[Resolvido] &nbspTeclado com erro em apenas alguns softwares

[moicanofacul 0]

(vou digitar sem acentos porque o teclado esta bugado)

 

Camaradas, agora ha pouco, sem nenhum sinal aparente, meu teclado ficou louco!

 

Simplesmente nao estou conseguindo colocar acentos nas palavras, pois as tres teclas (6/trema, acento agudo/crase e til/circunflexo) estao dando erro. Isso que relatarei so acontece com os acentos.

 

Quando aperto 1 vez para, em seguida, digitar a letra que recebera o acento, acontece de o teclado agir como se eu tivesse apertado duas vezes, colocando o acento duas vezes fora da palavra. Vide exemplos: M¨¨uller, Para´´iba, ``aquele, avi~~ao, vov^^o.

 

Mas isso so acontece em softwares que nao sao do sistema operacional.

O erro acontece no Mozzila, no Word, no MSN.

E esta tudo normal (sem erros) no Bloco da Notas ou quando nomeio algum arquivo ou pasta.

 

Para adiantar, segue o relatorio do HiJackThis:

(por favor, me ajudem!!! Trabalho com relatorios e preciso desses acentos!)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:52:47, on 06/02/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Users\Pierre Cardoso\AppData\Roaming\Evil\zabym.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Pierre Cardoso\Downloads\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pierre Cardoso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [{0946F347-6541-AD7F-738D-89677E18AA7A}] "C:\Users\Pierre Cardoso\AppData\Roaming\Evil\zabym.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F91A47DD-2831-4021-A2F9-94A55DAB31FD}: NameServer = 200.222.145.84 200.165.132.148

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 10939 bytes

[wings 22]

Olá moicanofacul

 

 

1.

*Instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

Caso já tenhas o Malwarebytes instalado....

 

*Execute-o, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao término, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

2.

*Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

 

*Execute-o, aguarde a instalação, aceite o contrato e clique [start]

 

 

*Clique

 

*Acrescente na pesquisa Meu computador

 

 

 

*Clique

 

*Clique [start scanning]

 

*Durante o scan, janelas surgirão. Nas janelas como a abaixo, não faça nada.

 

 

*Caso encontre algo, como nas janelas abaixo, selecione Apply to all objects e clique [skip]

 

 

 

*Ao término, clique

 

*Clique Detected threats > [save] e salve no desktop como log.txt

 

*Cole o relatório log.txt salvo no desktop

[moicanofacul 0]

Quando passei o Malwarebyte's, fiz a remoção dos trojans encontrados e reiniciei o computador, o problema se resolveu.

 

Porém o Karpersky encontrou mais 2 trojans, que não fiz a desinfecção pois você não mandou.

 

Quando vim abrir o Firefox pra mandar os relatórios, apareceram umas janelinhas que não consegui identificar o que eram (abriram e fecharam rapidamente).

 

Malwarebyte's

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.02.06.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Pierre Cardoso :: PIERRECARDOSO [administrador]

 

06/02/2012 21:59:08

mbam-log-2012-02-06 (21-59-08).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 364877

Tempo decorrido: 1 hora(s), 24 minuto(s), 54 segundo(s)

 

Processos de Memória Detectados: 1

C:\Users\Pierre Cardoso\AppData\Roaming\Evil\zabym.exe (Trojan.Agent) -> 1120 -> Será deletado na próxima inicialização.

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{0946F347-6541-AD7F-738D-89677E18AA7A} (Trojan.Agent) -> Data: "C:\Users\Pierre Cardoso\AppData\Roaming\Evil\zabym.exe" -> Enviado para a Quarentena e deletado com sucesso.

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 2

C:\Users\Pierre Cardoso\AppData\Roaming\Evil\zabym.exe (Trojan.Agent) -> Será deletado na próxima inicialização.

C:\Users\Pierre Cardoso\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2e7d0115-2f079a86 (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

 

 

 

Kaspersky

 

Status: Detected (events: 2)

06/02/2012 23:56:05 Detected Trojan program Exploit.Java.CVE-2011-3544.fv C:\Documents and Settings\Pierre Cardoso\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6092c086-25695149/Wiki.class High

07/02/2012 01:15:49 Detected Trojan program Exploit.Java.CVE-2011-3544.fv C:\Users\Pierre Cardoso\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6092c086-25695149/Wiki.class High

[wings 22]

1.

*Delete o Kaspersky e seu relatório

 

2.

*Baixe o OTL e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Selecione:

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

*Sob Exame Padrão do Registro selecione a opção Todos

 

*Sob Exame Extra do Registro selecione a opção Usar SafeList

 

*No espaço abaixo de Exames Personalizados/Correções, cole as linhas em marrom:

%APPDATA%\Evil\*.exe

%LOCALAPPDATA%\*.*

%USERPROFILE%\*.*

CREATERESTOREPOINT

 

 

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt localizados no desktop

 

Caso o relatório OTL.txt fique demasiadamente grande...

 

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[moicanofacul 0]

OTL

 

OTL logfile created on: 07/02/2012 15:49:14 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pierre Cardoso\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 43,73% Memory free

7,73 Gb Paging File | 5,46 Gb Available in Paging File | 70,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 471,17 Gb Total Space | 392,91 Gb Free Space | 83,39% Space Free | Partition Type: NTFS

Drive D: | 9,48 Gb Total Space | 1,44 Gb Free Space | 15,23% Space Free | Partition Type: NTFS

Drive P: | 450,76 Gb Total Space | 207,57 Gb Free Space | 46,05% Space Free | Partition Type: NTFS

 

Computer Name: PIERRECARDOSO | User Name: Pierre Cardoso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/02/07 15:46:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

PRC - [2012/02/01 18:35:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/12/01 17:57:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/12/01 17:57:42 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/12/01 17:57:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/07/18 09:11:44 | 000,208,264 | ---- | M] ( ) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/10/02 12:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/02/01 18:35:00 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/01/10 21:08:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll

MOD - [2011/11/28 14:37:28 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/10/13 04:30:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/10/13 04:30:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/10/13 04:30:21 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011/10/13 04:30:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/10/13 04:30:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/10/13 04:30:13 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/10/13 04:30:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010/11/12 22:33:11 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/08/30 11:17:26 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/09/08 21:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 23:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/12/01 17:57:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/12/01 17:57:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011/07/18 09:11:44 | 000,208,264 | ---- | M] ( ) [unknown | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/06/08 14:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/12/01 17:58:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/12/01 17:58:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011/12/01 17:58:02 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/08/30 11:17:24 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)

DRV:64bit: - [2011/07/12 19:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/05/18 11:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2011/05/18 11:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2011/05/18 11:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2011/05/18 11:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 08:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/07/08 23:03:00 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/10/02 09:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/29 23:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/09/08 22:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/08/20 22:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV - [2011/07/18 09:13:36 | 000,043,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006/10/23 12:42:30 | 000,031,899 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://go.microsoft.com/fwlink/?linkid=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pierre Cardoso\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/15 22:52:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/01 18:35:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/28 15:16:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/15 22:52:28 | 000,000,000 | ---D | M]

 

[2010/07/07 00:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Extensions

[2010/07/07 00:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2012/01/18 17:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions

[2012/01/18 17:12:24 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2012/01/02 18:25:14 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

[2010/11/17 00:12:19 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\pt-BR@dictionaries.addons.mozilla.org

[2011/11/08 21:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/01 18:35:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

() (No name found) -- C:\USERS\PIERRE CARDOSO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HAWBR6LM.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

() (No name found) -- C:\USERS\PIERRE CARDOSO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HAWBR6LM.DEFAULT\EXTENSIONS\DESPROTETORDELINKS@CLAUDIO-SILVA.COM.XPI

[2012/02/01 18:35:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL

[2011/06/06 12:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2010/02/15 16:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2010/02/15 16:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2010/01/01 06:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml

[2010/01/01 06:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010/01/01 06:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml

[2011/11/08 21:45:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2010/01/01 06:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml

[2010/01/01 06:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2011/06/27 13:13:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [Facebook Update] C:\Users\Pierre Cardoso\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F91A47DD-2831-4021-A2F9-94A55DAB31FD}: NameServer = 200.222.145.84 200.165.132.148

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) -C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/07 15:46:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

[2012/02/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/02/06 20:42:13 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{410A7705-1B92-44DF-99C7-93D9826BE2B4}

[2012/02/06 20:40:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{2874DD44-C81D-4BA9-BD97-3EDC9806E9E2}

[2012/02/06 13:53:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Roaming\Evil

[2012/02/06 13:53:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Roaming\Ajpa

[2012/02/06 08:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

[2012/02/06 08:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

[2012/02/06 08:40:11 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{9B0B987A-FE88-48B4-A5D5-D2DB9206E7A5}

[2012/02/05 20:37:44 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C082C22F-05C4-4CCA-A452-B9BA84A04A0B}

[2012/02/05 08:35:31 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{1CB82E46-9813-4C8A-BCA7-DDAE71EC0519}

[2012/02/04 20:35:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C9782F55-BFFB-422F-8455-BE348E0A3997}

[2012/02/04 08:34:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{F8FB775B-89A0-47E0-B4A9-947BA0EFF2EC}

[2012/02/03 20:34:17 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{6BDB0A86-D255-4765-A763-7EED91DE9897}

[2012/02/03 08:33:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{32192A71-BF65-4CEF-87D2-27327E38B943}

[2012/02/02 20:33:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{4F1FE0B2-B8A8-48AB-959E-99EF3E9DBD59}

[2012/02/02 08:31:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{47712E56-F847-429E-8EB6-53019474F318}

[2012/02/01 20:30:48 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B91FCF9E-4681-4912-9688-91F6A3A1FC07}

[2012/02/01 08:30:01 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{27995941-30A5-4310-95C1-BD9017798FB8}

[2012/01/31 20:29:35 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{8E1D2DDB-BE89-4219-9186-C734A32B1038}

[2012/01/31 19:35:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Activision Value

[2012/01/31 19:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision Value

[2012/01/31 19:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision Value

[2012/01/31 08:28:22 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D22F9CB9-AC56-4CCF-8C77-2EEDFDE89311}

[2012/01/30 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{37C7AA33-673E-48F2-B943-0EA21E19B0A2}

[2012/01/30 08:26:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{5629F021-BEBA-4FBE-9EE8-61885773B1D4}

[2012/01/29 20:26:15 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{2B813FC0-C264-4BE0-9F60-76D1F0518717}

[2012/01/29 08:25:46 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{0726D494-8043-4F57-A430-A31E62CE7B7B}

[2012/01/28 20:25:22 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{918E406C-7778-4F73-9B2E-532DE4D3450B}

[2012/01/28 08:24:57 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{168A82F0-6C91-40FD-9BBC-FD58841BEFB9}

[2012/01/27 20:24:33 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{FCF03A7C-264B-48E7-A8C4-C53217F77C36}

[2012/01/27 08:23:51 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{EC91F383-5A30-4279-ACA0-482263537AD7}

[2012/01/26 20:23:26 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DFAD7F89-30A0-4DBA-BAA5-1526159A646D}

[2012/01/26 08:22:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{E662BDAD-DF23-4FAE-9AA3-CF2113B80FF2}

[2012/01/25 20:20:36 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{8FDCB562-8545-46D4-91E1-B2E2C4BA45CA}

[2012/01/25 20:20:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{755F99A0-02D8-47A9-969A-25DFEBCF7D9E}

[2012/01/25 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{93C199AA-2D81-47D6-B5DC-344ED5B98D7B}

[2012/01/24 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{4D302666-3C42-416C-A349-3E9468BF9958}

[2012/01/24 08:18:31 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{59039C31-E767-401E-81AA-665DEDC3D202}

[2012/01/23 20:18:06 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{9C7FB902-54C4-4737-9172-C9DA460842EB}

[2012/01/23 08:17:36 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{3CDD7FF4-F28B-4237-BBBC-5EFAF73EF954}

[2012/01/22 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{48A9D7E4-8D72-41BC-8DE0-11734B2D0D2F}

[2012/01/22 08:14:49 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{58EA8A21-F0F8-4525-ABDD-C83119D1CBA2}

[2012/01/21 20:12:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{6052746C-2030-43C4-818D-D39A3B894C22}

[2012/01/21 08:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{3C2DA700-4750-49C4-921C-C5F89FE89B80}

[2012/01/20 20:11:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{79E4CF5E-ECC3-48B4-AC5B-7771B05AD48F}

[2012/01/20 08:11:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C992BB85-B209-4875-84FE-27FE055BF456}

[2012/01/19 20:10:43 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{130A35D2-F283-4BA6-BA19-E2183ABB0DAF}

[2012/01/19 08:10:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{2056F4D1-7F20-42C6-AD8A-C6001A87CBC1}

[2012/01/18 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{5E43F0E6-F9EB-4142-B141-3A80684E3950}

[2012/01/18 08:09:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{AD3E7AD3-6CF2-4FC7-A422-48A1B28E448C}

[2012/01/17 20:08:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{BE2CB22D-B16B-4E5E-BE6F-31CDB26F5B0D}

[2012/01/17 08:07:33 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D261251F-A188-45EA-B368-189A0C346FBB}

[2012/01/16 20:04:35 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{9929EC82-68A4-4583-BA2E-119FE43F2B97}

[2012/01/16 08:04:09 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{EE5D4D59-D69A-4D2A-AEE3-103768B35DDD}

[2012/01/15 20:03:45 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DBA4F551-C2A9-4FA1-9869-9B7BE338A678}

[2012/01/15 08:03:20 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{4187F424-A242-4D44-A80C-5C2058FDFCE8}

[2012/01/14 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{655C886B-8E6B-4176-979B-02668E852E61}

[2012/01/14 08:02:09 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{BECC4F2E-F0CB-4069-8573-1137053254BD}

[2012/01/13 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{519EE459-95F6-4500-9DD3-56DEAA1EBB8D}

[2012/01/13 07:59:35 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{0247B5A9-9685-4BBD-99AD-051238148862}

[2012/01/13 07:59:11 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{5D2536C6-2103-49B3-A5AC-EDF644B65CB2}

[2012/01/12 19:58:44 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{114BD7A1-DD00-4D34-A560-4BECC13465DC}

[2012/01/12 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{117CAE5D-0305-4299-891B-0789F199BD22}

[2012/01/11 19:56:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C47DE6FA-E002-4FA1-9021-1A14BF21A692}

[2012/01/11 07:54:35 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{0BEB8C0B-0C02-4ABC-8B91-6964D2326A91}

[2012/01/10 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{02A2ADA0-C06B-4AE5-BF09-C843E9982DB7}

[2012/01/10 07:52:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{519C2956-FE47-43F1-BFB8-3CC61DF0B0DE}

[2012/01/09 19:50:38 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{2A028771-9C22-4246-8A1E-1345C78E5680}

[2012/01/09 07:50:12 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B70E8852-CD6B-48F8-BE61-71EB86477533}

[2012/01/08 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C5522447-8F05-42F3-B36D-286EEC358D0A}

[2012/01/08 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{37F1A3F7-3134-4D36-80D3-39952CF36791}

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/02/07 15:46:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

[2012/02/07 13:34:01 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000UA.job

[2012/02/07 06:00:52 | 000,061,793 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\LLPB3.jpg

[2012/02/07 06:00:36 | 000,090,406 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\LLPB2.jpg

[2012/02/07 06:00:24 | 000,087,671 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\LLPB.jpg

[2012/02/06 23:41:00 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/06 23:41:00 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/06 23:39:01 | 001,517,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/06 23:39:01 | 000,663,828 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/02/06 23:39:01 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/06 23:39:01 | 000,128,118 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/02/06 23:39:01 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/06 23:31:28 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2012/02/06 23:30:34 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/06 22:02:58 | 000,259,179 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\Viruses.pdf

[2012/02/06 22:02:52 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv

[2012/02/06 19:34:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000Core.job

[2012/02/06 14:27:58 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPierre Cardoso.job

[2012/01/31 13:41:07 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2012/01/26 15:44:49 | 000,000,938 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\Concursos Públicos.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/02/07 06:00:52 | 000,061,793 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\LLPB3.jpg

[2012/02/07 06:00:35 | 000,090,406 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\LLPB2.jpg

[2012/02/07 06:00:23 | 000,087,671 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\LLPB.jpg

[2012/02/06 22:02:52 | 000,259,179 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\Viruses.pdf

[2012/01/26 15:44:48 | 000,000,938 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\Concursos Públicos.lnk

[2011/09/01 18:22:04 | 000,000,501 | ---- | C] () -- C:\Windows\SysWow64\MMoney20.drv

[2011/09/01 18:22:04 | 000,000,501 | ---- | C] () -- C:\Windows\SysWow64\drcmmsys20.drv

[2011/05/15 20:47:41 | 000,001,854 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Roaming\GhostObjGAFix.xml

[2011/04/14 15:30:33 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll

[2011/01/26 13:31:54 | 001,533,836 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/09/12 15:19:32 | 004,477,480 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00310.JPG

[2010/09/12 15:16:02 | 000,175,810 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.JPG

[2010/09/12 15:16:02 | 000,144,847 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.0

[2010/07/09 14:49:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe

[2010/07/09 14:49:26 | 000,001,125 | ---- | C] () -- C:\Windows\winamp.ini

[2010/07/09 13:27:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010/07/09 12:59:07 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv

[2010/07/09 12:59:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2010/07/08 23:40:32 | 000,073,757 | ---- | C] () -- C:\Windows\SysWow64\dancemat.exe

[2010/07/07 00:33:35 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat

[2010/07/07 00:33:35 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat

[2010/07/07 00:33:15 | 000,096,092 | ---- | C] () -- C:\Program Files (x86)\Default.SFX

[2010/07/07 00:33:15 | 000,077,660 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX

[2010/07/07 00:33:15 | 000,073,472 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX

[2010/07/07 00:33:15 | 000,050,278 | ---- | C] () -- C:\Program Files (x86)\winrar.lng

[2010/07/07 00:33:15 | 000,018,316 | ---- | C] () -- C:\Program Files (x86)\rar.lng

[2010/07/07 00:33:15 | 000,003,895 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng

[2010/07/07 00:33:15 | 000,001,623 | ---- | C] () -- C:\Program Files (x86)\rarext.lng

[2010/07/07 00:33:14 | 001,678,060 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm

[2010/07/07 00:33:14 | 001,039,360 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe

[2010/07/07 00:33:14 | 000,378,880 | ---- | C] () -- C:\Program Files (x86)\Rar.exe

[2010/07/07 00:33:14 | 000,246,272 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe

[2010/07/07 00:33:14 | 000,141,824 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll

[2010/07/07 00:33:14 | 000,120,832 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe

[2010/07/07 00:33:14 | 000,052,224 | ---- | C] () -- C:\Program Files (x86)\RarExt64.dll

[2010/07/07 00:33:14 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\RarExtLoader.exe

[2010/07/07 00:33:14 | 000,003,798 | ---- | C] () -- C:\Program Files (x86)\Order.htm

[2010/07/07 00:33:14 | 000,001,224 | ---- | C] () -- C:\Program Files (x86)\Descript.ion

[2010/07/07 00:33:14 | 000,001,088 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst

[2010/07/07 00:33:14 | 000,000,639 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst

[2010/07/07 00:33:14 | 000,000,587 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz

[2010/05/24 17:33:00 | 004,670,829 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll

[2010/05/24 17:33:00 | 001,529,856 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll

[2010/05/24 17:33:00 | 001,447,921 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll

[2010/05/24 17:33:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll

[2010/05/24 17:33:00 | 000,810,113 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/05/24 17:33:00 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll

[2010/05/24 17:33:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

[2010/05/24 17:33:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll

[2010/05/24 17:33:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll

[2010/05/24 17:33:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll

[2010/05/24 17:33:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll

[2010/05/24 17:33:00 | 000,139,944 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll

[2010/05/24 17:33:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll

[2010/05/24 17:33:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll

[2010/05/24 17:33:00 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/05/24 17:33:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2010/05/24 17:33:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll

[2010/05/19 18:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll

[2010/05/19 18:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll

[2010/05/19 18:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll

[2010/05/19 18:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll

[2010/05/19 18:58:24 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe

[2010/05/19 18:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll

[2010/05/19 18:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll

[2010/05/19 18:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll

[2010/05/19 18:57:38 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe

[2010/05/19 18:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll

[2010/05/19 18:57:20 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe

[2010/05/19 18:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll

[2010/05/19 18:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll

[2010/01/05 16:43:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/09/29 15:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/08/11 19:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe

[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat(17).dat

[2009/07/14 03:38:36 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/06/07 14:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/01/10 20:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll

[2008/11/06 13:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/04/28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2007/10/13 07:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

 

========== LOP Check ==========

 

[2012/02/06 19:26:14 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Ajpa

[2011/12/09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\DAEMON Tools Lite

[2012/02/06 23:30:33 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Evil

[2011/10/24 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Nokia

[2011/01/26 11:41:24 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\PC Suite

[2010/07/09 13:00:40 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\pdf995

[2011/02/11 00:13:58 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Sports Interactive

[2010/09/08 21:29:39 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\VDownloader

[2010/07/03 17:39:28 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\WinBatch

[2010/10/20 21:51:16 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Windows Live Writer

[2011/04/15 22:09:04 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\XMedia Recode

[2012/02/06 19:34:00 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000Core.job

[2012/02/07 13:34:01 | 000,000,964 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000UA.job

[2012/01/31 13:41:07 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2009/07/14 03:08:49 | 000,019,288 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(19).TXT

[2011/08/30 11:18:45 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %APPDATA%\Evil\*.exe >

 

< %LOCALAPPDATA%\*.* >

[2010/12/14 22:45:00 | 000,084,240 | ---- | M] () -- C:\Users\Pierre Cardoso\AppData\Local\GDIPFONTCACHEV1.DAT

[2012/02/06 23:29:29 | 001,242,676 | -H-- | M] () -- C:\Users\Pierre Cardoso\AppData\Local\IconCache.db

[2010/09/12 15:16:02 | 000,144,847 | ---- | M] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.0

[2010/09/12 15:16:02 | 000,175,810 | ---- | M] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.JPG

[2010/09/12 15:19:32 | 004,477,480 | ---- | M] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00310.JPG

 

< %USERPROFILE%\*.* >

[2012/02/07 15:55:46 | 006,815,744 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat

[2012/02/07 15:55:46 | 000,262,144 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat.LOG1

[2010/07/01 23:03:40 | 000,000,000 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat.LOG2

[2010/07/02 04:20:16 | 000,065,536 | -HS- | M] () -- C:\Users\Pierre Cardoso\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010/07/02 04:20:16 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010/07/02 04:20:16 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2011/03/10 04:19:28 | 000,065,536 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{51c48e5b-4a4d-11e0-87ee-78e7d100e91c}.TM.blf

[2011/03/10 04:19:28 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{51c48e5b-4a4d-11e0-87ee-78e7d100e91c}.TMContainer00000000000000000001.regtrans-ms

[2011/03/10 04:19:28 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{51c48e5b-4a4d-11e0-87ee-78e7d100e91c}.TMContainer00000000000000000002.regtrans-ms

[2010/11/21 21:10:04 | 000,065,536 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{74f5d546-f451-11df-8eb7-78e7d100e91c}.TM.blf

[2010/11/21 21:10:04 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{74f5d546-f451-11df-8eb7-78e7d100e91c}.TMContainer00000000000000000001.regtrans-ms

[2010/11/21 21:10:04 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{74f5d546-f451-11df-8eb7-78e7d100e91c}.TMContainer00000000000000000002.regtrans-ms

[2010/12/03 21:22:53 | 000,065,536 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{8d839a27-f5c3-11df-81d9-78e7d100e91c}.TM.blf

[2010/12/03 21:22:53 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{8d839a27-f5c3-11df-81d9-78e7d100e91c}.TMContainer00000000000000000001.regtrans-ms

[2010/12/03 21:22:53 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{8d839a27-f5c3-11df-81d9-78e7d100e91c}.TMContainer00000000000000000002.regtrans-ms

[2011/03/03 08:43:37 | 000,065,536 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{b207d38d-3893-11e0-a40b-78e7d100e91c}.TM.blf

[2011/03/03 08:43:37 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{b207d38d-3893-11e0-a40b-78e7d100e91c}.TMContainer00000000000000000001.regtrans-ms

[2011/03/03 08:43:37 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{b207d38d-3893-11e0-a40b-78e7d100e91c}.TMContainer00000000000000000002.regtrans-ms

[2011/02/14 22:08:15 | 000,065,536 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{bbbf771f-3890-11e0-a68a-78e7d100e91c}.TM.blf

[2011/02/14 22:08:15 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{bbbf771f-3890-11e0-a68a-78e7d100e91c}.TMContainer00000000000000000001.regtrans-ms

[2011/02/14 22:08:15 | 000,524,288 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.dat{bbbf771f-3890-11e0-a68a-78e7d100e91c}.TMContainer00000000000000000002.regtrans-ms

[2010/07/01 23:03:40 | 000,000,020 | -HS- | M] () -- C:\Users\Pierre Cardoso\ntuser.ini

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Rox Poker:MID

@Alternate Data Stream - 204 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

 

< End of report >

 

EXTRA

 

OTL Extras logfile created on: 07/02/2012 15:49:14 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pierre Cardoso\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 43,73% Memory free

7,73 Gb Paging File | 5,46 Gb Available in Paging File | 70,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 471,17 Gb Total Space | 392,91 Gb Free Space | 83,39% Space Free | Partition Type: NTFS

Drive D: | 9,48 Gb Total Space | 1,44 Gb Free Space | 15,23% Space Free | Partition Type: NTFS

Drive P: | 450,76 Gb Total Space | 207,57 Gb Free Space | 46,05% Space Free | Partition Type: NTFS

 

Computer Name: PIERRECARDOSO | User Name: Pierre Cardoso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.js [@ = jsfile] -- Reg Error: Key error. File not found

.vbs [@ = vbsfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E38EC8F-49B8-4C70-8DBF-E5837FCFB3C4}" = Windows Live Family Safety

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{5A569CBA-9BE4-EAB0-9B43-468CEA2323B7}" = ATI Catalyst Install Manager

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{65E1E6AE-1DA5-51F3-80B2-8E1F4798EE90}" = ccc-utility64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C957F82-7EE0-423D-A386-587C9A4A83FB}" = Software básico do dispositivo HP Deskjet 2050 J510 series

"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B4861B32-A6CD-4E01-BB79-3F19ED307B59}" = Estudo de melhoria do produto HP Deskjet 2050 J510 series

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"72A50F48CC5601190B9C4E74D81161693133E7F7" = Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"E0AC723A3DE3A04256288CADBBB011B112AED454" = Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"PC-Doctor for Windows" = Ferramentas de Diagnóstico de Hardware

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0A0EA5EE-B154-B71F-8F19-38D8A7880A2D}" = CCC Help Finnish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1305721F-9D11-28D6-4905-87C6E1C59483}" = CCC Help Spanish

"{13D751B7-252D-B3CC-4BA4-E9BEB44E3E52}" = CCC Help Danish

"{16B9D94B-6BD5-6AD2-7524-4742D2B0FD2E}" = Catalyst Control Center InstallProxy

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = TWIN PS TO PC CONVERTER

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21A6E85C-0310-4623-BE61-35DFE2F9AA88}" = USB Dual Vibration Joystick - Twin

"{23F766D0-ED47-1CDB-43ED-4D796523EE04}" = Catalyst Control Center Graphics Previews Vista

"{250C5899-57E3-9FCE-EC65-7D97EB26E801}" = CCC Help Thai

"{251823D1-E0F5-CF28-9228-23BB9BFA331A}" = CCC Help Japanese

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 26

"{2C68C9C3-EBE9-6E0D-A1F8-2BAAA38BAB31}" = CCC Help German

"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{363B792C-587F-FC44-52ED-CC96C40189DD}" = Catalyst Control Center Graphics Full New

"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion

"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3F461172-D41D-D4DC-C5FF-DD55047BFB62}" = Catalyst Control Center Localization All

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{43C93F31-8A0A-D660-1EA8-A50AFC3AF08E}" = CCC Help Portuguese

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50CF3F83-A50E-44DF-BC7E-07463908E986}" = Winning Eleven 9

"{5585CB69-5BD3-7BCB-C8E9-8801153AEA7E}" = Catalyst Control Center Graphics Previews Common

"{57A67EC6-0652-4C0A-B8D4-20CD437AD033}" = Catalyst Control Center - Branding

"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable

"{5C7C6A1A-472A-6A71-B76B-6362E7D754C1}" = CCC Help Greek

"{60A01572-96E0-0992-7D46-A14DE39DF744}" = CCC Help Hungarian

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66A7B066-7B5A-D0C8-CD4A-3956F28D0F19}" = Catalyst Control Center Core Implementation

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72C13C57-30D0-A4F2-0152-93497B41B4D1}" = CCC Help Italian

"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25

"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Ajuda

"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine

"{82507042-E161-7BC4-C0F8-2CC89FA78B08}" = CCC Help English

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{882CB5E3-A35E-64EA-502B-B5ACBCDB0E10}" = CCC Help Chinese Standard

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{88B9E14A-8D6F-1C30-4058-3874FDC8EB2C}" = HydraVision

"{89BF497F-006C-8EDF-D631-DD571B5F34AD}" = CCC Help French

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{900CD40F-16D4-0823-9CC5-13C400292E70}" = ccc-core-static

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0416-1000-0000000FF1CE}_HOMESTUDENTR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_HOMESTUDENTR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00B2-0416-0000-0000000FF1CE}" = Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92CB7642-7B94-0386-712C-B56625BEE89F}" = CCC Help Chinese Traditional

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9A169679-3201-2C0C-9F31-D9ED7C2CF73A}" = Catalyst Control Center Graphics Light

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A3F79A0-6348-1AEC-C74E-D0839CF67E66}" = CCC Help Dutch

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{9F6667C6-1653-9F63-C529-A46BDFB752C1}" = CCC Help Norwegian

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{A447DD0F-CF77-8088-4A7E-E6EBA1AF288B}" = CCC Help Turkish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Português

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B34C21F4-19EF-226B-DFC6-CDE873D4765D}" = CCC Help Polish

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CA68D835-CFBB-4140-310C-24E531EED00B}" = Catalyst Control Center HydraVision Full

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D5D1C55B-CF2E-6DF9-B7D1-7D459605E095}" = CCC Help Czech

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater

"{EE5B6291-45EF-4705-A20E-89A3C5D2F87E}" = Microsoft Works

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F580CD50-FEE4-BD23-6E92-06E097A62179}" = Catalyst Control Center Graphics Full Existing

"{F739E726-0A18-D419-C1CF-9DD9164CB63C}" = CCC Help Korean

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{F8D69CD2-512F-2BA9-EE88-B24B3380851B}" = CCC Help Russian

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FEDF630C-92DC-3EC1-04A7-2F32B34DB801}" = CCC Help Swedish

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Avira AntiVir Desktop" = Avira Free Antivirus

"BitLord" = BitLord 1.1

"Central de Jogos" = Central de Jogos

"ClocX" = ClocX (1.5b2)

"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero

"GOM Player" = GOM Player

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photo Creations" = HP Photo Creations

"HP Remote Solution" = HP Remote Solution

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{50CF3F83-A50E-44DF-BC7E-07463908E986}" = Winning Eleven 9

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000

"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6

"Mozilla Firefox 10.0 (x86 pt-BR)" = Mozilla Firefox 10.0 (x86 pt-BR)

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Suite" = Nokia PC Suite

"PartyPoker" = PartyPoker

"Pdf995" = Pdf995

"PokerStars" = PokerStars

"RealAlt_is1" = Real Alternative 2.0.2

"Receitanet Java 2010.02d" = Receitanet Java 2010.02d

"Rox Poker" = Rox Poker

"SpywareBlaster_is1" = SpywareBlaster 4.4

"Winamp" = Winamp (remove only)

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"World Series of Poker TOC" = World Series of Poker: TOC

"XMedia Recode" = XMedia Recode 3.0.4.9

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{193DD0BA-C2CD-434F-AF61-5EEA675856A1}" = Ludopoli 1.00.0002 [Pierre Cardoso]

"{37E39E0F-E8BE-4F3D-BC74-16E3E9EE00CC}" = Ludopoli 1.01.0001 [Pierre Cardoso]

"{600C80FE-4ACA-45DD-BA89-643B005594BB}" = Ludopoli 1.00 [Pierre Cardoso]

"{8F2609FB-61E2-4782-9660-579BA311BFEA}" = Ludopoli 1.00.0001 [Pierre Cardoso]

"{A818BC47-FF31-4810-9456-01FD08E75F69}" = Ludopoli 1.01.0003 [Pierre Cardoso]

"{D841817F-71EE-43C3-8F20-A17177EE76AF}" = Ludopoli 0.12.0001 [Pierre Cardoso]

"{EF716E90-9132-4E65-9E2D-C216E70860FD}" = Ludopoli 1.01 [Pierre Cardoso]

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

[wings 22]

1.

*Baixe o SecurityCheck e salve-o no desktop

 

*Execute-o. *Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Tecle [Enter] e cole o relatório apresentado

 

2.

*Execute o Malwarebytes, clique na aba [Quarentena], selecione todos os resultados e clique [Apagar tudo]

*Clique na aba [Logs], selecione o relatório e clique [Apagar]

*Feche o Malwarebytes

 

3.

*Execute o OTL

*Cole as linhas em vermelho no espaço abaixo de Exames Personalizados/Correções:

:Commands

[PURITY]

[EMPTYJAVA]

[EMPTYTEMP]

 

 

*Clique [Consertar] e o PC será reiniciado

*Cole o relatório apresentado

[moicanofacul 0]

Security Check

 

Results of screen317's Security Check version 0.99.24

Windows 7 x64

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Avira Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

SpywareBlaster 4.4

Receitanet Java 2010.02d

Java 6 Update 26

Out of date Java installed!

Adobe Reader X (10.1.0) Adobe Reader Out of Date!

Mozilla Firefox (x86 pt-BR..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

 

 

 

OTL

 

All processes killed

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Pierre Cardoso

->Java cache emptied: 1320108 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

 

Total Java Files Cleaned = 1,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Pierre Cardoso

->Temp folder emptied: 83322819 bytes

->Temporary Internet Files folder emptied: 48729357 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 132590481 bytes

->Flash cache emptied: 768 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 8751 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85357 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 253,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 02072012_173527

 

Files\Folders moved on Reboot...

C:\Users\Pierre Cardoso\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

[wings 22]

1.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

2.

*Delete o Security Check e seu relatório

 

3.

*Atualize seu Java

 

 

No mais, o PC está limpo. :)

 

Um abraço.

[moicanofacul 0]

Muitíssimo obrigado!

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.