[Resolvido] &nbspAnalisem meu log

maceno · Novembro 22, 2011

Analisem meu log vejam se tem algum keylogger me monitorando

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 07:24:58, on 22/11/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Documentos\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Community Toolbar - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Messenger Plus Community Toolbar - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [DIMBaixando a sua atualização...1300677038363] "C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_410003\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\documentos\appdata\roaming\corel\messages\540215253_410003\br\messagecache1\workflow"

O4 - HKCU\..\Run: [EPSON TX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\Windows\TEMP\E_S2D7F.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-1837178300-1776902075-3512206551-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1837178300-1776902075-3512206551-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = Documentos\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10930 bytes

wings · Novembro 22, 2011

Olá maceno

Responda: qual o motivo de pensar que há keylogger?

*Baixe o OTL e salve-o no desktop

Obs. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar:

*Execute-o e selecione as opções:

Verificar All Users

Usar WhiteList para Nomes de Companhias

Ignorar Arquivos Microsoft

Use No-Company-Name Whitelist

Verificar Lop

Verificar Purity

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt localizados no desktop

Caso o relatório OTL.txt fique demasiadamente grande...

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

maceno · Novembro 22, 2011

Pois é baixei um servidor de um jogo de rpg e geralmente esses servidores eles colocam keylogger pra descobrir senhas de contas dos jogos, mas creio que esse que baixei não deveria ter, mas como vocês são expert nisso resolvi passar aqui para me ajudar a ver se realmente tem ou não.

OTL

OTL logfile created on: 22/11/2011 18:30:40 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Documentos\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,98 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,12% Memory free

7,96 Gb Paging File | 5,96 Gb Available in Paging File | 74,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 92,67 Gb Total Space | 53,67 Gb Free Space | 57,91% Space Free | Partition Type: NTFS

Drive D: | 838,74 Gb Total Space | 620,63 Gb Free Space | 74,00% Space Free | Partition Type: NTFS

Drive G: | 979,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOCUMENTOS-PC | User Name: Documentos | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 18:29:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe

PRC - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/09/28 18:55:35 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

PRC - [2011/09/06 18:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe

PRC - [2011/09/06 18:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/05/26 12:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

PRC - [2011/04/27 10:55:28 | 000,973,824 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

PRC - [2011/01/20 07:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

PRC - [2009/12/03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/28 18:55:35 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

MOD - [2011/06/16 12:53:17 | 000,403,000 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\ppGoogleNaClPluginChrome.dll

MOD - [2011/06/16 12:53:16 | 004,118,584 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\pdf.dll

MOD - [2011/06/16 12:51:38 | 000,104,520 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\avutil-50.dll

MOD - [2011/06/16 12:51:37 | 000,203,848 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\avformat-52.dll

MOD - [2011/06/16 12:51:35 | 001,846,344 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\avcodec-52.dll

MOD - [2011/06/16 10:49:17 | 006,333,088 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\gcswf32.dll

MOD - [2011/06/16 10:49:17 | 006,333,088 | ---- | M] () -- C:\Users\DOCUME~1\AppData\Local\Google\Chrome\APPLIC~1\140794~1.0\gcswf32.dll

MOD - [2011/04/19 13:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

MOD - [2011/04/19 13:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

MOD - [2011/03/02 12:11:33 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll

MOD - [2011/03/02 12:11:22 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll

MOD - [2011/03/02 12:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detoured.dll

MOD - [2009/07/14 02:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009/07/14 02:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009/07/14 02:55:24 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll

MOD - [2009/07/14 02:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009/07/14 02:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll

MOD - [2009/07/14 02:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009/07/14 02:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 18:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/08/23 04:43:40 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\DOCUME~1\AppData\Local\Temp\7zS417D\hpslpsvc64.dll -- (HPSLPSVC)

SRV - [2010/07/13 19:26:12 | 000,719,216 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Arquivos de Programas\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV - [2010/07/13 19:26:08 | 007,329,648 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Arquivos de Programas\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/09/14 03:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)

SRV - [2009/09/14 03:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)

SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/02 13:57:07 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011/09/06 18:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011/09/06 18:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011/09/06 18:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011/09/06 18:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011/09/06 18:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/09/06 18:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/06/20 23:47:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2010/12/28 17:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/05/19 19:52:38 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/01/27 00:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009/09/21 21:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/07/13 23:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 23:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 23:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/02/16 17:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.br/ [binary data]

IE - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 AC C6 BC 45 2F CC 01 [binary data]

IE - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\14.0.794.0\pdf.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Users\Documentos\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2011/08/08 00:14:16 | 000,000,922 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()

O3:64bit: - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [spywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found

O4:64bit: - HKLM..\Run: [spywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000..\Run: [DIMBaixando a sua atualização...1300677038363] C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe (Corel Corporation)

O4 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000..\Run: [EPSON TX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\Windows\TEMP\E_S2D7F.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1837178300-1776902075-3512206551-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Documentos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Documentos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Documentos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A6B231-3B37-482D-AAC8-9E5BB8EDD376}: DhcpNameServer = 200.204.0.10 200.204.0.138

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/10/11 12:08:47 | 000,000,000 | ---D | M] - G:\autorun -- [ CDFS ]

O32 - AutoRun File - [2011/03/03 15:23:20 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{ab1208c7-9b85-11e0-adb9-bcaec570dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{ab1208c7-9b85-11e0-adb9-bcaec570dfe0}\Shell\AutoRun\command - "" = G:\cdstart.exe -- [2011/03/03 15:23:20 | 001,428,176 | R--- | M] (GIANTS Software GmbH)

O33 - MountPoints2\{bb9365ac-d5a8-11e0-8925-bcaec570dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{bb9365ac-d5a8-11e0-8925-bcaec570dfe0}\Shell\AutoRun\command - "" = H:\application\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 18:29:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe

[2011/11/22 18:28:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F02429B2-5849-4798-BCA0-4D51700F98E9}

[2011/11/22 18:28:21 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{33841BD8-1461-4F0B-AA52-AAC03AA9FC45}

[2011/11/22 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D346B3CB-2DF7-43ED-B499-A869760D7FC1}

[2011/11/22 18:27:47 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{DD2B0123-FEAD-4BDA-B6DE-B0801B6EE7C0}

[2011/11/22 07:24:22 | 000,000,000 | ---D | C] -- C:\Hijackthis

[2011/11/22 06:27:21 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0B8E225D-1F1D-4B04-B419-78D18F38CF92}

[2011/11/22 06:27:10 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E0272A10-ECCD-45BF-9AD3-FA3CCC67E2E3}

[2011/11/22 06:26:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{459D76DC-D7BA-4855-BA42-A5C67A7BAF84}

[2011/11/21 21:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011

[2011/11/21 18:26:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8B97D1F3-DA73-45FD-9C0F-A6E562EA5556}

[2011/11/21 18:26:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{41765E98-BD3E-4D43-80A7-059A79E709D7}

[2011/11/21 06:20:53 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C60F066C-8CC5-4880-ADC8-1B9A27A8CA8F}

[2011/11/21 06:20:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{771783CF-4EE8-4B67-946B-28F6CEDF4978}

[2011/11/20 23:43:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Tibia

[2011/11/20 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9D9659F5-12DB-420C-82C8-9AC00F72D7FB}

[2011/11/20 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{460B06B7-E386-45D1-B20B-588764CD6DCA}

[2011/11/20 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{96F74902-9BE5-4A30-89F7-593CA844C058}

[2011/11/20 18:19:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{35DCC0C5-53BE-457B-8A9C-4F239BA16657}

[2011/11/20 06:19:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7905CFF5-DDC5-44FB-AA1A-F3D158E5E36E}

[2011/11/19 18:18:25 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9B219B6D-0AFE-4C71-BC31-C16AE0C97D60}

[2011/11/19 18:18:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7EF8348D-83B9-475B-B0C0-FC2F5CD92229}

[2011/11/19 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6F3F39AD-FC7B-44BE-AD34-52CA23176D19}

[2011/11/19 06:17:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E3DD14A2-B43A-4A8B-AD1F-A58254F9C464}

[2011/11/19 06:17:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F9097EFD-47C8-49F0-BEB6-8F770E0295A2}

[2011/11/19 06:16:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D0E15FC8-6933-4B0B-865B-0C2207D7D1A4}

[2011/11/19 06:16:33 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{51EB6DBB-ABB0-4516-9B4F-D94D970822F3}

[2011/11/18 18:29:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/11/18 18:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/11/18 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/11/18 18:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2011/11/18 18:16:08 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1162A2EE-AE73-48FD-8ED9-BD075F8EBF73}

[2011/11/18 18:15:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{676CD224-203E-47E1-BA62-0D2F1BDB6DED}

[2011/11/18 18:15:46 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E0D1D013-307D-47BC-B5D1-5AD91223B274}

[2011/11/18 18:15:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{77F84AEB-AE1F-43EC-AA09-4B240D7E73E5}

[2011/11/18 18:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/11/18 18:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/11/18 18:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2011/11/18 06:14:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{80BC7DC2-8E04-43C7-98AD-2C488E368423}

[2011/11/18 06:14:35 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1AED3BC7-62FB-4085-8C9A-57ED6D0EDF54}

[2011/11/17 18:19:49 | 000,051,496 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011/11/17 18:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator

[2011/11/17 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F5A95E05-C41D-4195-917C-4A1E557F730D}

[2011/11/17 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{565EFEA9-EEC4-4EB6-94E4-39D5E580DAA6}

[2011/11/17 06:13:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FE0FD893-5006-4944-B0DC-56763D8F9AD2}

[2011/11/17 06:13:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2AFA650D-FFD3-465E-8C57-338DCBFF9355}

[2011/11/17 06:12:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B1A74DE2-DF5B-40DD-B22B-C275C08F066A}

[2011/11/16 18:12:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{29286978-D12A-47A2-BF43-629CE2AAD1E5}

[2011/11/16 18:11:54 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{227E5448-616F-4A8E-8A4D-1EA1DDE7BE1B}

[2011/11/15 19:33:42 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B9B54201-9C78-40ED-BC01-E1DF19B674BE}

[2011/11/15 19:33:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{34DAD229-FD22-4653-8829-A42B5F34C35B}

[2011/11/15 05:58:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CAE0818A-5F6B-417B-9A37-92772812049A}

[2011/11/15 05:57:38 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A43AA5F6-1218-4660-91A4-B586D76241F2}

[2011/11/14 17:57:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4560BA6C-FCD2-4ECA-8E60-6FF444D77E33}

[2011/11/14 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2959E610-1FB3-4C16-A85F-A1C8A241B081}

[2011/11/13 21:36:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7D8C1F86-66A3-4816-9DE8-A92605BA0321}

[2011/11/13 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E2C97FAF-7407-466F-82AF-E2DA120405D5}

[2011/11/13 09:00:06 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{052D4A7C-410C-45A3-879B-5EAE6DF33226}

[2011/11/13 08:59:38 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BFC938CF-3236-4139-9568-CD0C7ACA6958}

[2011/11/12 20:59:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CD166D7A-441E-4BCD-8FC6-C61E067C6E20}

[2011/11/12 20:58:41 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F5918854-977D-46A6-AF24-6239CB9B4E65}

[2011/11/12 11:45:41 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\sqlitestudio

[2011/11/12 11:15:38 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\OtLand

[2011/11/12 06:30:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{585EBDB7-C1A5-401B-B2B0-FAB902F29B85}

[2011/11/12 06:30:04 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C1713ECB-745C-4BE0-989C-7002490EC073}

[2011/11/11 18:29:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A6EA42BB-F991-460E-A2C6-938B62AC5B73}

[2011/11/11 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CA9164F5-7868-4C2C-9E92-98E84DF8E2FE}

[2011/11/11 06:28:47 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C12381E9-5234-48AC-B7FA-C9F73FA56CF0}

[2011/11/11 06:28:35 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BCC3CD6A-894B-4318-91BF-DAFE6FAC8FD3}

[2011/11/11 06:28:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B49FE2A4-C221-4A57-B2C9-98A638D85F32}

[2011/11/10 18:27:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8D6EC09A-F72E-4DDB-AEBD-F86736B13CF0}

[2011/11/10 18:27:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C04BB335-D5E6-4D97-BC76-5ED09476A1B8}

[2011/11/10 18:27:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D89FCE95-C86D-4452-B851-D2D6214BD01D}

[2011/11/10 18:26:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{57E929EB-3F54-4404-BE2C-494CAA1370DD}

[2011/11/10 06:26:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{891F8955-D2AB-429D-9946-CFCFCE7819CB}

[2011/11/10 06:26:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{621BF639-9A93-4991-B8A0-3FC2CCFAC601}

[2011/11/10 06:26:04 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AEF9907E-13EE-43D8-89E2-D05FB2151948}

[2011/11/10 06:25:40 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E9EBDA31-2608-4D6F-9D11-EA12CEAC6A63}

[2011/11/09 18:25:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7D9B38D3-EF84-44CC-9256-EE120FEF6760}

[2011/11/09 18:25:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D40615AD-6E34-4A85-B430-F3D537F953AC}

[2011/11/08 22:50:56 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F1CA1AEF-AFF5-4563-90DC-FBB874726A41}

[2011/11/08 22:50:45 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E8082C62-035E-42BE-BA41-CEB278A289EF}

[2011/11/08 22:50:33 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AF9864D5-62ED-45D0-8F59-14EA6F2CC98D}

[2011/11/08 22:50:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{350FF22D-21BA-467E-959B-255F5B9A58CB}

[2011/11/08 06:11:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{425BC6EC-1414-4FAF-99BF-08B59F8953FB}

[2011/11/08 00:35:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Samsung

[2011/11/08 00:33:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers

[2011/11/08 00:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2011/11/07 18:11:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{81B7644D-F7F8-47EC-BE76-AD385C61CCFE}

[2011/11/07 18:10:59 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6C38F64C-DC54-4FBD-A32F-F604980878ED}

[2011/11/06 21:00:37 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011/11/06 21:00:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Dropbox

[2011/11/06 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FBCD4A0F-AACA-4396-A039-88E2551E3444}

[2011/11/06 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{70C9D023-44C9-4A4D-BCA1-2EA007F1F375}

[2011/11/06 06:29:25 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2FBFAAFF-8211-4AF5-BF51-B79B53951901}

[2011/11/06 06:28:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{50FAF9D9-880A-44CF-A294-10A2303F1EEE}

[2011/11/05 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{996773B3-A081-461E-81D0-C4DE63480899}

[2011/11/05 18:28:00 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7B3A553A-205D-45C0-A7F5-47319E766684}

[2011/11/05 06:19:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1072AAD7-2655-4BF0-937D-028576EF866F}

[2011/11/05 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B4C4C7DC-F7A0-4529-BAA5-B4BD7DE71DDA}

[2011/11/04 18:18:09 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F678A81D-AB99-4D46-992A-4396AD79C4C1}

[2011/11/04 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8431797A-51C1-411C-B8EB-4B7941949CDF}

[2011/11/04 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7D1A1584-CDEE-4095-9BB3-449AEEB5D2C0}

[2011/11/04 18:17:22 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2DD0C2C0-5955-4AAD-BF93-00D1EAABB7BB}

[2011/11/04 06:16:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0D8D0D3B-DD07-42B8-8FF4-05D85AE0EF28}

[2011/11/04 06:16:47 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A93EB618-2074-4FE0-8AF5-D4D136CDA5FC}

[2011/11/04 06:16:36 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{160CCEE4-CA79-4A37-B917-78D9B3D1C90D}

[2011/11/04 06:16:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{DA712F3F-5BB4-4A80-B52F-04A14551FD46}

[2011/11/03 18:16:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4B05ED6B-76D4-4D03-94E3-D297BAF903A3}

[2011/11/03 18:15:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7891A151-5259-4186-AAA8-4C563117BC64}

[2011/11/03 18:15:37 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{170AB377-0858-4D58-A09B-9C5F2E25A2BF}

[2011/11/03 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8F5EF11F-99E8-481B-A06F-AA0406A90BA1}

[2011/11/03 06:14:49 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B046D5F3-3544-4513-9F68-4485A28E470A}

[2011/11/03 06:14:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4A6601F7-69EF-4553-851D-C60BC156E76F}

[2011/11/03 06:14:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{49F7B8D2-29F4-459E-B205-A4CD62EACC3F}

[2011/11/02 23:17:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\ImgBurn

[2011/11/02 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2011/11/02 23:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2011/11/02 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{88BFAD4D-E273-4537-9BD8-174738EAD0C0}

[2011/11/02 18:13:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BAE49573-3603-433A-B103-B9CAFB4DEA6E}

[2011/11/02 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft

[2011/11/02 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\Documentos\Desktop\seleção

[2011/11/02 06:13:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{019318EF-1F4F-41A6-9FCF-0FA75884CA87}

[2011/11/02 06:12:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1B26CB71-1630-42BC-9615-CA63FB0C0613}

[2011/11/02 06:12:38 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5D1EC8CF-880D-40F7-9F84-C0A40B1BFC6D}

[2011/11/01 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{062DEC03-C19C-47E2-9934-F5BEED039BDD}

[2011/11/01 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7F9D3116-6CAB-426B-88B3-4C029838E238}

[2011/11/01 18:11:40 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E126A11D-D6D6-4401-83E7-1A8B8FBBB690}

[2011/11/01 18:11:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B8F88B64-5C32-484E-9B72-7506A8E78517}

[2011/11/01 06:06:37 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2C5DD953-7A82-41F2-B311-89C52463D664}

[2011/10/31 18:06:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5286A9F0-FA86-40D2-9FAC-EC7BBF8B1D41}

[2011/10/31 18:05:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{879B0FB9-2A46-4DBE-84AE-4EE3B98280CB}

[2011/10/31 18:05:31 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7FB88BDB-4780-4D64-86EB-66D6FFE0C20A}

[2011/10/31 18:05:09 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4FDEE42C-6CA7-440D-923C-BC0448FBF50F}

[2011/10/30 23:48:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{30CE4B2C-F820-4EF5-9C97-BC659542860D}

[2011/10/30 23:47:46 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{052BE284-38C9-40C2-8D79-AC3FE7741CE4}

[2011/10/30 06:17:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{383D0931-6234-4268-8369-BEA9F41DC4AA}

[2011/10/30 06:17:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{07D17D60-0E99-45E0-8BE1-A0902FA32660}

[2011/10/30 06:16:47 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{99A0593F-9858-4B6B-A29B-6807BAB1BBA0}

[2011/10/30 06:16:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E1F27FB3-6D1F-4C24-A677-BB1AA22A0CB0}

[2011/10/29 18:15:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6DCB1C16-613D-4EF7-8E37-FF64A81ED16E}

[2011/10/29 18:15:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6B0113F1-7987-4AE4-9D11-6943054696CD}

[2011/10/29 11:34:49 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011/10/29 06:15:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{400FA912-3743-4623-A7E6-CFBCA9407751}

[2011/10/28 18:14:38 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FA7BEE2A-DF9B-4FE3-8ACC-EA0185713268}

[2011/10/28 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{79198376-7560-478F-AD55-8F3EF91D5329}

[2011/10/28 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D88B4587-6C95-439F-8DDA-EB313C7C4999}

[2011/10/28 18:13:53 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{EB12FD15-CBE5-4660-BC45-6A682C08D1AD}

[2011/10/28 06:13:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B5F3269C-A764-45D5-89E8-3F413213A10F}

[2011/10/27 22:12:54 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\NVIDIA

[2011/10/27 18:12:51 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D1F3D9F4-41F5-40A3-B239-286CE4C9F2BE}

[2011/10/27 18:12:35 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4987C666-8929-468D-BDAA-DC542DF4C9A5}

[2011/10/27 06:08:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D0ECAC1A-02A7-4432-8960-F879D76591EB}

[2011/10/27 06:08:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FA108BEB-DA07-4917-AF0A-4A34072BF258}

[2011/10/27 06:08:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6D7A40F1-E53A-47FB-8480-6A6B1CFAF85C}

[2011/10/26 18:07:25 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4D3119D7-3216-4E92-913B-77273A4EAA60}

[2011/10/26 18:07:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C27F74CB-3A56-40EB-93F9-5D3AB88AFD30}

[2011/10/26 18:07:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{DB6EDB2B-9250-4965-9B5F-06D7CB8A4321}

[2011/10/26 18:06:40 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{EA9C750E-6583-489C-813F-E84FEA74CD8A}

[2011/10/26 06:06:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B39A0C10-AE03-4D2A-829D-D17CC0559C96}

[2011/10/26 06:05:51 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C9B3C491-D385-446B-99FE-93F2AB4CCB86}

[2011/10/25 23:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2011/10/25 23:06:51 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2011/10/25 23:06:51 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2011/10/25 18:05:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1B5A31A5-E8FC-4F28-9166-92FFFE448266}

[2011/10/25 18:05:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{EDC20D38-94B7-41B5-92BA-90A9824C1991}

[2011/10/25 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B7F48324-80AD-4C1C-BE97-343817C8A4DA}

[2011/10/25 18:04:41 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{3D3EC240-F6F5-42C8-BCD2-900BB13F4A16}

[2011/10/25 06:04:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{EE89D0EF-AB72-4AEE-8650-6E7D10373ADF}

[2011/10/24 18:03:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{39F8F6A5-BF84-422C-A862-EE272998B658}

[2011/10/24 18:03:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5CE10A3E-529C-4EF5-B6A5-37C42CE3D4A1}

[2011/10/24 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4CEE5301-E67E-4C97-AC7D-AE555258DEC6}

[2011/10/23 23:29:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CE64BCCD-AC42-4453-82E5-641E1B943455}

[2011/10/23 23:29:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8969F44F-D9A1-4B03-9853-5C77C877037E}

[2011/10/23 23:28:49 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F7E86359-CE62-408D-80EC-8B3349B4D4FD}

[2011/10/23 23:28:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B0E0A9DA-A200-40B1-A48B-3E3E144DB161}

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/22 18:29:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe

[2011/11/22 18:02:42 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/22 18:02:42 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/22 17:59:43 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/11/22 17:59:43 | 000,657,176 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2011/11/22 17:59:43 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/11/22 17:59:43 | 000,125,568 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2011/11/22 17:59:43 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/11/22 17:54:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/11/22 17:54:54 | 3207,323,648 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/20 15:10:21 | 001,542,314 | ---- | M] () -- C:\Users\Documentos\Desktop\poster o bonitão.cdr

[2011/11/20 12:14:24 | 005,134,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/11/18 18:10:01 | 000,001,303 | ---- | M] () -- C:\Users\Documentos\Desktop\Spybot - Search & Destroy.lnk

[2011/11/17 18:19:49 | 000,051,496 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011/11/14 05:54:40 | 000,001,760 | ---- | M] () -- C:\Users\Documentos\Desktop\PSD para HTML & CSS - Bruno Ávila - Atalho.lnk

[2011/11/14 05:54:28 | 000,001,690 | ---- | M] () -- C:\Users\Documentos\Desktop\html&css truquesmagicos - Atalho.lnk

[2011/11/08 00:37:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt

[2011/11/06 21:47:57 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2011/11/06 21:02:01 | 000,001,049 | ---- | M] () -- C:\Users\Documentos\Desktop\Dropbox.lnk

[2011/11/06 21:00:40 | 000,001,029 | ---- | M] () -- C:\Users\Documentos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011/11/06 20:59:48 | 000,001,456 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/11/06 05:20:56 | 000,081,987 | ---- | M] () -- C:\Windows\FontData.fdb

[2011/11/05 18:38:51 | 000,380,540 | ---- | M] () -- C:\Users\Documentos\Desktop\imagem-16.jpg

[2011/11/02 23:17:11 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/11/02 15:45:15 | 000,000,259 | ---- | M] () -- C:\Users\Documentos\Documents\ax_files.xml

[2011/11/02 13:57:07 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011/10/29 11:34:54 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 15:10:20 | 001,542,314 | ---- | C] () -- C:\Users\Documentos\Desktop\poster o bonitão.cdr

[2011/11/18 18:10:01 | 000,001,303 | ---- | C] () -- C:\Users\Documentos\Desktop\Spybot - Search & Destroy.lnk

[2011/11/14 05:54:40 | 000,001,760 | ---- | C] () -- C:\Users\Documentos\Desktop\PSD para HTML & CSS - Bruno Ávila - Atalho.lnk

[2011/11/14 05:54:28 | 000,001,690 | ---- | C] () -- C:\Users\Documentos\Desktop\html&css truquesmagicos - Atalho.lnk

[2011/11/08 00:35:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2011/11/08 00:33:46 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2011/11/06 21:02:01 | 000,001,049 | ---- | C] () -- C:\Users\Documentos\Desktop\Dropbox.lnk

[2011/11/06 21:00:40 | 000,001,029 | ---- | C] () -- C:\Users\Documentos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011/11/06 20:59:48 | 000,001,456 | ---- | C] () -- C:\Users\Documentos\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/11/05 18:38:54 | 000,380,540 | ---- | C] () -- C:\Users\Documentos\Desktop\imagem-16.jpg

[2011/11/02 23:17:11 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk

[2011/11/02 23:17:11 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2011/11/02 13:57:06 | 000,503,352 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011/11/02 13:47:05 | 000,000,259 | ---- | C] () -- C:\Users\Documentos\Documents\ax_files.xml

[2011/10/29 11:34:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/09/12 10:13:41 | 000,000,132 | ---- | C] () -- C:\Users\Documentos\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/09/10 11:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2011/09/10 10:41:49 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2011/09/08 09:40:45 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/09/08 09:40:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/09/08 09:40:45 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/09/08 09:40:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/09/08 09:40:45 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/09/08 09:40:45 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/09/08 09:40:45 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/09/08 09:40:45 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/09/08 09:40:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/09/08 09:40:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/09/08 09:40:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/09/08 09:40:45 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/09/08 09:40:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/09/08 09:40:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/09/08 09:40:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/09/08 09:40:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/09/08 09:39:35 | 000,000,088 | ---- | C] () -- C:\Windows\ETX123_125.ini

[2011/06/29 08:20:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011/06/20 10:40:05 | 001,508,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/20 10:15:51 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/06/20 10:15:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/06/20 10:15:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/06/20 10:15:51 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/06/20 10:15:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/06/18 00:40:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/06/18 00:40:47 | 000,019,444 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/01/27 00:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/04/02 10:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/06/21 23:03:24 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\BitTorrent

[2011/06/20 23:48:11 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\DAEMON Tools Lite

[2011/11/22 17:55:41 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Dropbox

[2011/09/10 04:52:25 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Epson

[2011/11/03 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\ImgBurn

[2011/09/10 13:06:55 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\KastorFreeVimeoDownloader

[2011/07/22 19:07:19 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Power Burning Wizard

[2011/11/08 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Samsung

[2011/11/12 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\sqlitestudio

[2011/11/20 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Tibia

[2011/06/26 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Tibiacast

[2011/11/22 18:35:00 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\uTorrent

[2011/09/10 10:42:14 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\VDownloader

[2011/06/23 10:51:54 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Wacom

[2011/06/23 10:51:55 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2011/07/19 20:01:21 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Windows Live Writer

[2011/08/29 19:08:18 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

EXTRAS

OTL Extras logfile created on: 22/11/2011 18:30:40 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Documentos\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,98 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,12% Memory free

7,96 Gb Paging File | 5,96 Gb Available in Paging File | 74,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 92,67 Gb Total Space | 53,67 Gb Free Space | 57,91% Space Free | Partition Type: NTFS

Drive D: | 838,74 Gb Total Space | 620,63 Gb Free Space | 74,00% Space Free | Partition Type: NTFS

Drive G: | 979,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOCUMENTOS-PC | User Name: Documentos | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1837178300-1776902075-3512206551-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- D:\Programas\flashcs5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- D:\Programas\flashcs5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"EPSON TX125 Series" = Desinstalar impressora EPSON TX125 Series

"Pen Tablet Driver" = Bamboo

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5

"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA

"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3D96054F-DA2F-43EF-AF29-9B325C4446E6}" = Tibiacast

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock

"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5

"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.921

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6

"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common

"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English

"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E29D8938-2E48-498C-832D-9663DCABD55F}" = Visual Basic for Applications ® Core - Portuguese (Brazil)

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.3.1

"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR

"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"avast" = avast! Free Antivirus

"Bamboo Dock" = Bamboo Dock 3.3

"BitTorrent" = BitTorrent

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"DAEMON Tools Lite" = DAEMON Tools Lite

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"DVD Shrink_is1" = DVD Shrink 3.2

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Scanner" = EPSON Scan

"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011

"ImgBurn" = ImgBurn

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.2.1300

"Messenger Plus!" = Messenger Plus! 5

"msgplscomtb" = Messenger Plus Community Toolbar

"Nero8Lite_is1" = Nero 8 Micro 8.3.2.1

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Pen Tablet Driver" = Bamboo

"uTorrent" = µTorrent

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.1

"WinRAR archiver" = Arquivo do WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1837178300-1776902075-3512206551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

wings · Novembro 22, 2011

1.

*Baixe o USBFix e salve-o no desktop

Obs. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar:

*Conecte o pen drive no PC, execute o USBFix e clique [Pesquisa]

*Cole o relatório apresentado

2.

*Execute o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao término, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

maceno · Novembro 23, 2011

Log USBFIX

############################## | UsbFix V 7.069 | [Pesquisa]

Usuário: Documentos (Administrador) # DOCUMENTOS-PC

Atualizado em 20/11/2011 por El Desaparecido

Começou em 23:45:50 | 22/11/2011

Site: http://eldesaparecido.com

Arquivo suspeito ? : http://eldesaparecido.com/support.php

Contato: contact@eldesaparecido.com

PC: System manufacturer (System Product Name) (x64-based PC) # Desktop Computer

CPU: Intel® Core i5-2300 CPU @ 2.80GHz (2800)

RAM -> [ Total : 4078 | Free : 2555 ]

BIOS: BIOS Date: 02/05/10 19:13:52 Ver: 08.00.10

BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [ Enabled ]

WU: Windows Update Service [ (!) Disabled ]

AV: avast! Antivirus [ Enabled | Updated ]

FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Disco fixo # 93 Gb (53 Mb livre - 57%) [] # NTFS

D:\ -> Disco fixo # 839 Gb (620 Mb livre - 74%) [bkp] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> CD-ROM

H:\ -> CD-ROM

I:\ -> CD-ROM

J:\ -> Disco removível # 7 Gb (426 Mb livre - 6%) [RIMB DESIGN] # FAT32

################## | Processos Ativos |

C:\Windows\system32\csrss.exe (488)

C:\Windows\system32\wininit.exe (548)

C:\Windows\system32\csrss.exe (572)

C:\Windows\system32\services.exe (620)

C:\Windows\system32\lsass.exe (644)

C:\Windows\system32\lsm.exe (652)

C:\Windows\system32\winlogon.exe (668)

C:\Windows\system32\svchost.exe (776)

C:\Windows\system32\svchost.exe (920)

C:\Windows\System32\svchost.exe (124)

C:\Windows\System32\svchost.exe (368)

C:\Windows\system32\svchost.exe (480)

C:\Windows\system32\svchost.exe (1092)

C:\Windows\system32\svchost.exe (1416)

C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1480)

C:\Windows\system32\Dwm.exe (1884)

C:\Windows\system32\svchost.exe (2268)

C:\Program Files\AVAST Software\Avast\AvastUI.exe (1584)

C:\Windows\system32\svchost.exe (3560)

C:\Windows\system32\svchost.exe (2420)

C:\Windows\System32\svchost.exe (2844)

C:\Windows\system32\svchost.exe (4176)

C:\Windows\System32\svchost.exe (4508)

C:\Windows\System32\rundll32.exe (5324)

C:\Windows\SYSTEM32\WISPTIS.EXE (5948)

C:\Windows\SYSTEM32\WISPTIS.EXE (5848)

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (5656)

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (5356)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1924)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2252)

C:\Program Files\Windows Media Player\wmpnetwk.exe (1336)

C:\Windows\system32\SearchIndexer.exe (4924)

C:\Windows\System32\spoolsv.exe (1128)

C:\Windows\Explorer.exe (220)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (1236)

C:\Windows\SysWOW64\rundll32.exe (500)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (4616)

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (3356)

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (4812)

C:\Windows\system32\nvvsvc.exe (1712)

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (5640)

C:\Windows\system32\nvvsvc.exe (3068)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (6056)

C:\Windows\system32\WUDFHost.exe (884)

C:\Windows\system32\wbem\wmiprvse.exe (1548)

C:\UsbFix\UsbFix.exe (504)

################## | Processos parados |

Parado! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1480)

Parado! C:\Program Files\AVAST Software\Avast\AvastUI.exe (1584)

Parado! C:\Windows\System32\rundll32.exe (5324)

Parado! C:\Windows\SYSTEM32\WISPTIS.EXE (5948)

Parado! C:\Windows\SYSTEM32\WISPTIS.EXE (5848)

Parado! C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (5656)

Parado! C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (5356)

Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1924)

Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2252)

Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (1336)

Parado! C:\Windows\system32\SearchIndexer.exe (4924)

Parado! C:\Windows\System32\spoolsv.exe (1128)

Parado! C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (1236)

Parado! C:\Windows\SysWOW64\rundll32.exe (500)

Parado! C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (4616)

Parado! C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (3356)

Parado! C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (4812)

Parado! C:\Windows\system32\nvvsvc.exe (1712)

Parado! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (5640)

Parado! C:\Windows\system32\nvvsvc.exe (3068)

Parado! C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (6056)

Parado! C:\Windows\system32\WUDFHost.exe (884)

################## | Ficheiros # pastas infeciosos |

Presente ! G:\cdstart.exe

Presente ! J:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

Presente ! G:\autorun.inf

Presente ! J:\trzEB80.tmp

Presente ! J:\RECYCLER32

################## | Registro |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{ab1208c7-9b85-11e0-adb9-bcaec570dfe0}

Shell\AutoRun\Command = G:\cdstart.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{bb9365ac-d5a8-11e0-8925-bcaec570dfe0}

Shell\AutoRun\Command = H:\application\Setup.exe

################## | Vaccin |

(!) Este computador não é vacinada!

################## | E.O.F |

Log malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 8221

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

23/11/2011 00:18:31

mbam-log-2011-11-23 (00-18-31).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 290215

Tempo decorrido: 17 minuto(s), 12 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

wings · Novembro 23, 2011

*Mantenha conectado o pen drive, execute o UsbFix e clique [supressão]

*Ao finalizar, desconecte o pen drive e cole o relatório apresentado

maceno · Novembro 24, 2011

usb fix

############################## | UsbFix V 7.069 | [supressão]

Usuário: Documentos (Administrador) # DOCUMENTOS-PC

Atualizado em 20/11/2011 por El Desaparecido

Começou em 23:21:46 | 23/11/2011

Site: http://eldesaparecido.com

Arquivo suspeito ? : http://eldesaparecido.com/support.php

Contato: contact@eldesaparecido.com

PC: System manufacturer (System Product Name) (x64-based PC) # Desktop Computer

CPU: Intel® Core i5-2300 CPU @ 2.80GHz (2800)

RAM -> [ Total : 4078 | Free : 1837 ]

BIOS: BIOS Date: 02/05/10 19:13:52 Ver: 08.00.10

BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [ Enabled ]

WU: Windows Update Service [ (!) Disabled ]

AV: avast! Antivirus [ Enabled | Updated ]

FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Disco fixo # 93 Gb (54 Mb livre - 58%) [] # NTFS

D:\ -> Disco fixo # 839 Gb (622 Mb livre - 74%) [bkp] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> CD-ROM

H:\ -> CD-ROM

I:\ -> CD-ROM

J:\ -> Disco removível # 7 Gb (426 Mb livre - 6%) [RIMB DESIGN] # FAT32

################## | Processos Ativos |

C:\Windows\system32\csrss.exe (488)

C:\Windows\system32\wininit.exe (548)

C:\Windows\system32\csrss.exe (572)

C:\Windows\system32\services.exe (608)

C:\Windows\system32\lsass.exe (632)

C:\Windows\system32\lsm.exe (640)

C:\Windows\system32\winlogon.exe (672)

C:\Windows\system32\svchost.exe (780)

C:\Windows\system32\nvvsvc.exe (856)

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (880)

C:\Windows\system32\svchost.exe (924)

C:\Windows\System32\svchost.exe (120)

C:\Windows\System32\svchost.exe (372)

C:\Windows\system32\svchost.exe (492)

C:\Windows\system32\svchost.exe (1092)

C:\Program Files\Tablet\Pen\Pen_TouchService.exe (1188)

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1304)

C:\Windows\system32\nvvsvc.exe (1316)

C:\Windows\SYSTEM32\WISPTIS.EXE (1328)

C:\Windows\system32\svchost.exe (1400)

C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1484)

C:\Windows\SYSTEM32\WISPTIS.EXE (1812)

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (1820)

C:\Windows\system32\Dwm.exe (1884)

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (1908)

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (1932)

C:\Windows\Explorer.EXE (1964)

C:\Windows\System32\spoolsv.exe (2196)

C:\Windows\system32\taskhost.exe (2204)

C:\Windows\system32\svchost.exe (2256)

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2300)

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (2412)

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (2440)

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2476)

C:\Windows\system32\svchost.exe (2592)

C:\Program Files\Tablet\Pen\Pen_Tablet.exe (2680)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2796)

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (3056)

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2568)

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (2924)

C:\Program Files\AVAST Software\Avast\AvastUI.exe (2320)

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (2968)

C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (2504)

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (1272)

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2788)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3212)

C:\Windows\system32\SearchIndexer.exe (3388)

C:\Windows\system32\svchost.exe (4080)

C:\Program Files\Windows Media Player\wmpnetwk.exe (3324)

C:\Windows\system32\svchost.exe (2600)

C:\Windows\System32\svchost.exe (3956)

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (4468)

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (4700)

C:\Windows\system32\DllHost.exe (4184)

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (2744)

C:\Windows\system32\svchost.exe (5732)

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (5836)

C:\Windows\System32\svchost.exe (5916)

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (6072)

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (5376)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (1592)

C:\Windows\SysWOW64\rundll32.exe (6068)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (5616)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (5452)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (3188)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (3856)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (4716)

C:\Windows\system32\WUDFHost.exe (3924)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (2936)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (5088)

C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (4420)

C:\Windows\system32\SearchProtocolHost.exe (5192)

C:\Windows\system32\SearchFilterHost.exe (4248)

C:\UsbFix\UsbFix.exe (2928)

C:\Windows\system32\wbem\wmiprvse.exe (3788)

################## | Processos parados |

Parado! C:\Windows\system32\nvvsvc.exe (856)

Parado! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (880)

Parado! C:\Program Files\Tablet\Pen\Pen_TouchService.exe (1188)

Parado! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1304)

Parado! C:\Windows\system32\nvvsvc.exe (1316)

Parado! C:\Windows\SYSTEM32\WISPTIS.EXE (1328)

Parado! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1484)

Parado! C:\Windows\SYSTEM32\WISPTIS.EXE (1812)

Parado! C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (1820)

Parado! C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (1908)

Parado! C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (1932)

Parado! C:\Windows\System32\spoolsv.exe (2196)

Parado! C:\Windows\system32\taskhost.exe (2204)

Parado! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2300)

Parado! C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (2412)

Parado! C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (2440)

Parado! C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2476)

Parado! C:\Program Files\Tablet\Pen\Pen_Tablet.exe (2680)

Parado! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2796)

Parado! C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (3056)

Parado! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2568)

Parado! C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (2924)

Parado! C:\Program Files\AVAST Software\Avast\AvastUI.exe (2320)

Parado! C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (2968)

Parado! C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (2504)

Parado! C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (1272)

Parado! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2788)

Parado! C:\Windows\system32\SearchIndexer.exe (3388)

Parado! C:\Program Files\Windows Media Player\wmpnetwk.exe (3324)

Parado! C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (4468)

Parado! C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (4700)

Parado! C:\Windows\system32\DllHost.exe (4184)

Parado! C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (2744)

Parado! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (5836)

Parado! C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (6072)

Parado! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (5376)

Parado! C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (1592)

Parado! C:\Windows\SysWOW64\rundll32.exe (6068)

Parado! C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (5616)

Parado! C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (3188)

Parado! C:\Users\Documentos\AppData\Local\Google\Chrome\Application\chrome.exe (3856)

Parado! C:\Windows\system32\WUDFHost.exe (3924)

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\$RECYCLE.BIN\S-1-5-21-1837178300-1776902075-3512206551-1000

Supprimido ! D:\$RECYCLE.BIN\S-1-5-20

Supprimido ! D:\$RECYCLE.BIN\S-1-5-21-1837178300-1776902075-3512206551-1000

Supprimido ! J:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

Supprimido ! J:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

Supprimido ! J:\trzEB80.tmp

Supprimido ! J:\RECYCLER32

(!) Ficheiros temporários suprimido.

################## | Registro |

################## | Mountpoints2 |

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{bb9365ac-d5a8-11e0-8925-bcaec570dfe0}

################## | Listing |

[23/11/2011 - 23:32:06 | SHD ] C:\$Recycle.Bin

[18/06/2011 - 00:35:29 | D ] C:\Arquivos de Programas

[14/07/2009 - 03:08:56 | SHD ] C:\Documents and Settings

[03/07/2011 - 17:48:20 | D ] C:\found.000

[23/11/2011 - 18:47:15 | ASH | 3207323648] C:\hiberfil.sys

[22/11/2011 - 07:24:58 | D ] C:\Hijackthis

[18/06/2011 - 00:41:35 | D ] C:\Intel

[20/06/2011 - 10:03:05 | RHD ] C:\MSOCache

[21/06/2011 - 21:22:16 | D ] C:\NVIDIA

[20/06/2011 - 15:20:54 | D ] C:\Outlook

[18/06/2011 - 12:30:10 | D ] C:\Outlook Express

[23/11/2011 - 18:47:16 | ASH | 4276432896] C:\pagefile.sys

[14/07/2009 - 01:20:08 | D ] C:\PerfLogs

[10/09/2011 - 10:41:50 | D ] C:\Program Files

[22/11/2011 - 23:24:05 | D ] C:\Program Files (x86)

[18/11/2011 - 18:29:06 | HD ] C:\ProgramData

[18/06/2011 - 00:35:29 | SHD ] C:\Recovery

[23/11/2011 - 02:50:10 | SHD ] C:\System Volume Information

[23/11/2011 - 23:32:06 | D ] C:\UsbFix

[23/11/2011 - 23:22:31 | A | 9976] C:\UsbFix.txt

[21/06/2011 - 21:26:50 | D ] C:\Users

[22/11/2011 - 18:41:00 | D ] C:\Verificação kl e malware

[23/11/2011 - 18:47:20 | D ] C:\Windows

[23/11/2011 - 23:32:06 | SHD ] D:\$RECYCLE.BIN

[03/10/2011 - 01:06:18 | D ] D:\backup pen

[22/11/2011 - 23:59:52 | D ] D:\baixados BIT

[22/11/2011 - 18:40:33 | N | 453] D:\bkp (D) - Atalho.lnk

[12/11/2011 - 12:31:17 | N | 34121] D:\Detonado de Assassin.docx

[20/06/2011 - 10:03:41 | D ] D:\IDE

[25/10/2011 - 17:49:51 | D ] D:\PASTA RICARDO

[23/11/2011 - 00:00:15 | D ] D:\Programas

[20/06/2011 - 09:59:57 | SHD ] D:\System Volume Information

[21/10/2011 - 18:55:12 | D ] J:\Crazy.Stupid.Love.2011.DVDRip.Xvid-SceneLovers

[19/10/2011 - 23:47:46 | D ] J:\The Walking Dead S01.DualAudio

[03/11/2011 - 20:57:54 | N | 103140] J:\mpojf.exe

[09/11/2011 - 16:13:58 | N | 954229] J:\infográfico massa.jpg

[20/11/2011 - 15:39:58 | N | 24950776] J:\painel ricardo maceno.cdr

[21/11/2011 - 14:45:16 | N | 7280384] J:\infográfico - ricardo maceno.cdr

[21/11/2011 - 09:35:34 | N | 60130677] J:\Hybrid.ABR.Genesis.Watercolor.rar

[17/11/2011 - 09:28:34 | D ] J:\bannertccc

[26/10/2011 - 12:57:30 | N | 746809344] J:\perolanegra.therebels.A.Lenda.Do.Cavaleiro.Sem.Cabeca.Dual.Audio.avi

[26/09/2010 - 14:25:02 | N | 839616512] J:\Kung.Fusao.www.therebels.biz_Daniel__LorDs.avi

[20/11/2011 - 17:44:36 | N | 7693370] J:\Cópia_de_segurança_de_infográfico - ricardo maceno.cdr

[18/11/2011 - 07:58:02 | N | 8633068] J:\Painel do TCC - aluno - finalizado.cdr

[23/11/2011 - 16:21:16 | N | 169038] J:\plano de marketing de uma empresa.docx

[15/09/2011 - 02:14:14 | D ] J:\Dois.Homens.e.Meio.S08E08.DVDRip.XviD.Dual.Audio-3LT0N

[15/09/2011 - 00:39:56 | D ] J:\Dois.Homens.e.Meio.S08E11.DVDRip.XviD.Dual.Audio-3LT0N

[15/09/2011 - 03:10:22 | D ] J:\Dois.Homens.e.Meio.S08E09.DVDRip.XviD.Dual.Audio-3LT0N

[15/09/2011 - 03:15:34 | D ] J:\Dois.Homens.e.Meio.S08E10.DVDRip.XviD.Dual.Audio-3LT0N

[05/10/2011 - 19:55:22 | RSHD ] J:\RECYCLER

[22/09/2011 - 16:06:44 | N | 982240856] J:\Capitao.America.O.Primeiro.Vinga.mp4

[13/10/2011 - 04:52:10 | D ] J:\My name is Earl 1 temporada

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

J:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | Upload |

Favor enviar o arquivo: C:\UsbFix_Upload_Me_DOCUMENTOS-PC.zip

http://eldesaparecido.com/upload.htmlp

Obrigado pela sua contribuição.

################## | Reboot |

(!) O computar foi reiniciado.

################## | E.O.F |

wings · Novembro 24, 2011

1.

*Execute o UsbFix e clique [uninstall]

2.

*Baixe o MKV e salve-o no desktop

Obs. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar:

*Conecte o pen drive no PC, execute o MKV e clique [supprimer la vaccination]

3.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

*Delete o MKV

Acredito que não haja keylogger. Faça o scan com o Malwarebytes para encerrar.

4.

*Instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Caso já tenhas o Malwarebytes instalado....

*Execute-o, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao término, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

maceno · Novembro 24, 2011

malware bytes

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 8221

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

24/11/2011 07:27:32

mbam-log-2011-11-24 (07-27-32).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 291682

Tempo decorrido: 17 minuto(s), 5 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

wings · Novembro 24, 2011

OK...o PC está limpo.

Um abraço.

maceno · Novembro 24, 2011

ok wings, agradecido Obrigado.

wings · Novembro 24, 2011

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido] &nbspAnalisem meu log

Recommended Posts

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Fixar div até atingir uma certa altura

Ajuda com Extends e envio para o banco

PHP+Codeginiter - Orientação para Impressão

Fóruns

Tempo Real

Informação importante