[Resolvido] &nbspTela falsa do MSN abre com o Windows

João Prado · Dezembro 12, 2011

Bom dia,

num dos computadores da empresa, mais especificamente no computador do diretor da empresa, esta abrindo uma tela falsa do MSN assim que o Windows é iniciado.

O computador em questão utiliza Windows 7 com AVG Licenciado.

Segue log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:00, on 12/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\bgsmsnd.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\gestao\analysis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe
G:\SOFTWARES PETROPOL\SOFTWARES PADRÃO\ANTIVIRUS\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.petropol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: TranslatorBar Brazil Toolbar - {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: TranslatorBar Brazil - {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\PROGRAM FILES\GBPLUGIN\gbiehscd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\system32\bgstb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: TranslatorBar Brazil Toolbar - {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\Windows\system32\spool\DRIVERS\W32X86\3\bgsmsnd.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [X-Lite 4] "C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe"
O4 - HKCU\..\Run: [MaiEx] "C:\maiex\MaiEx.exe" /login
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [wina] C:\Users\rogerio.PETROPOL\AppData\wina.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] http://192.168.0.106
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: http://www.sicredi.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = petropol.polimeros
O17 - HKLM\Software\..\Telephony: DomainName = petropol.polimeros
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = petropol.polimeros
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = petropol.polimeros
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = petropol.polimeros
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify:  GbPluginScd - C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify:  GbPluginUni - C:\PROGRAM FILES\GBPLUGIN\gbiehUni.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13334 bytes

Agradeço desde já a atenção.

Abraços

João Prado

wings · Dezembro 12, 2011

Olá João Prado

*Baixe o OTL e salve-o no desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione:

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

*Sob Exame Padrão do Registro selecione a opção Todos

*Sob Exame Extra do Registro selecione a opção Usar SafeList

*No espaço abaixo de Exames Personalizados/Correções, cole as linhas em marrom:

%ALLUSERSPROFILE%\*.*

%APPDATA%\*

%COMMONPROGRAMFILES%\*.*

%HOMEPATH%\*

%HOMEPATH%\*.*

%LOCALAPPDATA%\*

%LOCALAPPDATA%\*.*

%PROGRAMDATA%\*

%PROGRAMFILES%\*.*

%SYSTEMDRIVE%\*

%SYSTEMDRIVE%\*.*

%TEMP%\*.*

%USERPROFILE%\*.*

%WINDIR%\*.*

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt localizados no desktop

Caso o relatório OTL.txt fique demasiadamente grande...

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

João Prado · Dezembro 12, 2011

Segue logs solicitados.

Extras.txt

OTL Extras logfile created on: 12/12/2011 12:57:32 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\rogerio.PETROPOL\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,95 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 40,44% Memory free
5,90 Gb Paging File | 3,82 Gb Available in Paging File | 64,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,71 Gb Total Space | 75,38 Gb Free Space | 32,39% Space Free | Partition Type: NTFS
Drive G: | 206,06 Gb Total Space | 64,02 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 150,91 Gb Free Space | 32,40% Space Free | Partition Type: NTFS
Drive L: | 465,76 Gb Total Space | 150,91 Gb Free Space | 32,40% Space Free | Partition Type: NTFS

Computer Name: ROGERIO | User Name: rogerio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BE00538-709A-457B-B94F-B6C1249ACB7D}" = Microsoft SQL Server 2008 Database Engine Shared
"{2DA80969-A978-4E95-865E-EB9D9AE63DC5}" = Microsoft SQL Server 2008 Common Files
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{45A65B9A-8979-35DD-9D4D-FFC54AA2E638}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - ptb
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4EA95F3E-3216-403D-89AC-E3FEEB158931}" = Microsoft SQL Server 2008 Database Engine Services
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4A54DD-C9E2-4647-B872-2E83C188584B}" = Windows Live Movie Maker
"{6EBC2F01-CCF4-4A8C-805D-52F370FD3570}" = Microsoft SQL Server 2008 Native Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{93766FFB-92F8-4A71-92A1-D2F53BF57E9F}" = X-Lite 4
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Vivo 3G
"{9480A7FC-C476-4881-A92C-2E415DD362AE}" = DVR-Net
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Software WIDCOMM Bluetooth
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = Ultr@VNC Release 1.0.0 RC 18 - Win32
"{A906F6C6-456A-4A6C-8206-AFD135AF2E79}" = Microsoft SQL Server VSS Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.6 - Português
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C50BF854-E881-434F-9C67-5A73EBB58F06}" = Windows Live Toolbar
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel(R) Network Connections 14.6.7.0
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D7708A7D-8909-4DDA-8DC7-8778570B2B44}" = hppTLBXFXCP1520
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DB27CA5B-22D0-4C62-9706-555A1BF4DE74}" = Arquivos de Suporte à Instalação do Microsoft SQL Server 2008 
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F7E13BEB-B88F-41F5-8184-98DB335F346A}" = Microsoft SQL Server 2008 Browser
"{FC5CFF48-C9B9-4666-BE72-3F9453E435DA}" = hppCP1520LaserJetService
"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG9Uninstall" = AVG 9.0
"BraZip" = BraZip 5.0
"BroadGun pdfMachine" = BroadGun pdfMachine
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Delphi5" = Borland Delphi 5
"EPSON Printer and Utilities" = Software de impresora EPSON
"HP LaserJet P1500 series" = HP LaserJet P1500 series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.2.1300
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 5.0.1 (x86 pt-BR)" = Mozilla Firefox 5.0.1 (x86 pt-BR)
"MV RegClean 6.0_is1" = MV RegClean 6.0
"Nokia Suite" = Nokia Suite
"Office14.STANDARD" = Microsoft Office Standard 2010
"PROSetDX" = Intel(R) Network Connections 14.6.7.0
"Receitanet Java 2010.02d" = Receitanet Java 2010.02d
"Tradutor Online_is1" = Tradutor Online 1.0
"TranslatorBar_Brazil Toolbar" = TranslatorBar Brazil Toolbar
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"XP Codec Pack" = XP Codec Pack

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 30/05/2011 11:10:13 | Computer Name = rogerio.petropol.polimeros | Source = RapiMgr | ID = 6
Description = O dispositivo USB baseado no Windows Mobile está conectado, mas não
consegue estabelecer uma conexão de rede com o desktop.

Error - 30/05/2011 18:02:54 | Computer Name = rogerio.petropol.polimeros | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: iexplore.exe, versão: 8.0.7600.16766,
carimbo de hora: 0x4d65d5c3  Nome do módulo de falhas: msvcrt.dll, versão: 7.0.7600.16385,
carimbo de hora: 0x4a5bda6f  Código de exceção: 0xc0000005  Deslocamento com falha:
0x00009b60  Identificação do processo com falha: 0x10e0  Hora de início do aplicativo
com falha: 0x01cc1f14781890e7  Caminho do aplicativo com falha: C:\Program Files\Internet
Explorer\iexplore.exe  FCaminho do módulo de falhas: C:\Windows\system32\msvcrt.dll
Identificação
do Relatório: 91337512-8b08-11e0-ac2a-a3d4a22dae92

Error - 31/05/2011 14:00:47 | Computer Name = rogerio.petropol.polimeros | Source = RapiMgr | ID = 7
Description = O dispositivo USB baseado no Windows Mobile está conectado, mas não
consegue entrar em rede com o desktop.

Error - 31/05/2011 17:52:12 | Computer Name = rogerio.petropol.polimeros | Source = Application Hang | ID = 1002
Description = O programa OUTLOOK.EXE versão 14.0.4760.1000 parou de interagir com
o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações.    ID
de Processo: 17dc    Hora de Início: 01cc1fa6bf2a5dc6    Hora de Término: 100    Caminho do
Aplicativo: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE    Id do Relatório:
332a9830-8bd0-11e0-8554-e14679747c8f  

Error - 31/05/2011 18:02:38 | Computer Name = rogerio.petropol.polimeros | Source = RapiMgr | ID = 8
Description = Falha ao conectar o dispositivo baseado no Windows Mobile devido à
falha communication (0x80072745) (consulte os dados de código de falha).

Error - 02/06/2011 14:03:03 | Computer Name = rogerio.petropol.polimeros | Source = Application Hang | ID = 1002
Description = O programa analysis.exe versão 0.0.0.0 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações.    ID de Processo:
df0    Hora de Início: 01cc214e9f653932    Hora de Término: 10    Caminho do Aplicativo: C:\gestao\analysis.exe

Id
do Relatório: 82f65447-8d42-11e0-ad39-9023fd5f518d  

Error - 02/06/2011 14:09:11 | Computer Name = rogerio.petropol.polimeros | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: iexplore.exe, versão: 8.0.7600.16766,
carimbo de hora: 0x4d65d5c3  Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16695,
carimbo de hora: 0x4cc7ab44  Código de exceção: 0xc0000374  Deslocamento com falha:
0x000c35e3  Identificação do processo com falha: 0x16c4  Hora de início do aplicativo
com falha: 0x01cc21484f983a9b  Caminho do aplicativo com falha: C:\Program Files\Internet
Explorer\iexplore.exe  FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll
Identificação
do Relatório: 6a6546cb-8d43-11e0-ad39-9023fd5f518d

Error - 07/06/2011 14:11:48 | Computer Name = rogerio.petropol.polimeros | Source = RapiMgr | ID = 7
Description = O dispositivo USB baseado no Windows Mobile está conectado, mas não
consegue entrar em rede com o desktop.

Error - 07/06/2011 15:53:43 | Computer Name = rogerio.petropol.polimeros | Source = RapiMgr | ID = 8
Description = Falha ao conectar o dispositivo baseado no Windows Mobile devido à
falha communication (0x80072745) (consulte os dados de código de falha).

Error - 08/06/2011 14:30:25 | Computer Name = rogerio.petropol.polimeros | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7600.16768,
carimbo de hora: 0x4d6878c3  Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16695,
carimbo de hora: 0x4cc7ab44  Código de exceção: 0xc0000374  Deslocamento com falha:
0x000c35e3  Identificação do processo com falha: 0xd8c  Hora de início do aplicativo
com falha: 0x01cc260a1cbbae3d  Caminho do aplicativo com falha: C:\Windows\Explorer.EXE
FCaminho
do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll  Identificação do Relatório: 5fb2944b-91fd-11e0-937b-bfa34bcacc9c

[ Media Center Events ]
Error - 01/06/2011 14:30:26 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 15:30:21 - Erro ao estabelecer conexão com a Internet.  15:30:21 -  
  Não foi possível contatar o servidor..  

Error - 01/06/2011 15:30:49 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 16:30:49 - Erro ao estabelecer conexão com a Internet.  16:30:49 -  
  Não foi possível contatar o servidor..  

Error - 01/06/2011 15:30:59 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 16:30:54 - Erro ao estabelecer conexão com a Internet.  16:30:54 -  
  Não foi possível contatar o servidor..  

Error - 04/07/2011 08:28:02 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 09:28:02 - Erro ao estabelecer conexão com a Internet.  09:28:02 -  
  Não foi possível contatar o servidor..  

Error - 04/07/2011 08:28:25 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 09:28:18 - Erro ao estabelecer conexão com a Internet.  09:28:18 -  
  Não foi possível contatar o servidor..  

Error - 11/08/2011 10:47:12 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 11:47:12 - Erro ao estabelecer conexão com a Internet.  11:47:12 -  
  Não foi possível contatar o servidor..  

Error - 11/08/2011 10:47:25 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 11:47:17 - Erro ao estabelecer conexão com a Internet.  11:47:17 -  
  Não foi possível contatar o servidor..  

Error - 11/08/2011 12:48:58 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 13:48:53 - Erro ao estabelecer conexão com a Internet.  13:48:53 -  
  Não foi possível contatar o servidor..  

Error - 29/11/2011 12:12:35 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 14:12:35 - Falha ao recuperar Directory (Erro: O tempo limite da operação
foi atingido)  

Error - 01/12/2011 12:12:40 | Computer Name = rogerio.petropol.polimeros | Source = MCUpdate | ID = 0
Description = 14:12:35 - Erro ao estabelecer conexão com a Internet.  14:12:35 -  
  Não foi possível contatar o servidor..  

[ System Events ]
Error - 12/12/2011 07:18:05 | Computer Name = rogerio.petropol.polimeros | Source = WudfUsbccidDriver | ID = 12
Description = 

Error - 12/12/2011 07:18:12 | Computer Name = rogerio.petropol.polimeros | Source = SCardSvr | ID = 610
Description = 

Error - 12/12/2011 07:18:12 | Computer Name = rogerio.petropol.polimeros | Source = WudfUsbccidDriver | ID = 12
Description = 

Error - 12/12/2011 07:18:27 | Computer Name = rogerio.petropol.polimeros | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 12/12/2011 07:18:27 | Computer Name = rogerio.petropol.polimeros | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 12/12/2011 07:18:34 | Computer Name = rogerio.petropol.polimeros | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 12/12/2011 07:18:34 | Computer Name = rogerio.petropol.polimeros | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 12/12/2011 07:43:39 | Computer Name = rogerio.petropol.polimeros | Source = Application Management Group Policy | ID = 103
Description = Falha na remoção da atribuição do aplicativo VLC PLAYER da diretiva
POLICE 1. Erro: %2

Error - 12/12/2011 09:20:41 | Computer Name = rogerio.petropol.polimeros | Source = Application Management Group Policy | ID = 103
Description = Falha na remoção da atribuição do aplicativo VLC PLAYER da diretiva
POLICE 1. Erro: %2

Error - 12/12/2011 10:51:43 | Computer Name = rogerio.petropol.polimeros | Source = Application Management Group Policy | ID = 103
Description = Falha na remoção da atribuição do aplicativo VLC PLAYER da diretiva
POLICE 1. Erro: %2


< End of report >

OLT.txt

OTL logfile created on: 12/12/2011 12:57:32 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\rogerio.PETROPOL\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,95 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 40,44% Memory free
5,90 Gb Paging File | 3,82 Gb Available in Paging File | 64,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,71 Gb Total Space | 75,38 Gb Free Space | 32,39% Space Free | Partition Type: NTFS
Drive G: | 206,06 Gb Total Space | 64,02 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 150,91 Gb Free Space | 32,40% Space Free | Partition Type: NTFS
Drive L: | 465,76 Gb Total Space | 150,91 Gb Free Space | 32,40% Space Free | Partition Type: NTFS

Computer Name: ROGERIO | User Name: rogerio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/12/12 12:55:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rogerio.PETROPOL\Desktop\OTL.exe
PRC - [2011/11/01 15:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/10/27 10:33:58 | 000,173,104 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011/10/27 10:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/08 17:16:42 | 003,789,696 | ---- | M] (CounterPath) -- C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe
PRC - [2011/07/08 05:50:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/24 02:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 10:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 10:17:22 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010/10/25 14:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2010/06/22 12:20:10 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 12:19:58 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 12:19:58 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 12:19:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 12:19:19 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 12:19:17 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 12:19:14 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 12:19:11 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgam.exe
PRC - [2010/06/09 12:59:40 | 000,054,824 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe
PRC - [2009/07/01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/22 19:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\hidfind.exe
PRC - [2009/02/22 19:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\Apoint.exe
PRC - [2009/02/22 19:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\ApMsgFwd.exe
PRC - [2009/02/22 19:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\ApntEx.exe
PRC - [2008/08/15 09:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/28 07:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2005/11/08 16:50:50 | 000,114,688 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\bgsmsnd.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/11/01 15:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2011/11/01 15:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2011/11/01 15:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2011/11/01 15:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2011/11/01 15:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2011/11/01 15:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
MOD - [2011/11/01 15:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2011/11/01 15:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2011/11/01 15:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2011/11/01 15:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2011/11/01 15:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2011/11/01 15:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2011/11/01 15:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2011/11/01 15:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2011/11/01 15:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2011/11/01 15:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2011/11/01 15:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2011/11/01 15:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2011/11/01 15:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2011/11/01 15:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2011/11/01 15:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2011/11/01 15:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2011/11/01 15:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2011/11/01 15:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2011/11/01 15:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2011/11/01 14:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/09/27 13:56:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
MOD - [2011/09/27 13:56:16 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\be74d258a0daa0e11197e1dcb1b3b0b9\System.Deployment.ni.dll
MOD - [2011/09/27 13:56:15 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2011/09/27 13:55:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2011/09/27 13:55:54 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0728af1479c3388cadf85ccfc2b12582\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2011/09/27 13:55:44 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2011/09/27 13:55:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2011/09/27 13:55:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2011/09/27 13:55:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2011/09/27 13:55:19 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2011/09/27 13:55:08 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2011/09/27 12:33:32 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\7f4fad44f5917edf1efa6c7f766d6847\WindowsFormsIntegration.ni.dll
MOD - [2011/09/27 12:28:24 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5e66ba90ab2f24317ca76582f3ea3948\UIAutomationProvider.ni.dll
MOD - [2011/09/27 12:27:30 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9096e4303051575062197a0fc2eab9ae\System.Xaml.ni.dll
MOD - [2011/09/27 12:27:20 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\950b5b880e8d8af1709f06b6a1a854a0\Accessibility.ni.dll
MOD - [2011/09/27 11:34:01 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\de0f6183ff76eeb96828efe525e6f9e5\PresentationFramework.ni.dll
MOD - [2011/09/27 11:33:42 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4d73d4b7b5586bfcfdb0aa02c07bf473\PresentationCore.ni.dll
MOD - [2011/09/27 11:33:41 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\57c686bc7e20656e568c9f8f0486521c\PresentationFramework.Aero.ni.dll
MOD - [2011/09/27 11:33:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\334af79d895a879e50187796755e9c38\System.Xml.ni.dll
MOD - [2011/09/27 11:33:17 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2213eddb1f1436502a472b946dec1017\System.Configuration.ni.dll
MOD - [2011/09/27 11:33:15 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d5dbb32f4157f7fcc42530583e693d2\WindowsBase.ni.dll
MOD - [2011/09/27 11:33:12 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9706eca0afd01652ad6f1eb3bbe4fe8d\System.Windows.Forms.ni.dll
MOD - [2011/09/27 11:33:03 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d9fd8c6bd339b11c54a968adf61a9957\System.Core.ni.dll
MOD - [2011/09/27 11:33:01 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8b29b24f9de481b6df2c3fdc35ea9177\System.Drawing.ni.dll
MOD - [2011/09/27 11:32:54 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e130bb8cf2f1f63471c25b1c48fbef18\System.ni.dll
MOD - [2011/09/27 11:29:31 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
MOD - [2011/08/08 17:16:44 | 039,236,992 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite 4\CLR.dll
MOD - [2011/08/08 17:16:24 | 000,071,552 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite 4\AEC_PC_DLL.dll
MOD - [2011/08/08 16:15:58 | 000,042,496 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite 4\boost_thread-vc100-mt-1_42.dll
MOD - [2011/07/08 05:50:33 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/14 09:01:26 | 000,076,800 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite 4\portaudio_x86.dll
MOD - [2010/10/29 18:00:44 | 001,992,192 | ---- | M] () -- C:\Program Files\CounterPath\X-Lite 4\YLUSBTEL.dll
MOD - [2010/10/25 14:36:22 | 000,119,864 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll
MOD - [2009/07/16 12:42:51 | 000,125,440 | ---- | M] () -- C:\Arquivos de programas\BraZip\szShell.dll
MOD - [2009/07/14 06:14:58 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/07/14 06:14:55 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2009/07/14 06:14:55 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
MOD - [2005/11/08 16:50:50 | 000,114,688 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\bgsmsnd.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/26 09:19:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/25 11:48:29 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/09/08 19:37:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/09 12:59:40 | 000,054,824 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2009/07/13 23:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/10 11:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) [Auto | Stopped] -- C:\Program Files\Scpad\scpVista.exe -- (scpVista)
SRV - [2009/07/01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/09/29 17:36:58 | 000,043,704 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/09/13 10:53:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 13:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/08/17 13:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/08/17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/06 14:04:48 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/04/09 00:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/23 17:02:00 | 000,223,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
DRV - [2010/12/14 15:32:18 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM)
DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 08:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 08:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/08 08:16:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/08 08:16:44 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/03 17:47:49 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/03/10 19:20:08 | 000,251,440 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/13 22:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 21:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 20:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Driver de adaptador Intel(R)
DRV - [2009/03/30 10:38:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/03/30 10:38:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/03/30 10:38:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.petropol.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 62 F1 4B 58 4F CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/11/08 17:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/09 15:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/11/08 17:14:10 | 000,000,000 | ---D | M]

[2011/12/09 15:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rogerio.PETROPOL\AppData\Roaming\mozilla\Extensions
[2011/12/09 15:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/09 15:17:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/07/08 05:50:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 06:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2010/01/01 06:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 06:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2010/01/01 06:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/01/01 06:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011/12/12 09:25:10 | 000,000,692 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de Programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (TranslatorBar Brazil Toolbar) - {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll (Conduit Ltd.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\PROGRAM FILES\GBPLUGIN\gbiehscd.dll (Sicredi)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\System32\bgstb.dll ()
O3 - HKLM\..\Toolbar: (TranslatorBar Brazil Toolbar) - {8d83a683-ee4a-4bf6-b150-a4565d4ebe0f} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar Brazil Toolbar) - {8D83A683-EE4A-4BF6-B150-A4565D4EBE0F} - C:\Program Files\TranslatorBar_Brazil\prxtbTra2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Arquivos de Programas\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Arquivos de Programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bgsmsnd.exe] C:\Windows\System32\spool\drivers\w32x86\3\bgsmsnd.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MaiEx] "C:\maiex\MaiEx.exe" /login File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [wina] C:\Users\rogerio.PETROPOL\AppData\wina.exe (Microsoft Corporation)
O4 - HKCU..\Run: [X-Lite 4] C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe (CounterPath)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = http://192.168.0.106
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: itau.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: sicredi.com.br ([si-plg] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: sicredi.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: sicreditotal.com.br ([internet] https in Sites confiáveis)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.103 192.168.0.106
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = petropol.polimeros
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EAEC546-571B-43EF-9868-F9F6A1DD9120}: DhcpNameServer = 192.168.0.103 192.168.0.106
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B230CD68-C731-456D-894F-9834E4465547}: DhcpNameServer = 192.168.0.103 192.168.0.106
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de Programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginScd: DllName - (C:\Program Files\GbPlugin\gbiehScd.dll) - C:\Program Files\GbPlugin\gbiehScd.dll (Sicredi)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\PROGRAM FILES\GBPLUGIN\gbiehUni.dll) - C:\PROGRAM FILES\GBPLUGIN\gbiehUni.dll (Banco Itaú Unibanco)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\PROGRAM FILES\GBPLUGIN\gbiehscd.dll (Sicredi)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2618c5de-95e2-11e0-8ba0-8fdce17fac8b}\Shell - "" = AutoRun
O33 - MountPoints2\{2618c5de-95e2-11e0-8ba0-8fdce17fac8b}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{a4730dec-093d-11e1-a0f9-00234de9db71}\Shell - "" = AutoRun
O33 - MountPoints2\{a4730dec-093d-11e1-a0f9-00234de9db71}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/12 12:55:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\rogerio.PETROPOL\Desktop\OTL.exe
[2011/12/12 09:23:49 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2011/12/12 09:19:34 | 000,178,597 | ---- | C] (Igor Pavlov) -- C:\51942_bankerfix_30.exe
[2011/12/10 15:49:07 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
[2011/12/09 17:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/09 17:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/09 16:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security
[2011/12/09 16:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Marcos Velasco Security
[2011/12/09 15:55:43 | 000,178,597 | ---- | C] (Igor Pavlov) -- C:\Users\rogerio.PETROPOL\Desktop\51942_bankerfix_30.exe
[2011/12/09 15:45:02 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Malwarebytes
[2011/12/09 15:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/09 15:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/09 15:44:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/09 15:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/09 15:44:26 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\rogerio.PETROPOL\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\Desktop\LinhaDefensiva
[2011/12/09 15:18:24 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Mozilla
[2011/12/09 15:18:24 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\AppData\Local\Mozilla
[2011/12/09 15:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/12/07 14:08:39 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Hewlett-Packard Company
[2011/12/07 14:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/12/07 14:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/12/05 15:05:21 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\Documents\Nokia Suite
[2011/11/24 10:14:33 | 000,000,000 | ---D | C] -- C:\Users\rogerio.PETROPOL\Desktop\Meus documentos
[2011/11/16 15:45:05 | 000,000,000 | ---D | C] -- C:\outlook
[2011/11/15 12:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2004/11/24 17:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/12 12:55:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rogerio.PETROPOL\Desktop\OTL.exe
[2011/12/12 12:36:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/12 10:36:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/12 09:19:40 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\51942_bankerfix_30.exe
[2011/12/12 09:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/12 08:24:01 | 090,243,405 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/12/12 08:23:57 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 08:23:57 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 08:06:53 | 2378,092,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 15:17:11 | 000,619,742 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011/12/09 17:10:37 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/09 16:31:10 | 000,001,297 | ---- | M] () -- C:\Users\Public\Desktop\MV RegClean 6.0.lnk
[2011/12/09 15:55:47 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\Users\rogerio.PETROPOL\Desktop\51942_bankerfix_30.exe
[2011/12/09 15:44:57 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 15:44:43 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\rogerio.PETROPOL\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 15:18:32 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/12/09 15:17:39 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/06 15:57:42 | 000,000,012 | ---- | M] () -- C:\Users\rogerio.PETROPOL\intlname.ols
[2011/12/06 15:17:08 | 000,012,610 | ---- | M] () -- C:\ORCAMENTO.PDF
[2011/11/30 13:46:23 | 000,027,136 | ---- | M] () -- C:\Users\rogerio.PETROPOL\Desktop\RES Orçamento atualizado elastomero.msg
[2011/11/28 23:11:13 | 000,002,044 | -H-- | M] () -- C:\Users\rogerio.PETROPOL\Documents\Default.rdp
[2011/11/24 10:15:53 | 000,781,502 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2011/11/24 10:15:53 | 000,729,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/24 10:15:53 | 000,176,704 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2011/11/24 10:15:53 | 000,150,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/23 19:51:20 | 010,583,432 | ---- | M] () -- C:\Users\rogerio.PETROPOL\Documents\net_raio.mov
[2011/11/21 15:52:43 | 000,002,427 | ---- | M] () -- C:\Users\rogerio.PETROPOL\Desktop\TR0007 - SOLICITAÇÃO DE TRANSPORTE 2 - Atalho.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/09 17:10:37 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/09 16:31:10 | 000,001,297 | ---- | C] () -- C:\Users\Public\Desktop\MV RegClean 6.0.lnk
[2011/12/09 15:44:57 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 15:18:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/09 15:17:39 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/09 15:17:39 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/30 13:46:23 | 000,027,136 | ---- | C] () -- C:\Users\rogerio.PETROPOL\Desktop\RES Orçamento atualizado elastomero.msg
[2011/11/30 10:51:09 | 000,012,610 | ---- | C] () -- C:\ORCAMENTO.PDF
[2011/11/23 19:51:14 | 010,583,432 | ---- | C] () -- C:\Users\rogerio.PETROPOL\Documents\net_raio.mov
[2011/11/21 15:52:43 | 000,002,427 | ---- | C] () -- C:\Users\rogerio.PETROPOL\Desktop\TR0007 - SOLICITAÇÃO DE TRANSPORTE 2 - Atalho.lnk
[2011/10/31 15:45:58 | 000,010,240 | ---- | C] () -- C:\Users\rogerio.PETROPOL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/27 11:11:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/29 13:44:57 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/06/15 11:05:26 | 000,038,467 | ---- | C] () -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Valores Separados por Vírgulas (Windows).ADR
[2011/04/27 14:42:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MSJCE.dll
[2011/01/10 14:10:27 | 000,000,104 | ---- | C] () -- C:\Users\rogerio.PETROPOL\AppData\Local\fusioncache.dat
[2010/12/28 10:02:06 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/20 10:12:24 | 001,089,536 | ---- | C] () -- C:\Windows\System32\decoderdll.dll
[2010/10/20 10:12:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CSCC.DLL
[2010/10/20 10:12:22 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2010/09/08 11:26:15 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2010/09/08 11:24:37 | 000,000,724 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/09/08 10:52:37 | 000,004,554 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/08 09:43:01 | 000,333,528 | ---- | C] () -- C:\Windows\System32\bgsofice.dll
[2010/09/08 09:43:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\bgstb.dll
[2010/09/08 09:43:01 | 000,053,248 | ---- | C] () -- C:\Windows\System32\bgspmnt.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/09/16 11:44:52 | 000,003,235 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2009/07/14 06:15:37 | 000,781,502 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 06:15:37 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 06:15:37 | 000,176,704 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 06:15:37 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 02:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:33:53 | 000,408,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 00:05:48 | 000,729,344 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 00:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 00:05:48 | 000,150,404 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 00:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 00:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 00:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 21:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 20:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/19 13:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/17 15:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/17 15:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/17 15:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/17 15:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/17 14:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/09/12 08:25:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DvsNDKEx.dll
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/08/24 06:39:10 | 000,434,270 | ---- | C] () -- C:\Windows\System32\Mp4ADecoder.dll
[2006/11/02 14:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe
[2006/01/31 23:30:32 | 000,028,672 | ---- | C] () -- C:\Windows\System32\TextOverlayEx.dll
[2005/11/16 01:57:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Audio.dll
[2004/10/03 15:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2004/08/03 00:30:56 | 000,024,576 | ---- | C] () -- C:\Windows\System32\decompress.dll
[2004/07/07 07:18:40 | 000,024,576 | ---- | C] () -- C:\Windows\System32\CreateAvi.dll
[2004/05/05 05:22:40 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AudioACM.dll
[2002/09/13 01:14:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\netdecdll.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011/10/10 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Nokia
[2011/10/10 12:02:35 | 000,000,000 | ---D | M] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Nokia Ovi Suite
[2011/11/08 17:27:28 | 000,000,000 | ---D | M] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Nokia Suite
[2011/08/26 10:15:33 | 000,000,000 | ---D | M] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\PC Suite
[2010/11/29 13:39:46 | 000,000,000 | ---D | M] -- C:\Users\rogerio.PETROPOL\AppData\Roaming\TeamViewer
[2011/10/07 18:03:19 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\*.* >[/color]
[2011/09/09 11:47:52 | 000,004,554 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[color=#A23BEC]< %APPDATA%\* >[/color]
[2011/06/15 11:05:26 | 000,038,467 | ---- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Roaming\Valores Separados por Vírgulas (Windows).ADR

[color=#A23BEC]< %COMMONPROGRAMFILES%\*.* >[/color]

[color=#A23BEC]< %HOMEPATH%\* >[/color]
[2010/09/24 10:51:35 | 000,000,080 | ---- | M] () -- \Users\rogerio.PETROPOL\CAMPUS.ppf
[2011/12/06 15:57:42 | 000,000,012 | ---- | M] () -- \Users\rogerio.PETROPOL\intlname.ols
[2011/12/12 13:00:44 | 004,718,592 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT
[2011/12/12 13:00:43 | 000,262,144 | -HS- | M] () -- \Users\rogerio.PETROPOL\ntuser.dat.LOG1
[2010/09/08 10:55:42 | 000,000,000 | -HS- | M] () -- \Users\rogerio.PETROPOL\ntuser.dat.LOG2
[2010/09/08 19:36:22 | 000,065,536 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/08 19:36:22 | 000,524,288 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 19:36:22 | 000,524,288 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/08 10:55:42 | 000,000,020 | -HS- | M] () -- \Users\rogerio.PETROPOL\ntuser.ini

[color=#A23BEC]< %HOMEPATH%\*.* >[/color]
[2010/09/24 10:51:35 | 000,000,080 | ---- | M] () -- \Users\rogerio.PETROPOL\CAMPUS.ppf
[2011/12/06 15:57:42 | 000,000,012 | ---- | M] () -- \Users\rogerio.PETROPOL\intlname.ols
[2011/12/12 13:00:44 | 004,718,592 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT
[2011/12/12 13:00:43 | 000,262,144 | -HS- | M] () -- \Users\rogerio.PETROPOL\ntuser.dat.LOG1
[2010/09/08 10:55:42 | 000,000,000 | -HS- | M] () -- \Users\rogerio.PETROPOL\ntuser.dat.LOG2
[2010/09/08 19:36:22 | 000,065,536 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/08 19:36:22 | 000,524,288 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 19:36:22 | 000,524,288 | -HS- | M] () -- \Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/08 10:55:42 | 000,000,020 | -HS- | M] () -- \Users\rogerio.PETROPOL\ntuser.ini

[color=#A23BEC]< %LOCALAPPDATA%\* >[/color]
[2011/11/07 13:01:43 | 000,010,240 | ---- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 14:10:27 | 000,000,104 | ---- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\fusioncache.dat
[2011/06/20 15:31:07 | 000,109,216 | ---- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/12/10 16:03:00 | 001,296,598 | -H-- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\IconCache.db

[color=#A23BEC]< %LOCALAPPDATA%\*.* >[/color]
[2011/11/07 13:01:43 | 000,010,240 | ---- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 14:10:27 | 000,000,104 | ---- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\fusioncache.dat
[2011/06/20 15:31:07 | 000,109,216 | ---- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/12/10 16:03:00 | 001,296,598 | -H-- | M] () -- C:\Users\rogerio.PETROPOL\AppData\Local\IconCache.db

[color=#A23BEC]< %PROGRAMDATA%\* >[/color]
[2011/09/09 11:47:52 | 000,004,554 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2009/07/14 02:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[color=#A23BEC]< %SYSTEMDRIVE%\* >[/color]
[2011/12/12 09:19:40 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\51942_bankerfix_30.exe
[2010/06/21 11:27:01 | 000,032,866 | ---- | M] () -- C:\ASLog.txt
[2009/06/10 19:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/02/02 15:52:51 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010/09/03 16:53:07 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2008/04/14 10:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010/11/20 10:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/09/03 16:53:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/20 14:22:57 | 000,001,004 | ---- | M] () -- C:\certificadobradesco02.crt
[2010/08/20 14:22:57 | 000,000,981 | ---- | M] () -- C:\certificadobradesco02.key
[2009/06/10 19:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/14 09:03:26 | 000,006,189 | RH-- | M] () -- C:\dell.sdr
[2011/12/12 08:06:53 | 2378,092,544 | -HS- | M] () -- C:\hiberfil.sys
[2008/06/23 14:46:21 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/02/24 11:13:02 | 000,000,000 | RHS- | M] () -- C:\khw
[2008/06/23 14:46:21 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2010/10/20 14:19:16 | 000,337,744 | ---- | M] () -- C:\NET_rogerio.log
[2011/11/09 16:58:24 | 000,038,380 | ---- | M] () -- C:\NET_tadiotto.log
[2008/04/14 10:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 10:00:00 | 000,251,696 | RHS- | M] () -- C:\ntldr
[2011/12/06 15:17:08 | 000,012,610 | ---- | M] () -- C:\ORCAMENTO.PDF
[2011/12/12 08:06:57 | 3170,791,424 | -HS- | M] () -- C:\pagefile.sys
[2010/02/26 17:20:29 | 000,001,536 | ---- | M] () -- C:\palm.grf
[2010/06/08 17:37:11 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/10/13 10:48:51 | 000,000,889 | ---- | M] () -- C:\Settings.ini

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2011/12/12 09:19:40 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\51942_bankerfix_30.exe
[2010/06/21 11:27:01 | 000,032,866 | ---- | M] () -- C:\ASLog.txt
[2009/06/10 19:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/02/02 15:52:51 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010/09/03 16:53:07 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2008/04/14 10:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010/11/20 10:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/09/03 16:53:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/20 14:22:57 | 000,001,004 | ---- | M] () -- C:\certificadobradesco02.crt
[2010/08/20 14:22:57 | 000,000,981 | ---- | M] () -- C:\certificadobradesco02.key
[2009/06/10 19:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/14 09:03:26 | 000,006,189 | RH-- | M] () -- C:\dell.sdr
[2011/12/12 08:06:53 | 2378,092,544 | -HS- | M] () -- C:\hiberfil.sys
[2008/06/23 14:46:21 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/02/24 11:13:02 | 000,000,000 | RHS- | M] () -- C:\khw
[2008/06/23 14:46:21 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2010/10/20 14:19:16 | 000,337,744 | ---- | M] () -- C:\NET_rogerio.log
[2011/11/09 16:58:24 | 000,038,380 | ---- | M] () -- C:\NET_tadiotto.log
[2008/04/14 10:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 10:00:00 | 000,251,696 | RHS- | M] () -- C:\ntldr
[2011/12/06 15:17:08 | 000,012,610 | ---- | M] () -- C:\ORCAMENTO.PDF
[2011/12/12 08:06:57 | 3170,791,424 | -HS- | M] () -- C:\pagefile.sys
[2010/02/26 17:20:29 | 000,001,536 | ---- | M] () -- C:\palm.grf
[2010/06/08 17:37:11 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/10/13 10:48:51 | 000,000,889 | ---- | M] () -- C:\Settings.ini

[color=#A23BEC]< %TEMP%\*.* >[/color]
[2011/12/12 08:08:03 | 000,001,950 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\AdobeARM.log
[2011/12/09 10:56:45 | 000,000,000 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\CVR1312.tmp.cvr
[2011/12/09 13:54:49 | 000,000,000 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\CVR15E3.tmp.cvr
[2011/12/09 16:47:06 | 000,000,000 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\CVR8066.tmp.cvr
[2011/12/09 16:37:17 | 000,000,000 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\CVR8288.tmp.cvr
[2011/12/09 16:37:24 | 000,000,000 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\CVR9CAD.tmp.cvr
[2011/12/12 13:00:29 | 000,165,840 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\DalMeasurementFile2.log
[2011/12/12 10:21:00 | 000,002,372 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\ExchangePerflog_8484fa319038f0f6511fba98.dat
[2010/09/08 10:56:13 | 000,000,000 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\FXSAPIDebugLogFile.txt
[2011/12/12 08:12:40 | 000,001,532 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\jusched.log
[2011/12/10 15:49:21 | 000,001,536 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\NEventMessages.dll
[2011/12/10 15:49:25 | 000,001,536 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\NOSEventMessages.dll
[2011/12/10 15:52:24 | 000,004,066 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\nosStoreInfo_music.ovi_BR.xml
[2011/08/26 10:11:57 | 000,000,000 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\qtsingleapp-NokiaO-b889-1-lockfile
[2011/12/10 15:18:55 | 000,000,707 | ---- | M] () -- C:\Users\ROGERI~1.PET\AppData\Local\Temp\StructuredQuery.log
[9 C:\Users\ROGERI~1.PET\AppData\Local\Temp\*.tmp files -> C:\Users\ROGERI~1.PET\AppData\Local\Temp\*.tmp -> ]

[color=#A23BEC]< %USERPROFILE%\*.* >[/color]
[2010/09/24 10:51:35 | 000,000,080 | ---- | M] () -- C:\Users\rogerio.PETROPOL\CAMPUS.ppf
[2011/12/06 15:57:42 | 000,000,012 | ---- | M] () -- C:\Users\rogerio.PETROPOL\intlname.ols
[2011/12/12 13:00:44 | 004,718,592 | -HS- | M] () -- C:\Users\rogerio.PETROPOL\NTUSER.DAT
[2011/12/12 13:00:43 | 000,262,144 | -HS- | M] () -- C:\Users\rogerio.PETROPOL\ntuser.dat.LOG1
[2010/09/08 10:55:42 | 000,000,000 | -HS- | M] () -- C:\Users\rogerio.PETROPOL\ntuser.dat.LOG2
[2010/09/08 19:36:22 | 000,065,536 | -HS- | M] () -- C:\Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/08 19:36:22 | 000,524,288 | -HS- | M] () -- C:\Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 19:36:22 | 000,524,288 | -HS- | M] () -- C:\Users\rogerio.PETROPOL\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/08 10:55:42 | 000,000,020 | -HS- | M] () -- C:\Users\rogerio.PETROPOL\ntuser.ini

[color=#A23BEC]< %WINDIR%\*.* >[/color]
[2010/11/09 16:33:25 | 000,000,020 | ---- | M] () -- C:\Windows\4÷
[2010/11/20 10:16:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/12/12 09:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2006/07/12 03:00:30 | 000,005,385 | ---- | M] () -- C:\Windows\EPBUYINK.HTM
[2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/13 23:14:20 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2009/07/13 23:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2009/07/13 23:14:21 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe
[2010/09/08 11:24:57 | 000,000,724 | ---- | M] () -- C:\Windows\hpntwksetup.ini
[1998/10/29 16:45:06 | 000,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2009/07/13 20:58:08 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin
[2009/06/10 19:19:27 | 000,001,405 | ---- | M] () -- C:\Windows\msdfmap.ini
[2009/07/13 23:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2011/12/09 15:18:32 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/12/28 10:02:07 | 000,000,418 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/06/10 19:14:33 | 000,053,551 | ---- | M] () -- C:\Windows\Professional.xml
[2009/07/13 23:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe
[2011/12/12 09:23:24 | 000,000,336 | ---- | M] () -- C:\Windows\setupact.log
[2011/12/10 15:45:15 | 000,000,000 | ---- | M] () -- C:\Windows\setuperr.log
[2009/06/10 19:14:45 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml
[2009/06/10 19:46:28 | 000,000,219 | ---- | M] () -- C:\Windows\system.ini
[2009/06/10 19:41:17 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\Windows\twain.dll
[2010/11/20 10:21:32 | 000,051,200 | ---- | M] (Twain Working Group) -- C:\Windows\twain_32.dll
[2009/06/10 19:41:17 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe
[2009/07/13 23:14:42 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/02/23 16:54:37 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/07/14 02:41:57 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2011/12/12 12:46:27 | 001,393,162 | ---- | M] () -- C:\Windows\WindowsUpdate.log
[2009/06/10 19:42:20 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhelp.exe
[2009/07/13 23:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2010/04/17 00:21:08 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2009/06/10 19:34:23 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx
[2009/07/13 23:14:49 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\write.exe
[2009/06/10 19:42:49 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 308 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:5AA02C44_Uni.gbp
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:5AA02C44_Scd.gbp

< End of report >

Obrigado pela atenção

Abraços

João Prado

wings · Dezembro 15, 2011

Sabe informar algo sobre isso?

C:\Windows\4÷w

Caso negativo envie para análise em http://virusscan.jotti.org

*Cole o link do resultado.

João Prado · Dezembro 16, 2011

Não sei do que se trata.

http://virusscan.jotti.org/pt-br/scanresult/2980836bfaa9e6ed87da490020f84935973d13a4/f9caa3011404bc6e2793d9108dfbc11c04028e90

Eu fiz os testes que tinha pedido anteriormente, antes de editar o post. Quer que poste os resultados também?

wings · Dezembro 16, 2011

Eu fiz os testes que tinha pedido anteriormente, antes de editar o post. Quer que poste os resultados também?

Sim....por favor.

João Prado · Dezembro 19, 2011

Link de verificação do wina.exe

Log Kaspersky

Status: Detected   (events: 12)	
16/12/2011 07:39:45	Detected	virus HEUR:Trojan.Win32.Generic	c:\Users\rogerio.PETROPOL\AppData\wina.exe	High	
16/12/2011 08:00:14	Detected	virus HEUR:Trojan.Win32.Generic	c:\Users\rogerio.petropol\AppData\wina.exe	High	
16/12/2011 08:16:05	Detected	virus HEUR:Trojan.Win32.Generic	C:\Documents and Settings\rogerio.PETROPOL\AppData\wina.exe	High	
16/12/2011 08:16:06	Detected	virus HEUR:Trojan.Win32.Generic	C:\Documents and Settings\rogerio.PETROPOL\AppData\lobi.exe	High	
16/12/2011 08:41:22	Detected	Trojan program Trojan-Downloader.WMA.Wimad.ag	C:\Documents and Settings\rogerio.PETROPOL\Documents\Minhas músicas\MUSICAS MP3\Eletronica\Steve Angello - Be.mp3	High	
16/12/2011 08:54:36	Detected	Trojan program Trojan-Downloader.WMA.Wimad.ag	C:\Documents and Settings\rogerio.PETROPOL\Meus documentos\Minhas músicas\MUSICAS MP3\Eletronica\Steve Angello - Be.mp3	High	
16/12/2011 08:59:04	Detected	Trojan program Trojan-Downloader.WMA.Wimad.ag	C:\Documents and Settings\rogerio.PETROPOL\Music\MUSICAS MP3\Eletronica\Steve Angello - Be.mp3	High	
16/12/2011 09:29:37	Detected	virus HEUR:Trojan.Win32.Generic	C:\Users\rogerio.PETROPOL\AppData\wina.exe	High	
16/12/2011 09:29:39	Detected	virus HEUR:Trojan.Win32.Generic	C:\Users\rogerio.PETROPOL\AppData\lobi.exe	High	
16/12/2011 09:42:32	Detected	Trojan program Trojan-Downloader.WMA.Wimad.ag	C:\Users\rogerio.PETROPOL\Documents\Minhas músicas\MUSICAS MP3\Eletronica\Steve Angello - Be.mp3	High	
16/12/2011 09:46:51	Detected	Trojan program Trojan-Downloader.WMA.Wimad.ag	C:\Users\rogerio.PETROPOL\Meus documentos\Minhas músicas\MUSICAS MP3\Eletronica\Steve Angello - Be.mp3	High	
16/12/2011 09:50:54	Detected	Trojan program Trojan-Downloader.WMA.Wimad.ag	C:\Users\rogerio.PETROPOL\Music\MUSICAS MP3\Eletronica\Steve Angello - Be.mp3	High

Abraços

João Prado

wings · Dezembro 19, 2011

*Execute novamente o Kaspersky e clique [start]

*Clique no botão

*Acrescente na pesquisa Meu computador

*Clique Actions, selecione a opção Select action e mantenha as opções Disinfect e Delete marcadas.

*Clique

*Clique [start scanning]

*Ao término, clique

*Clique Detected threats > Save e salve no desktop como log2.txt

*Cole o relatório log2.txt salvo no desktop

João Prado · Dezembro 20, 2011

Boa tarde, segue relatório solicitado.

Status: Quarantined   (events: 2)	
20/12/2011 08:02:17	Quarantined	virus HEUR:Trojan.Win32.Generic	c:\Users\rogerio.PETROPOL\AppData\wina.exe	High	
20/12/2011 08:22:18	Quarantined	virus HEUR:Trojan.Win32.Generic	C:\Documents and Settings\rogerio.PETROPOL\AppData\lobi.exe	High	
Status: Deleted   (events: 1)	
20/12/2011 08:48:18	Deleted	Trojan program Trojan-Downloader.WMA.Wimad.ag	C:\Documents and Settings\rogerio.PETROPOL\Documents\Minhas músicas\MUSICAS MP3\Eletronica\Steve Angello - Be.mp3	High

Abraços

João Prado

wings · Dezembro 20, 2011

Informe se o problema foi resolvido para podermos iniciar a remoção das ferramentas usadas.

João Prado · Dezembro 21, 2011

Bom dia,

aparentemente o problema foi solucionado, acredito que já podemos remover as ferramentas.

Obrigado pela ajuda e atenção.

Abraços

João Prado

wings · Dezembro 21, 2011

1.

*Delete o Kaspersky e seus relatórios.

2.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

Um abraço.

João Prado · Dezembro 21, 2011

Beleza, tudo certo.

Obrigado pela ajuda e pela atenção.

Abraços

João Prado

wings · Dezembro 22, 2011

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido] &nbspTela falsa do MSN abre com o Windows

Recommended Posts

João Prado 64

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

João Prado 64

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

João Prado 64

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

João Prado 64

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

João Prado 64

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

João Prado 64

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

João Prado 64

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

PHP+Codeigniter - Adicionar Registro Plano de Contas

Javascript - Passar Parâmetros para uma Função.

PHP - Consulta MySql para prazo de dias

Fóruns

Tempo Real

Informação importante