | ---D | C]
{936FAFB9-CC9C-4DE9-862D-8EF9CD2A7C91} -> C:\Users\Usuario\AppData\Local\{936FAFB9-CC9C-4DE9-862D-8EF9CD2A7C91} -> [2011/06/18 09:57:52 | 000,000,000 | ---D | C]
{3BA1AF67-67CF-4A46-92C6-EF8F8975C72C} -> C:\Users\Usuario\AppData\Local\{3BA1AF67-67CF-4A46-92C6-EF8F8975C72C} -> [2011/06/18 00:52:55 | 000,000,000 | ---D | C]
{03F2B0F2-2CA2-4DD6-A8F3-91762349FE7A} -> C:\Users\Usuario\AppData\Local\{03F2B0F2-2CA2-4DD6-A8F3-91762349FE7A} -> [2011/06/17 11:54:46 | 000,000,000 | ---D | C]
{BF3181AA-F79E-4784-915D-A92201C66FBD} -> C:\Users\Usuario\AppData\Local\{BF3181AA-F79E-4784-915D-A92201C66FBD} -> [2011/06/17 00:50:58 | 000,000,000 | ---D | C]
{E74F08A4-DFEA-4F17-9A7C-FCBA1464B0CF} -> C:\Users\Usuario\AppData\Local\{E74F08A4-DFEA-4F17-9A7C-FCBA1464B0CF} -> [2011/06/16 10:51:20 | 000,000,000 | ---D | C]
{71107801-F66B-4FB0-96AB-048AE1C68241} -> C:\Users\Usuario\AppData\Local\{71107801-F66B-4FB0-96AB-048AE1C68241} -> [2011/06/16 10:29:46 | 000,000,000 | ---D | C]
Adobe -> C:\Arquivos de Programas\Common Files\Adobe -> [2011/06/16 02:15:33 | 000,000,000 | ---D | C]
Adobe -> C:\Arquivos de Programas\Adobe -> [2011/06/16 02:15:33 | 000,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2011/06/16 02:15:20 | 000,000,000 | -HSD | C]
{0EBE08DF-16C2-41B4-A8D8-D059A1AE47F0} -> C:\Users\Usuario\AppData\Local\{0EBE08DF-16C2-41B4-A8D8-D059A1AE47F0} -> [2011/06/16 00:43:33 | 000,000,000 | ---D | C]
{855AE459-D2B3-447A-8B7B-67977EECD207} -> C:\Users\Usuario\AppData\Local\{855AE459-D2B3-447A-8B7B-67977EECD207} -> [2011/06/15 11:22:15 | 000,000,000 | ---D | C]
{36F73C69-EC2A-4A22-80FF-866CAE9D247F} -> C:\Users\Usuario\AppData\Local\{36F73C69-EC2A-4A22-80FF-866CAE9D247F} -> [2011/06/14 16:14:33 | 000,000,000 | ---D | C]
{2661EFEC-149D-4A96-B600-32D6810E970A} -> C:\Users\Usuario\AppData\Local\{2661EFEC-149D-4A96-B600-32D6810E970A} -> [2011/06/14 02:16:07 | 000,000,000 | ---D | C]
{8F256C56-11C5-4916-BA04-4C00C7A9D4B2} -> C:\Users\Usuario\AppData\Local\{8F256C56-11C5-4916-BA04-4C00C7A9D4B2} -> [2011/06/13 14:15:01 | 000,000,000 | ---D | C]
{02D93DEB-95C4-4C02-B9D7-5775DE15BA52} -> C:\Users\Usuario\AppData\Local\{02D93DEB-95C4-4C02-B9D7-5775DE15BA52} -> [2011/06/13 02:13:58 | 000,000,000 | ---D | C]
{BAB0342B-3823-4B34-B71A-BFD07F440AF6} -> C:\Users\Usuario\AppData\Local\{BAB0342B-3823-4B34-B71A-BFD07F440AF6} -> [2011/06/12 14:13:01 | 000,000,000 | ---D | C]
Megacubo -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacubo -> [2011/06/12 04:08:42 | 000,000,000 | ---D | C]
Megacubo -> C:\Arquivos de Programas\Megacubo -> [2011/06/12 04:08:32 | 000,000,000 | ---D | C]
{50B97F53-CF72-44EC-B0B4-1C36F56C7D83} -> C:\Users\Usuario\AppData\Local\{50B97F53-CF72-44EC-B0B4-1C36F56C7D83} -> [2011/06/12 02:47:40 | 000,000,000 | ---D | C]
{9A87DD65-16D1-4FB6-B9C0-5DBD1D3EA047} -> C:\Users\Usuario\AppData\Local\{9A87DD65-16D1-4FB6-B9C0-5DBD1D3EA047} -> [2011/06/11 11:47:49 | 000,000,000 | ---D | C]
{35A9A724-5721-4094-8631-57D00B6AC881} -> C:\Users\Usuario\AppData\Local\{35A9A724-5721-4094-8631-57D00B6AC881} -> [2011/06/11 00:43:08 | 000,000,000 | ---D | C]
{8DE9B3CD-50E5-488D-8867-FFAC9559E88D} -> C:\Users\Usuario\AppData\Local\{8DE9B3CD-50E5-488D-8867-FFAC9559E88D} -> [2011/06/10 08:17:18 | 000,000,000 | ---D | C]
{1109C2A3-7B35-4C3B-B088-391CE474541C} -> C:\Users\Usuario\AppData\Local\{1109C2A3-7B35-4C3B-B088-391CE474541C} -> [2011/06/10 00:49:46 | 000,000,000 | ---D | C]
{117D5BFA-213D-4258-A880-88A9831B31E6} -> C:\Users\Usuario\AppData\Local\{117D5BFA-213D-4258-A880-88A9831B31E6} -> [2011/06/09 14:17:33 | 000,000,000 | ---D | C]
{431DCC58-A7DC-4552-A0A2-B7C1E2B90503} -> C:\Users\Usuario\AppData\Local\{431DCC58-A7DC-4552-A0A2-B7C1E2B90503} -> [2011/06/08 23:24:33 | 000,000,000 | ---D | C]
{812BB3DD-67B2-4639-B446-D40BF7FEFBF8} -> C:\Users\Usuario\AppData\Local\{812BB3DD-67B2-4639-B446-D40BF7FEFBF8} -> [2011/06/08 12:43:57 | 000,000,000 | ---D | C]
{659D8578-E997-4BA5-8F09-7E40E979ACEC} -> C:\Users\Usuario\AppData\Local\{659D8578-E997-4BA5-8F09-7E40E979ACEC} -> [2011/06/08 00:37:02 | 000,000,000 | ---D | C]
{118F40DE-05E4-41AD-812C-24638777F593} -> C:\Users\Usuario\AppData\Local\{118F40DE-05E4-41AD-812C-24638777F593} -> [2011/06/07 14:22:48 | 000,000,000 | ---D | C]
{C9541641-C650-429B-8F30-947CEF6DD74B} -> C:\Users\Usuario\AppData\Local\{C9541641-C650-429B-8F30-947CEF6DD74B} -> [2011/06/07 02:22:21 | 000,000,000 | ---D | C]
LinhaDefensiva -> C:\LinhaDefensiva -> [2011/06/07 01:32:28 | 000,000,000 | ---D | C]
{2EC545ED-8EE5-45E4-8062-C6AB48B149C4} -> C:\Users\Usuario\AppData\Local\{2EC545ED-8EE5-45E4-8062-C6AB48B149C4} -> [2011/06/07 00:53:06 | 000,000,000 | ---D | C]
IGFXDEVLib.dll -> C:\Windows\System32\IGFXDEVLib.dll -> [2010/09/27 15:21:35 | 000,004,096 | ---- | C] ( )
drvc.dll -> C:\Windows\System32\drvc.dll -> [2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( )
1 C:\Users\Usuario\AppData\Local\*.tmp files -> C:\Users\Usuario\AppData\Local\*.tmp -> 

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskUserS-1-5-21-1647895026-1292580321-627541049-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1647895026-1292580321-627541049-1000UA.job -> [2011/07/06 17:59:01 | 000,001,086 | ---- | M] ()
OTS.exe -> C:\Users\Usuario\Desktop\OTS.exe -> [2011/07/06 17:57:51 | 000,645,120 | ---- | M] (OldTimer Tools)
.jmf-resource -> C:\Users\Usuario\.jmf-resource -> [2011/07/06 17:53:17 | 000,000,678 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/06 17:28:38 | 000,013,424 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/06 17:28:38 | 000,013,424 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/07/06 17:24:40 | 000,001,058 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/07/06 17:21:40 | 000,001,054 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/07/06 17:21:08 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/07/06 17:21:05 | 2306,244,608 | -HS- | M] ()
prfh0416.dat -> C:\Windows\System32\prfh0416.dat -> [2011/07/05 13:12:33 | 000,654,470 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/07/05 13:12:33 | 000,607,190 | ---- | M] ()
prfc0416.dat -> C:\Windows\System32\prfc0416.dat -> [2011/07/05 13:12:33 | 000,124,922 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/07/05 13:12:33 | 000,103,568 | ---- | M] ()
aaa.wmv -> C:\Users\Usuario\Desktop\aaa.wmv -> [2011/07/05 10:56:41 | 000,954,772 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/07/05 01:42:25 | 000,001,067 | ---- | M] ()
mbam-setup-1.51.0.1200.exe -> C:\Users\Usuario\Desktop\mbam-setup-1.51.0.1200.exe -> [2011/07/05 01:17:51 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    )
Sweet Home 3D.lnk -> C:\Users\Usuario\Desktop\Sweet Home 3D.lnk -> [2011/07/04 05:05:30 | 000,001,019 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1647895026-1292580321-627541049-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1647895026-1292580321-627541049-1000Core.job -> [2011/07/02 16:59:00 | 000,001,034 | ---- | M] ()
Google Chrome.lnk -> C:\Users\Usuario\Desktop\Google Chrome.lnk -> [2011/06/30 01:00:50 | 000,002,369 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/06/29 01:32:15 | 000,006,656 | ---- | M] ()
OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> [2011/06/21 14:13:26 | 000,001,264 | ---- | M] ()
CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/06/20 00:43:51 | 000,000,965 | ---- | M] ()
Adobe Reader X.lnk -> C:\Users\Public\Desktop\Adobe Reader X.lnk -> [2011/06/16 02:15:38 | 000,001,989 | ---- | M] ()
MiniTuner.lnk -> C:\Users\Public\Desktop\MiniTuner.lnk -> [2011/06/12 04:08:42 | 000,001,883 | ---- | M] ()
Megacubo.lnk -> C:\Users\Public\Desktop\Megacubo.lnk -> [2011/06/12 04:08:42 | 000,000,965 | ---- | M] ()
1 C:\Users\Usuario\AppData\Local\*.tmp files -> C:\Users\Usuario\AppData\Local\*.tmp -> 

[Files - No Company Name]
.jmf-resource -> C:\Users\Usuario\.jmf-resource -> [2011/07/06 17:53:17 | 000,000,678 | ---- | C] ()
aaa.wmv -> C:\Users\Usuario\Desktop\aaa.wmv -> [2011/07/05 10:56:34 | 000,954,772 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/07/05 01:42:25 | 000,001,067 | ---- | C] ()
Sweet Home 3D.lnk -> C:\Users\Usuario\Desktop\Sweet Home 3D.lnk -> [2011/07/04 05:05:30 | 000,001,019 | ---- | C] ()
CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/06/20 00:43:51 | 000,000,965 | ---- | C] ()
Adobe Reader X.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> [2011/06/16 02:15:38 | 000,002,441 | ---- | C] ()
Adobe Reader X.lnk -> C:\Users\Public\Desktop\Adobe Reader X.lnk -> [2011/06/16 02:15:38 | 000,001,989 | ---- | C] ()
MiniTuner.lnk -> C:\Users\Public\Desktop\MiniTuner.lnk -> [2011/06/12 04:08:42 | 000,001,883 | ---- | C] ()
Megacubo.lnk -> C:\Users\Public\Desktop\Megacubo.lnk -> [2011/06/12 04:08:42 | 000,000,965 | ---- | C] ()
{AA89B873-C567-4CEC-A253-2CAF19CBD519} -> C:\Users\Usuario\AppData\Local\{AA89B873-C567-4CEC-A253-2CAF19CBD519} -> [2011/05/02 22:08:02 | 000,000,000 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/01/12 00:32:04 | 000,006,656 | ---- | C] ()
igfxtvcx.dll -> C:\Windows\System32\igfxtvcx.dll -> [2010/09/27 15:32:56 | 000,140,288 | ---- | C] ()
iglhsip32.dll -> C:\Windows\System32\iglhsip32.dll -> [2010/09/27 15:22:11 | 000,208,896 | ---- | C] ()
iglhcp32.dll -> C:\Windows\System32\iglhcp32.dll -> [2010/09/27 15:22:11 | 000,143,360 | ---- | C] ()
igkrng575.bin -> C:\Windows\System32\igkrng575.bin -> [2010/09/27 15:22:10 | 000,870,544 | ---- | C] ()
igfcg575m.bin -> C:\Windows\System32\igfcg575m.bin -> [2010/09/27 15:21:34 | 000,051,068 | ---- | C] ()
igcompkrng575.bin -> C:\Windows\System32\igcompkrng575.bin -> [2010/09/27 15:21:25 | 000,127,896 | ---- | C] ()
GfxUI.exe.config -> C:\Windows\System32\GfxUI.exe.config -> [2010/09/27 15:21:18 | 000,000,151 | ---- | C] ()
prfh0416.dat -> C:\Windows\System32\prfh0416.dat -> [2009/07/29 15:38:51 | 000,654,470 | ---- | C] ()
prfi0416.dat -> C:\Windows\System32\prfi0416.dat -> [2009/07/29 15:38:51 | 000,323,154 | ---- | C] ()
prfc0416.dat -> C:\Windows\System32\prfc0416.dat -> [2009/07/29 15:38:51 | 000,124,922 | ---- | C] ()
prfd0416.dat -> C:\Windows\System32\prfd0416.dat -> [2009/07/29 15:38:51 | 000,038,536 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 01:57:37 | 000,067,584 | --S- | C] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/07/14 01:33:53 | 000,406,440 | ---- | C] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/07/13 23:05:48 | 000,607,190 | ---- | C] ()
perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2009/07/13 23:05:48 | 000,291,294 | ---- | C] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/07/13 23:05:48 | 000,103,568 | ---- | C] ()
perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2009/07/13 23:05:48 | 000,031,548 | ---- | C] ()
NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2009/07/13 23:05:05 | 000,000,741 | ---- | C] ()
dssec.dat -> C:\Windows\System32\dssec.dat -> [2009/07/13 23:04:11 | 000,215,943 | ---- | C] ()
PrintBrmUi.exe -> C:\Windows\System32\PrintBrmUi.exe -> [2009/07/13 21:19:49 | 000,066,048 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2009/07/13 20:55:01 | 000,043,131 | ---- | C] ()
BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/13 20:51:43 | 000,073,728 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/13 20:42:10 | 000,064,000 | ---- | C] ()
mlang.dat -> C:\Windows\System32\mlang.dat -> [2009/06/10 18:26:10 | 000,673,088 | ---- | C] ()
libavcodec.dll -> C:\Windows\System32\libavcodec.dll -> [2008/12/19 12:15:58 | 004,338,246 | ---- | C] ()
ff_x264.dll -> C:\Windows\System32\ff_x264.dll -> [2008/12/17 14:41:18 | 000,884,237 | ---- | C] ()
ff_wmv9.dll -> C:\Windows\System32\ff_wmv9.dll -> [2008/12/17 14:22:58 | 000,093,184 | ---- | C] ()
ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2008/12/17 14:22:48 | 000,057,344 | ---- | C] ()
ff_theora.dll -> C:\Windows\System32\ff_theora.dll -> [2008/12/17 14:17:34 | 000,239,247 | ---- | C] ()
libmplayer.dll -> C:\Windows\System32\libmplayer.dll -> [2008/12/17 13:59:54 | 000,560,802 | ---- | C] ()
sherlock2.exe -> C:\Windows\System32\sherlock2.exe -> [2006/11/02 13:10:16 | 000,080,912 | ---- | C] ()
ff_mpeg2enc.dll -> C:\Windows\System32\ff_mpeg2enc.dll -> [2004/10/03 14:50:54 | 000,129,024 | ---- | C] ()

[File - Lop Check]
Free Download Manager -> C:\Users\Usuario\AppData\Roaming\Free Download Manager -> [2011/07/06 17:59:26 | 000,000,000 | ---D | M]
LimeWire -> C:\Users\Usuario\AppData\Roaming\LimeWire -> [2010/11/07 01:30:36 | 000,000,000 | ---D | M]
Unity -> C:\Users\Usuario\AppData\Roaming\Unity -> [2011/05/10 23:31:41 | 000,000,000 | ---D | M]
uTorrent -> C:\Users\Usuario\AppData\Roaming\uTorrent -> [2011/07/06 17:52:18 | 000,000,000 | ---D | M]
Windows Live Writer -> C:\Users\Usuario\AppData\Roaming\Windows Live Writer -> [2011/04/25 22:20:30 | 000,000,000 | ---D | M]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/07/06 11:10:57 | 000,032,608 | ---- | M] ()

[File - Purity Scan]

< End of report >

 

Obs.:

 

* Já troquei a senha do msn

 

-> Embora o computador não esteje iniciando com a CPU em 100% ( já melhou bem ), mesmo assim, fica oscilando bastante vindo a travar algumas vezes.

 

Por exemplo: 40% 25% 70% 90% 20% 50% 80% 65% 90% 55% assim por diante, na maioria do tempo acima de 50%.

 

Ok!

[wings 22]

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

 

*Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop!

*Cole o relatório apresentado

[aaadrianooo 0]

ComboFix 11-07-06.06 - Usuario 07/07/2011 6:48.1.4 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.2933.1657 [GMT -3:00]

Executando de: c:\users\Usuario\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7718D1E6-94DF-4A84-AE91-661EA218F5C4}.xps

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-07 to 2011-07-07 ))))))))))))))))))))))))))))

.

.

2011-07-07 09:54 . 2011-07-07 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-07 09:32 . 2011-07-07 09:33 -------- d-----w- c:\users\Usuario\AppData\Local\{11A30556-5E2E-4A3E-B6C6-B7A8996479C5}

2011-07-06 14:33 . 2011-07-06 14:34 -------- d-----w- c:\users\Usuario\AppData\Local\{CBFF90A5-57D2-49D3-9421-98DC1A4F0893}

2011-07-06 14:02 . 2011-07-06 14:02 -------- d-----w- c:\users\Usuario\AppData\Local\{44083456-49EE-4AB5-9CFE-1CC56FE703F9}

2011-07-06 06:55 . 2011-07-06 06:55 -------- d-----w- c:\users\Usuario\AppData\Local\{D0166A1D-1AD7-43B4-8083-8A1FE443AE52}

2011-07-06 04:39 . 2011-07-06 04:39 -------- d-----w- c:\users\Usuario\AppData\Local\{C15306C8-8E4F-4612-BD31-A64FA9CB74CB}

2011-07-05 16:39 . 2011-07-05 16:39 -------- d-----w- c:\users\Usuario\AppData\Local\{8F0DA098-C3DE-4EF0-84A3-110257409C71}

2011-07-05 04:42 . 2011-07-05 04:42 -------- d-----w- c:\users\Usuario\AppData\Roaming\Malwarebytes

2011-07-05 04:42 . 2011-05-29 12:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-05 04:42 . 2011-07-05 04:42 -------- d-----w- c:\programdata\Malwarebytes

2011-07-05 04:42 . 2011-07-05 04:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-05 04:42 . 2011-05-29 12:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 04:38 . 2011-07-05 04:38 -------- d-----w- c:\users\Usuario\AppData\Local\{7F80A3BD-FB92-4D32-93AA-E76D3636980B}

2011-07-05 03:49 . 2011-07-05 03:50 -------- d-----w- c:\users\Usuario\AppData\Local\{BF02D824-7C83-4D32-8168-1A40A9B98321}

2011-07-04 18:05 . 2011-07-04 18:05 -------- d-----w- c:\users\Usuario\AppData\Local\{81A074F8-54BC-4132-84E7-910B52D15D9C}

2011-07-04 16:26 . 2011-07-04 16:26 -------- d-----w- c:\users\Usuario\AppData\Local\{3C8EA7E2-A16F-451E-B3F5-403AC847D2E2}

2011-07-04 08:17 . 2011-07-04 08:17 -------- d-----w- c:\users\Usuario\eTeks

2011-07-04 08:05 . 2011-07-04 08:05 -------- d-----w- c:\program files\Sweet Home 3D

2011-07-04 07:37 . 2011-06-20 11:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0ADEDC5-52A3-4D91-BAF2-3DF436F98C58}\mpengine.dll

2011-07-04 04:14 . 2011-07-04 04:15 -------- d-----w- c:\users\Usuario\AppData\Local\{03038A11-0D77-4898-96D7-F3BEB8F45FF7}

2011-07-04 03:43 . 2011-07-04 03:43 -------- d-----w- c:\users\Usuario\AppData\Local\{73097C00-C3D7-402C-9F3A-C26BAD88FCB3}

2011-07-03 18:19 . 2011-07-03 18:20 -------- d-----w- c:\users\Usuario\AppData\Local\{85AB01A4-F15A-4019-88C1-01596902B450}

2011-07-03 14:06 . 2011-07-03 14:07 -------- d-----w- c:\users\Usuario\AppData\Local\{536FD2D8-201B-49DB-8FC3-9B941EF1B80F}

2011-07-03 02:53 . 2011-07-03 02:54 -------- d-----w- c:\users\Usuario\AppData\Local\{03B487AA-D69E-476F-A8E0-37CE647C9495}

2011-07-02 17:14 . 2011-07-02 17:14 -------- d-----w- c:\users\Usuario\AppData\Local\{7C188333-C303-44B1-ABF2-F5DF6A2E9A6B}

2011-07-02 05:01 . 2011-07-02 05:02 -------- d-----w- c:\users\Usuario\AppData\Local\{A8821B19-C657-484A-B4E9-20518B69DDA7}

2011-07-01 14:09 . 2011-07-01 14:10 -------- d-----w- c:\users\Usuario\AppData\Local\{5F3C7691-0393-47EB-822F-695EA13AAC0D}

2011-07-01 03:45 . 2011-07-01 03:46 -------- d-----w- c:\users\Usuario\AppData\Local\{10448EF9-23AC-4D56-ADB2-9988CFAD3BF9}

2011-06-30 17:40 . 2011-06-30 17:41 -------- d-----w- c:\users\Usuario\AppData\Local\{A035D79E-DD56-4867-AEFE-3D05A6AAC51B}

2011-06-30 03:48 . 2011-06-30 03:49 -------- d-----w- c:\users\Usuario\AppData\Local\{9F15DE7C-5E6F-40FB-ADB6-AD8CDB343B86}

2011-06-29 17:57 . 2011-06-29 17:57 -------- d-----w- c:\users\Usuario\AppData\Local\{0E5CC4F8-BE6E-4EF0-964A-BB6E813D7744}

2011-06-29 05:56 . 2011-06-29 05:57 -------- d-----w- c:\users\Usuario\AppData\Local\{8BBAED17-4833-4506-8226-095A86A62DDE}

2011-06-29 04:12 . 2011-06-29 04:12 -------- d-----w- c:\users\Usuario\AppData\Local\{C60F70A3-77F8-4E45-A95B-C551BD43F56E}

2011-06-29 03:52 . 2011-06-29 03:52 -------- d-----w- c:\users\Usuario\AppData\Local\{D5BCA9D8-6062-4834-86B1-703985CC6BB6}

2011-06-28 14:42 . 2011-06-28 14:42 -------- d-----w- c:\users\Usuario\AppData\Local\{6B370F47-1815-4532-B99B-F3738046CE33}

2011-06-28 03:52 . 2011-06-28 03:52 -------- d-----w- c:\users\Usuario\AppData\Local\{9F921795-0B29-47CE-A27C-C2BC8B76CBDC}

2011-06-27 17:28 . 2011-06-27 17:28 -------- d-----w- c:\users\Usuario\AppData\Local\{3EECF821-6DE0-4A53-9520-2650F4DBF49E}

2011-06-27 00:46 . 2011-06-27 00:46 -------- d-----w- c:\users\Usuario\AppData\Local\{3C054B4B-DEE1-48A6-91B6-490577F4B9B1}

2011-06-26 05:46 . 2011-06-26 05:46 -------- d-----w- c:\users\Usuario\AppData\Local\{5B01B00E-2181-4D5B-947B-6D658E8EDEA8}

2011-06-25 15:56 . 2011-06-25 15:57 -------- d-----w- c:\users\Usuario\AppData\Local\{9523753A-5C95-4A2F-97D8-E988A9A99EB6}

2011-06-25 05:51 . 2011-06-25 05:51 -------- d-----w- c:\users\Usuario\AppData\Local\{A59428E6-1AC9-4F2B-A484-3E097B8F130A}

2011-06-24 14:35 . 2011-06-24 14:36 -------- d-----w- c:\users\Usuario\AppData\Local\{ECE51325-D7D2-4DD8-BF3A-40809EB629CD}

2011-06-24 03:48 . 2011-06-24 03:49 -------- d-----w- c:\users\Usuario\AppData\Local\{FDE4501F-4B64-4794-A9AF-525DA9EECFD8}

2011-06-23 13:35 . 2011-06-23 13:35 -------- d-----w- c:\users\Usuario\AppData\Local\{AA254030-39D1-4278-95E9-9B19297CA919}

2011-06-23 03:50 . 2011-06-23 03:50 -------- d-----w- c:\users\Usuario\AppData\Local\{10D00FB7-FED7-456F-846A-5E786422050A}

2011-06-22 14:12 . 2011-06-22 14:12 -------- d-----w- c:\users\Usuario\AppData\Local\{F955313D-D31A-4C01-A0B4-5D52A1522E71}

2011-06-22 11:24 . 2011-06-22 11:25 -------- d-----w- c:\users\Usuario\AppData\Local\{3B6FAEDF-94D4-4C07-B26A-9A9B6ABF3C22}

2011-06-21 19:37 . 2011-06-21 19:38 -------- d-----w- c:\users\Usuario\AppData\Local\{8E1035C0-EDA6-412E-B3D0-46AED4129AC9}

2011-06-21 16:11 . 2011-06-21 16:12 -------- d-----w- c:\users\Usuario\AppData\Local\{2875C8DF-588F-43F4-85B3-CDD17E5046A0}

2011-06-21 04:16 . 2011-06-21 04:17 -------- d-----w- c:\users\Usuario\AppData\Local\{E12E73B5-F0EE-47F7-9A78-628305FACE49}

2011-06-20 14:57 . 2011-06-20 14:57 -------- d-----w- c:\users\Usuario\AppData\Local\{B41AF705-2B56-4266-9730-358937347C68}

2011-06-20 03:43 . 2011-06-20 03:43 -------- d-----w- c:\program files\CCleaner

2011-06-20 03:38 . 2011-06-20 03:38 -------- d-----w- c:\users\Usuario\AppData\Local\{D0FE456B-AA8C-4D93-8FE3-D93E7C5224AA}

2011-06-19 13:48 . 2011-06-19 13:48 -------- d-----w- c:\users\Usuario\AppData\Local\{F37BAA6A-431F-48C1-BCB6-3D5CD1FC37CE}

2011-06-19 05:57 . 2011-06-19 05:57 -------- d-----w- c:\users\Usuario\AppData\Local\{5AFDE234-D70E-4A01-83F1-FB398DAACF92}

2011-06-18 15:42 . 2011-06-18 15:42 -------- d-----w- c:\users\Usuario\AppData\Local\{0C2E6A57-8395-4D88-B96F-FD003E70F419}

2011-06-18 12:57 . 2011-06-18 12:57 -------- d-----w- c:\users\Usuario\AppData\Local\{936FAFB9-CC9C-4DE9-862D-8EF9CD2A7C91}

2011-06-18 03:52 . 2011-06-18 03:53 -------- d-----w- c:\users\Usuario\AppData\Local\{3BA1AF67-67CF-4A46-92C6-EF8F8975C72C}

2011-06-17 14:54 . 2011-06-17 14:55 -------- d-----w- c:\users\Usuario\AppData\Local\{03F2B0F2-2CA2-4DD6-A8F3-91762349FE7A}

2011-06-17 03:50 . 2011-06-17 03:50 -------- d-----w- c:\users\Usuario\AppData\Local\{BF3181AA-F79E-4784-915D-A92201C66FBD}

2011-06-16 13:51 . 2011-06-16 13:51 -------- d-----w- c:\users\Usuario\AppData\Local\{E74F08A4-DFEA-4F17-9A7C-FCBA1464B0CF}

2011-06-16 13:29 . 2011-06-16 13:29 -------- d-----w- c:\users\Usuario\AppData\Local\{71107801-F66B-4FB0-96AB-048AE1C68241}

2011-06-16 05:15 . 2011-06-16 05:15 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-16 03:43 . 2011-06-16 03:43 -------- d-----w- c:\users\Usuario\AppData\Local\{0EBE08DF-16C2-41B4-A8D8-D059A1AE47F0}

2011-06-15 14:22 . 2011-06-15 14:22 -------- d-----w- c:\users\Usuario\AppData\Local\{855AE459-D2B3-447A-8B7B-67977EECD207}

2011-06-14 19:14 . 2011-06-14 19:15 -------- d-----w- c:\users\Usuario\AppData\Local\{36F73C69-EC2A-4A22-80FF-866CAE9D247F}

2011-06-14 05:16 . 2011-06-14 05:16 -------- d-----w- c:\users\Usuario\AppData\Local\{2661EFEC-149D-4A96-B600-32D6810E970A}

2011-06-13 17:15 . 2011-06-13 17:15 -------- d-----w- c:\users\Usuario\AppData\Local\{8F256C56-11C5-4916-BA04-4C00C7A9D4B2}

2011-06-13 05:13 . 2011-06-13 05:14 -------- d-----w- c:\users\Usuario\AppData\Local\{02D93DEB-95C4-4C02-B9D7-5775DE15BA52}

2011-06-12 17:13 . 2011-06-12 17:13 -------- d-----w- c:\users\Usuario\AppData\Local\{BAB0342B-3823-4B34-B71A-BFD07F440AF6}

2011-06-12 07:08 . 2011-06-12 07:08 -------- d-----w- c:\program files\Megacubo

2011-06-12 05:47 . 2011-06-12 05:48 -------- d-----w- c:\users\Usuario\AppData\Local\{50B97F53-CF72-44EC-B0B4-1C36F56C7D83}

2011-06-11 14:47 . 2011-06-11 14:48 -------- d-----w- c:\users\Usuario\AppData\Local\{9A87DD65-16D1-4FB6-B9C0-5DBD1D3EA047}

2011-06-11 03:43 . 2011-06-11 03:44 -------- d-----w- c:\users\Usuario\AppData\Local\{35A9A724-5721-4094-8631-57D00B6AC881}

2011-06-10 11:17 . 2011-06-10 11:18 -------- d-----w- c:\users\Usuario\AppData\Local\{8DE9B3CD-50E5-488D-8867-FFAC9559E88D}

2011-06-10 03:49 . 2011-06-10 03:50 -------- d-----w- c:\users\Usuario\AppData\Local\{1109C2A3-7B35-4C3B-B088-391CE474541C}

2011-06-09 17:17 . 2011-06-09 17:18 -------- d-----w- c:\users\Usuario\AppData\Local\{117D5BFA-213D-4258-A880-88A9831B31E6}

2011-06-09 02:24 . 2011-06-09 02:25 -------- d-----w- c:\users\Usuario\AppData\Local\{431DCC58-A7DC-4552-A0A2-B7C1E2B90503}

2011-06-08 15:43 . 2011-06-08 15:43 -------- d-----w- c:\users\Usuario\AppData\Local\{812BB3DD-67B2-4639-B446-D40BF7FEFBF8}

2011-06-08 03:37 . 2011-06-08 03:37 -------- d-----w- c:\users\Usuario\AppData\Local\{659D8578-E997-4BA5-8F09-7E40E979ACEC}

2011-06-07 17:22 . 2011-06-07 17:22 -------- d-----w- c:\users\Usuario\AppData\Local\{118F40DE-05E4-41AD-812C-24638777F593}

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 22:14 . 2010-09-27 19:33 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-19 02:21 . 2011-05-19 02:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-04 07:52 . 2011-02-18 21:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-03 01:09 . 2011-05-03 01:09 0 ---ha-w- c:\users\Usuario\AppData\Local\BITBD0D.tmp

2011-04-26 19:58 . 2011-04-26 19:58 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-30 487800]

"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-09-08 3788847]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-15 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-15 166936]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"Control Center"="c:\program files\Control Center\CCenter.exe" [2010-02-03 799744]

"fspuip"="c:\program files\FSP\fspuip.exe" [2009-11-09 3342336]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-03 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 tpsacpi;TPS Firmware Extension Device Driver;c:\windows\system32\DRIVERS\tpsacpi.SYS [2008-08-27 10728]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-01 136360]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-08-14 1334784]

S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-11-09 42496]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 18:08]

.

2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 18:08]

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647895026-1292580321-627541049-1000Core.job

- c:\users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 22:34]

.

2011-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1647895026-1292580321-627541049-1000UA.job

- c:\users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 22:34]

.

.

------- Scan Suplementar -------

.

IE: &Enviar para o OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Baixar com o Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 11.0.0.1 8.8.8.8

TCP: Interfaces\{6EA3E8EE-B85F-457C-BB86-AE46D5595F57}: NameServer = 192.168.0.1

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-07-07 06:57:06

ComboFix-quarantined-files.txt 2011-07-07 09:57

.

Pré-execução: 224.206.405.632 bytes disponíveis

Pós execução: 224.089.575.424 bytes disponíveis

.

- - End Of File - - A52CF169830BC44C6324359773B2CEF7

[wings 22]

OK...log limpo.

 

Caso o problema persista não há relação com malwares.

 

Para desinstalar o OTS e o Combofix..

 

*Execute o OTS

*Clique [CleanUp] > [Yes]

*O PC será reiniciado

 

 

Um abraço.

[aaadrianooo 0]

Agradeço a ajuda, muito obrigado! :joia:

 

 

 

 

 

 

 

 

 

 

___________________________________________________________________________________________________________________________The End

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.