Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

maceno

[Resolvido] &nbspAnalisem meu pc

Recommended Posts

Comprei um servidor de um game, e falaram que o arquivo era limpo e etc, mas quando analisei ele no site virustotal.com olha o que apareceu https://www.virustotal.com/file/0c0ca93ff90e99e12ee761e73bd34d5b4cfaa136ffe7e55cfadf4de7bc196f31/analysis/1329891233/

 

a empresa que me vendeu este server disse que é porque é arquivo em lotes as DLL faz aparecer esses vírus será que é confiável?

 

analisem meu pc para que volte a ficar limpo como antes ok?

Compartilhar este post


Link para o post
Compartilhar em outros sites

agora vai o log Hijack

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:12:07, on 23/02/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\Asc.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,

O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Documentos\AppData\Roaming\Complitly\AutocompletePro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Community Toolbar - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Messenger Plus Community Toolbar - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

O4 - HKCU\..\Run: [DIMBaixando a sua atualização...1300677038363] "C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_410003\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\documentos\appdata\roaming\corel\messages\540215253_410003\br\messagecache2\workflow"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-1837178300-1776902075-3512206551-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1837178300-1776902075-3512206551-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 10268 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! maceno

 

|- O log não mostra entradas ruins.

 

///°°°///

 

|- Baixe: < marcinsig.gif >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Completo!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

|- Ao concluir,clique em "Remover itens".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa obrigado a atenção, abaixo o log do malwarebytes

 

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.02.23.02

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Documentos :: DOCUMENTOS-PC [administrador]

 

23/02/2012 17:53:10

mbam-log-2012-02-23 (17-53-10).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 458949

Tempo decorrido: 39 minuto(s), 40 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! maceno

 

##############

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

##############

 

|- Pelo visto,já utilizastes ferramenta(s) francesas!

|- Qual dela(s) foi executada em sua máquina?

|- Ps: Você,ainda,tem seu(s) relatórios?

 

///°°°///

 

|- Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

 

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

 

|- Salve-o no desktop! < 98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg >

 

|- Duplo clique em OTL.exe --> Executar: c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

 

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )

|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".

|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )

|- Poste,também,o relatório "Extras".

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sobre usar ferramentas francesas não sei te falar, pode ser porque quando comprei o pc a página inicial do internet explorer era o site msn la da frança.

 

LOGS

 

OTL:

 

OTL logfile created on: 24/02/2012 08:50:04 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Documentos\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,98 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,44% Memory free

7,96 Gb Paging File | 6,06 Gb Available in Paging File | 76,07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 92,67 Gb Total Space | 43,97 Gb Free Space | 47,45% Space Free | Partition Type: NTFS

Drive D: | 838,74 Gb Total Space | 579,41 Gb Free Space | 69,08% Space Free | Partition Type: NTFS

 

Computer Name: DOCUMENTOS-PC | User Name: Documentos | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/02/24 08:49:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe

PRC - [2012/01/23 12:33:56 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

PRC - [2012/01/11 20:13:26 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe

PRC - [2012/01/11 20:13:16 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

PRC - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

PRC - [2011/11/28 15:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 15:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/02/15 02:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll

MOD - [2012/02/15 02:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

MOD - [2012/02/15 02:02:21 | 000,527,344 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\libglesv2.dll

MOD - [2012/02/15 02:02:19 | 000,114,672 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\libegl.dll

MOD - [2012/02/15 02:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll

MOD - [2012/02/15 02:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll

MOD - [2012/02/15 02:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll

MOD - [2012/02/14 23:00:24 | 008,593,568 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/11/28 15:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/09/08 16:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2011/09/08 16:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2009/09/14 02:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2009/09/14 02:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/01/23 12:33:56 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)

SRV - [2012/01/11 20:13:26 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)

SRV - [2012/01/11 20:13:16 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)

SRV - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)

SRV - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/08/23 03:43:40 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Documentos\AppData\Local\Temp\7zS417D\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/11/28 14:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011/11/28 14:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011/11/28 14:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011/11/28 14:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011/11/28 14:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/11/28 14:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/11/02 12:57:07 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011/09/08 16:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2011/06/20 22:47:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2010/12/28 16:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/01/26 23:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009/09/21 20:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/02/16 16:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)

DRV - [2011/11/02 09:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)

DRV - [2011/11/02 09:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)

DRV - [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)

DRV - [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)

DRV - [2011/05/19 12:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)

DRV - [2010/05/05 07:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.br/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 AC C6 BC 45 2F CC 01 [binary data]

IE - HKCU\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Documentos\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Documentos\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

 

 

[2011/12/20 19:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Documentos\AppData\Roaming\Mozilla\Firefox\extensions

[2011/12/20 19:05:36 | 000,000,000 | ---D | M] (uTorrentBar_PT Community Toolbar) -- C:\Users\Documentos\AppData\Roaming\Mozilla\Firefox\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin6.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Documentos\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Complitly plugin for chrome = C:\Users\Documentos\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\

CHR - Extension: avast! WebRep = C:\Users\Documentos\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

 

O1 HOSTS File: ([2011/12/21 09:22:57 | 000,001,404 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Documentos\AppData\Roaming\Complitly\64\AutocompletePro64.dll (SimplyGen)

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Documentos\AppData\Roaming\Complitly\AutocompletePro.dll (SimplyGen)

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [DIMBaixando a sua atualização...1300677038363] C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe (Corel Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A6B231-3B37-482D-AAC8-9E5BB8EDD376}: DhcpNameServer = 200.204.0.10 200.204.0.138

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/24 08:49:26 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe

[2012/02/24 06:45:11 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E2AC6595-0AC1-421E-ACFF-6A28D170CBDE}

[2012/02/23 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8D71DE31-8499-45DA-9EAB-8D14334994EF}

[2012/02/23 18:44:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1CC92921-DE74-4169-A89B-23760D51666E}

[2012/02/23 18:44:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6658B969-EB26-4BE4-96AA-FCEBF6FA50CC}

[2012/02/23 18:43:49 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9F4E2738-3BA8-4E1B-8F37-FBF0883BBE13}

[2012/02/23 06:43:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9A8B3278-1B8A-4FBA-A1EA-36CE035B0030}

[2012/02/23 06:43:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5F80F67D-60F3-4A13-B207-073A96680CE2}

[2012/02/23 06:43:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{DDFDBDAA-FAD9-415F-8D94-07E1D3A5AB07}

[2012/02/22 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8AA87E56-FCFF-4936-8C49-D3773F088ADA}

[2012/02/22 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{010C6D19-29C0-4686-8069-3108B8CBCA5B}

[2012/02/22 05:47:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{63026656-54AB-496F-85C8-F108F0B3AC9E}

[2012/02/22 05:47:06 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{568FB800-1C20-4571-9639-34D09F4F99CC}

[2012/02/22 05:10:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Tibia

[2012/02/22 05:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia

[2012/02/22 04:46:29 | 000,023,896 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe

[2012/02/22 04:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

[2012/02/22 04:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5

[2012/02/22 04:35:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\IObit

[2012/02/22 04:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2012/02/22 04:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2012/02/22 04:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2012/02/22 04:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2012/02/22 04:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2012/02/22 04:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2012/02/22 04:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2012/02/21 17:46:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2AED12F3-BF85-4CB6-A687-965D418F21D2}

[2012/02/21 17:46:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E40F9F04-A7A0-42B4-A1A3-09D06EFAB988}

[2012/02/21 05:45:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FB6BE0E0-D941-4AD7-A84C-F74C67EC61A8}

[2012/02/21 05:45:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{038C04C9-C14B-433D-AF55-06791E22BDF3}

[2012/02/20 11:17:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9B6C3A57-869A-4F2D-B1F3-EB6E0EC0E1EC}

[2012/02/20 11:16:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AF2FC8A1-239B-4B71-BFFB-52A0FDD2AA75}

[2012/02/19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C623DD40-306E-482D-8231-4E0B9FC425B9}

[2012/02/19 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6C561698-DC5E-4951-90BA-E073B7BEB80D}

[2012/02/19 02:07:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{25E22023-64F6-4972-8F5F-5B753AC979A4}

[2012/02/19 02:07:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6E64D12E-C75B-4EAE-A9D5-B1D93C01DB44}

[2012/02/19 01:08:09 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1F3B9021-6EA3-45F8-BB5D-307F5FA3FE46}

[2012/02/19 01:07:56 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5AAD9014-968E-4ED4-8D8B-87C19E21D31D}

[2012/02/18 07:53:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B37B6604-9AA3-4822-90E2-23E4B0909148}

[2012/02/17 19:52:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BE898782-B041-436F-A761-12BE56BBA013}

[2012/02/17 19:51:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E7967E04-ACBA-4FB9-86BF-D9240C36D96B}

[2012/02/17 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\Documentos\Documents\backup

[2012/02/17 17:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asprate

[2012/02/17 07:51:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{99694844-14B8-4B15-BA83-A1CDFE80CB2F}

[2012/02/17 07:51:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{040924DB-1315-4E90-AF8D-93F9B5D4A7F6}

[2012/02/16 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{EBFB7B75-BB90-4F12-99B6-A5A8C471AEBD}

[2012/02/16 18:53:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{095B5A19-F506-4DA8-87A5-48FBEB04ABD4}

[2012/02/16 18:53:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{DB54AB08-C8A6-4E90-8CFD-C22D810F9D45}

[2012/02/16 18:52:42 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{3288B700-1F79-4F08-B8AC-B3DB637FF385}

[2012/02/16 06:52:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{34E88AD5-5E1D-40BC-9BAA-BF559B9DA08D}

[2012/02/16 06:52:06 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7DC59341-6D95-4CB0-9E81-F4236986DFFF}

[2012/02/16 06:51:54 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{98C3CE52-171F-42B3-B9B3-3E1B1DBAB7FC}

[2012/02/16 00:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games

[2012/02/15 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Dev-Cpp

[2012/02/15 18:51:18 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{083077C7-0C93-471E-A7CC-6F1EE1FC12CF}

[2012/02/15 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6312B347-8420-49EF-8D1F-82C7D7CB7B64}

[2012/02/15 06:27:43 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{3C038FD8-323B-4C00-A5E0-778E8FF3D192}

[2012/02/15 06:27:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{76C454DD-16FC-434B-9C24-423797F0B795}

[2012/02/15 06:27:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F45491CD-E637-402C-8DDA-C2071FC2EBDA}

[2012/02/14 18:26:44 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8AEF1A5D-553B-439F-B472-0B0E94C3BACB}

[2012/02/14 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{79194A9C-D391-4A96-9E06-54EE08A8402B}

[2012/02/14 04:42:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4BB11F8E-8358-4125-BFBD-939F755D18E7}

[2012/02/14 04:42:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FEF49979-4159-479A-AE24-2315D440B563}

[2012/02/14 04:41:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{088CDAAB-C48B-4645-8D54-88A789BA166A}

[2012/02/14 04:41:29 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{72DFFCAF-AA00-44F9-BF49-D30F6866EC93}

[2012/02/13 16:40:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1EE9F5D8-825C-4749-AB7D-10287CC8E953}

[2012/02/13 16:40:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F76101B4-4F54-4DE3-84C9-A3201E262C7F}

[2012/02/12 22:13:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AC6BA421-291E-4A3A-954B-2B5BDDE3E602}

[2012/02/12 22:13:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{05A154E5-6683-459A-A244-BC4FA935BDF4}

[2012/02/12 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1DE68C5F-3038-4DD4-A9D1-436286038B1E}

[2012/02/12 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1B9BE88B-2836-4534-873E-352EC5981E03}

[2012/02/12 10:12:00 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B9897534-C0D7-433F-94CA-B03362F537A7}

[2012/02/11 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A09B4E4B-24AF-4843-8921-1A592EF18054}

[2012/02/11 22:11:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4E1C7FE7-580B-40C1-B3FD-CC67B569ED7F}

[2012/02/11 22:11:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{74152C18-2393-4A8C-9355-A74FE67BB02C}

[2012/02/11 22:10:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2AFFC316-0FD6-46CF-A916-8CF4FF092F2A}

[2012/02/11 05:52:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0BDDF31A-51DF-4C86-A826-C0CA4AE11ADF}

[2012/02/11 05:52:08 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7DD1F28E-D64B-4B16-9D93-93EEE7F3A47D}

[2012/02/11 05:51:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CE818185-93FF-4818-80EE-D1C8CDA19A53}

[2012/02/10 17:51:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9D7590D5-B02D-4498-A366-E811BB31DBBE}

[2012/02/10 17:50:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{31BF3562-1CC6-412A-A6C5-51532612A67C}

[2012/02/10 05:50:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A3DBBE34-3860-47A4-B15B-29532C237588}

[2012/02/10 05:50:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BA1C268B-DFD3-426F-8AE7-F3CA6547F563}

[2012/02/09 22:07:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\Desktop\Desenhar Terra

[2012/02/09 21:19:59 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Complitly

[2012/02/09 21:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Complitly

[2012/02/09 19:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security

[2012/02/09 19:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marcos Velasco Security

[2012/02/09 17:49:36 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9BF05EB8-5232-46F5-9D94-ABA8C7B25467}

[2012/02/09 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{384472C0-73F3-4344-BD2D-FE5DB5E550E8}

[2012/02/09 17:49:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{05A161F2-489D-44A6-9299-58E6C7847E83}

[2012/02/09 17:48:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BC55B888-81D8-4AAA-A332-CB76352B175F}

[2012/02/09 05:48:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{67359652-22B2-48D9-9A74-9F3C581479CA}

[2012/02/09 05:48:00 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{049471D2-C9AD-4C7E-927A-473D7990A3AB}

[2012/02/08 17:47:31 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E451EE61-41BD-49FD-9A57-9ACC6491E010}

[2012/02/08 17:47:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{235C5E39-5B51-40AD-89FA-8F8341368283}

[2012/02/07 17:20:38 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{53476C83-7402-4541-93ED-204C12B004BC}

[2012/02/07 17:20:11 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{75A97807-5D82-4452-9C15-1A2EEC07CA81}

[2012/02/07 05:19:45 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{064B55FB-2D21-46FE-A150-8C57A23B4D1B}

[2012/02/06 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C6F2FB5B-F731-40CF-9C05-3ECA4A8F71D0}

[2012/02/06 17:18:36 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F5D5F073-05B8-42C1-B996-2F99E95238D0}

[2012/02/05 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D0BE57A0-460F-4848-978D-AB779939B012}

[2012/02/05 20:49:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C7B430BB-30DE-4EE0-94E2-8B89B9576AEB}

[2012/02/05 20:48:51 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{290C0C49-DFBE-4E1A-8A9C-EF24908085B1}

[2012/02/05 05:58:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{97BDE42C-700D-42B9-8911-A301297E0C94}

[2012/02/05 05:57:54 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{53D923DD-69CD-45BB-BFD6-1E208AAA38E0}

[2012/02/04 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{31969706-677D-44A7-A228-DD84020D1F04}

[2012/02/04 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{382583B7-CAC7-462E-A0F1-42B499754A93}

[2012/02/04 05:56:36 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{87B1B7D8-D165-4944-B471-07E35ADE7ABF}

[2012/02/03 17:55:56 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D7F3BBE2-B9CA-4D9C-9DC9-8EA2FBAF7373}

[2012/02/03 17:55:33 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{30D0C55A-3B6C-4DC6-BADD-9AA3EADE820A}

[2012/02/03 05:55:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F1579436-20CA-4184-ACBC-5093BB461360}

[2012/02/02 17:54:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5ED87632-8E71-470B-83BD-26B11C80783E}

[2012/02/02 17:54:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C5270AFB-EA2D-4CDB-BB1B-8BA303A5A3AD}

[2012/02/02 17:54:08 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{21CD337A-8F30-4D1C-B46B-CD865704F31A}

[2012/02/02 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7CF9959D-729A-4533-B482-B43B02844610}

[2012/02/02 05:53:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{70C34A24-38E3-491D-8F03-5FB2433DA471}

[2012/02/02 05:52:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AC7C7F97-3679-4A89-B4F1-4CF38C01BC84}

[2012/02/01 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6CF65A01-3588-47AA-B154-A6C2557A0E14}

[2012/02/01 17:52:31 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0874F612-F7D8-436D-B070-C17F2F138928}

[2012/02/01 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BFE321D9-92E2-4C99-955E-C88D9DD7466E}

[2012/02/01 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5BFB4141-3F68-4C26-A7DB-1A24AFD76093}

[2012/02/01 05:51:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B29363DB-CED4-4D10-8D78-8378EED06414}

[2012/02/01 05:51:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D7464AEF-3ED2-4BCA-BC5F-105902E24CC2}

[2012/02/01 05:51:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C260C4CA-15CF-4D41-9C1A-7725F30EC6B2}

[2012/01/31 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FA070E77-FDDF-402A-A08C-B2031D043E8A}

[2012/01/31 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9FCBE60E-DE0E-465A-93E3-38B0F58DACF9}

[2012/01/31 17:50:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{08DE50E2-7CB1-4CCD-A2AB-7B7295FCD0B8}

[2012/01/31 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2A1B7F1D-BBBF-41B2-BE36-EF7E7E63BDA2}

[2012/01/31 05:49:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B53D13F8-05C3-4CEF-870D-7115F5CDF750}

[2012/01/31 05:49:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{20259D15-F5D1-44A9-B422-44CB85AAB422}

[2012/01/31 05:48:51 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{75CD9410-9C1F-4D85-8F32-026B59EE5156}

[2012/01/30 17:48:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{01B2D080-F8B8-4BF2-AD9E-25D696E8CCC8}

[2012/01/30 17:47:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{15E6108C-74E3-4DC0-BDD4-49CE63A47780}

[2012/01/30 17:47:41 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FF8B9E12-C20C-4054-A2AD-4680F403740E}

[2012/01/30 17:46:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{92BCDF4D-EDE3-495C-B833-1456685F421C}

[2012/01/30 05:46:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{54179CC4-E956-4D49-98A9-EC2744AA1B53}

[2012/01/30 05:46:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FD4F4155-31B6-4B3E-AA31-1BA0E46F69AA}

[2012/01/30 05:46:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{49CDAEF3-FCF7-431D-BE5D-476F64CA790B}

[2012/01/29 17:45:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8481F578-39E1-49AD-B8C2-9805A82BCFED}

[2012/01/29 17:41:59 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{45CA642B-AE4B-4B9D-B0E7-4D42E3560D77}

[2012/01/29 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{73983511-01BC-437E-8A06-504502ACF950}

[2012/01/29 00:12:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7F1FEF9F-3FC6-4FE8-BF2F-24679B359EA8}

[2012/01/28 10:17:00 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B7D5AE63-4AC0-4A4B-8AF0-72CB2796F525}

[2012/01/28 10:16:37 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A40BF91B-8859-4547-9414-A9186BD1D391}

[2012/01/27 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8FC1F6C8-B872-4AED-8C04-B35D8283151C}

[2012/01/27 22:15:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0A188A60-4F4E-45ED-A7F3-684A08165C23}

[2012/01/27 08:42:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CA034FE4-79F6-422F-B2E3-7EA70950D1BA}

[2012/01/27 08:42:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{70C59FE1-4533-494C-9F9C-3BCCD2EBFB07}

[2012/01/27 08:42:04 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E31CAB56-3861-4C5F-ADE8-2AC2B7548249}

[2012/01/26 20:41:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AE5ACAB0-38C4-4248-80AE-FB6B9B9BDE97}

[2012/01/26 20:40:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A8648392-6C7A-40B7-8C72-10530F3928AE}

[2012/01/26 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D122D185-1893-45D5-82AC-0052EF1BF395}

[2012/01/26 07:58:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{299E4E69-7F5F-4C09-B54F-90264876316C}

[2012/01/26 07:58:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BF188223-1FF7-43D5-BCFC-028A7FF0DCDD}

[2012/01/25 19:57:37 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{26877595-D181-47A6-9E70-E598B2366207}

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/02/24 08:49:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe

[2012/02/24 08:18:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1837178300-1776902075-3512206551-1000UA.job

[2012/02/24 05:18:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1837178300-1776902075-3512206551-1000Core.job

[2012/02/23 13:18:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/23 13:18:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/23 13:10:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/23 13:10:20 | 3207,323,648 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/22 19:01:46 | 000,043,472 | ---- | M] () -- C:\Users\Documentos\Desktop\whimsical-charm_en.jpg

[2012/02/22 05:08:44 | 000,000,633 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk

[2012/02/22 04:40:16 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk

[2012/02/22 04:38:43 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

[2012/02/20 09:56:27 | 000,005,291 | ---- | M] () -- C:\Windows\my.ini.old

[2012/02/20 09:56:27 | 000,005,291 | ---- | M] () -- C:\Windows\my.ini

[2012/02/20 01:27:45 | 000,070,269 | ---- | M] () -- C:\Users\Documentos\Desktop\10819.jpg

[2012/02/17 19:42:53 | 000,001,387 | ---- | M] () -- C:\Users\Documentos\Desktop\energyhv32k - Atalho.lnk

[2012/02/16 00:26:09 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Shank.lnk

[2012/02/14 21:02:58 | 000,156,364 | ---- | M] () -- C:\Users\Documentos\Desktop\topo-novo2.jpg

[2012/02/12 21:22:23 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/12 21:22:23 | 000,657,176 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/02/12 21:22:23 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/12 21:22:23 | 000,125,568 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/02/12 21:22:23 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/11 22:07:00 | 005,137,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/02/10 17:15:57 | 000,083,039 | ---- | M] () -- C:\Windows\FontData.fdb

[2012/02/09 21:19:54 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk

[2012/02/09 19:19:44 | 000,071,524 | ---- | M] () -- C:\Users\Documentos\Documents\cc_20120209_201934.reg

[2012/02/09 19:11:55 | 000,001,309 | ---- | M] () -- C:\Users\Public\Desktop\MV RegClean 6.0.lnk

[2012/02/08 18:23:13 | 000,162,377 | ---- | M] () -- C:\Users\Documentos\Desktop\fazer para mr. duff.jpg

[2012/02/04 18:22:43 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/31 18:32:37 | 000,071,931 | ---- | M] () -- C:\Users\Documentos\Desktop\simples e bacana ID.jpg

[2012/01/30 18:15:49 | 000,764,725 | ---- | M] () -- C:\Users\Documentos\Desktop\polaroid template.cdr

[2012/01/29 23:58:31 | 000,000,192 | ---- | M] () -- C:\Users\Documentos\Desktop\alimentar bem.url

[2012/01/28 08:48:39 | 000,000,759 | ---- | M] () -- C:\Users\Documentos\Desktop\Play Torchlight.lnk

[2012/01/26 14:53:35 | 000,000,132 | ---- | M] () -- C:\Users\Documentos\AppData\Roaming\Adobe PNG Format CS5 Prefs

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/02/22 19:01:49 | 000,043,472 | ---- | C] () -- C:\Users\Documentos\Desktop\whimsical-charm_en.jpg

[2012/02/22 05:08:44 | 000,000,633 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk

[2012/02/22 04:40:16 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk

[2012/02/22 04:38:43 | 000,001,226 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

[2012/02/20 09:52:28 | 000,005,291 | ---- | C] () -- C:\Windows\my.ini.old

[2012/02/20 09:52:21 | 000,005,291 | ---- | C] () -- C:\Windows\my.ini

[2012/02/20 01:27:49 | 000,070,269 | ---- | C] () -- C:\Users\Documentos\Desktop\10819.jpg

[2012/02/17 19:42:53 | 000,001,387 | ---- | C] () -- C:\Users\Documentos\Desktop\energyhv32k - Atalho.lnk

[2012/02/16 00:26:09 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Shank.lnk

[2012/02/14 19:21:54 | 000,156,364 | ---- | C] () -- C:\Users\Documentos\Desktop\topo-novo2.jpg

[2012/02/09 19:19:37 | 000,071,524 | ---- | C] () -- C:\Users\Documentos\Documents\cc_20120209_201934.reg

[2012/02/09 19:11:55 | 000,001,309 | ---- | C] () -- C:\Users\Public\Desktop\MV RegClean 6.0.lnk

[2012/02/08 18:23:17 | 000,162,377 | ---- | C] () -- C:\Users\Documentos\Desktop\fazer para mr. duff.jpg

[2012/02/04 18:22:43 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/31 18:32:37 | 000,071,931 | ---- | C] () -- C:\Users\Documentos\Desktop\simples e bacana ID.jpg

[2012/01/30 18:15:46 | 000,764,725 | ---- | C] () -- C:\Users\Documentos\Desktop\polaroid template.cdr

[2012/01/29 23:58:22 | 000,000,192 | ---- | C] () -- C:\Users\Documentos\Desktop\alimentar bem.url

[2012/01/11 20:13:18 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/01/11 20:13:16 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/01/11 20:13:16 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/12/21 10:27:56 | 000,219,864 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/11/07 23:35:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2011/11/07 23:33:46 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2011/11/06 19:59:48 | 000,001,456 | ---- | C] () -- C:\Users\Documentos\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/10/29 10:34:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/09/12 09:13:41 | 000,000,132 | ---- | C] () -- C:\Users\Documentos\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/09/10 10:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2011/09/10 09:41:49 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2011/09/08 08:40:45 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/09/08 08:40:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/09/08 08:40:45 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/09/08 08:40:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/09/08 08:40:45 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/09/08 08:40:45 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/09/08 08:40:45 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/09/08 08:40:45 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/09/08 08:40:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/09/08 08:40:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/09/08 08:40:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/09/08 08:40:45 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/09/08 08:40:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/09/08 08:40:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/09/08 08:40:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/09/08 08:40:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/09/08 08:39:35 | 000,000,088 | ---- | C] () -- C:\Windows\ETX123_125.ini

[2011/06/29 07:20:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011/06/20 09:40:05 | 001,508,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/20 09:15:51 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/06/20 09:15:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/06/20 09:15:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/06/20 09:15:51 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/06/20 09:15:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/06/17 23:40:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/06/17 23:40:47 | 000,019,444 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

 

========== LOP Check ==========

 

[2012/02/22 04:46:36 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\BitTorrent

[2012/02/09 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Complitly

[2012/02/22 04:46:36 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\DAEMON Tools Lite

[2012/02/15 22:14:41 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Dev-Cpp

[2012/02/09 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Dropbox

[2011/11/28 19:07:23 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Epson

[2011/12/17 22:40:59 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\GetRightToGo

[2011/11/03 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\ImgBurn

[2012/02/22 04:40:12 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\IObit

[2011/09/10 12:06:55 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\KastorFreeVimeoDownloader

[2011/07/22 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Power Burning Wizard

[2012/01/16 04:02:20 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\runic games

[2011/11/08 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Samsung

[2011/11/12 11:04:57 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\sqlitestudio

[2012/01/18 20:12:02 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\TeamViewer

[2012/02/22 05:12:45 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Tibia

[2011/06/26 14:05:14 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Tibiacast

[2012/02/22 05:30:36 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\uTorrent

[2011/09/10 09:42:14 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\VDownloader

[2011/06/23 09:51:54 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Wacom

[2011/06/23 09:51:55 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2011/12/17 22:41:00 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\WinAVI

[2011/07/19 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Windows Live Writer

[2012/02/17 16:28:56 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

 

EXTRAS:

 

OTL Extras logfile created on: 24/02/2012 08:50:04 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Documentos\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,98 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,44% Memory free

7,96 Gb Paging File | 6,06 Gb Available in Paging File | 76,07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 92,67 Gb Total Space | 43,97 Gb Free Space | 47,45% Space Free | Partition Type: NTFS

Drive D: | 838,74 Gb Total Space | 579,41 Gb Free Space | 69,08% Space Free | Partition Type: NTFS

 

Computer Name: DOCUMENTOS-PC | User Name: Documentos | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- D:\Programas\flashcs5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- D:\Programas\flashcs5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"EPSON TX125 Series" = Desinstalar impressora EPSON TX125 Series

"Pen Tablet Driver" = Bamboo

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"WinRAR archiver" = WinRAR 4.01 (64-bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5

"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA

"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock

"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5

"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.8.985

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6

"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common

"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English

"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin

"{D7A4A1E2-1F01-4325-BEC9-9F2A9EFF9B2B}" = Tibiacast

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E29D8938-2E48-498C-832D-9663DCABD55F}" = Visual Basic for Applications ® Core - Portuguese (Brazil)

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.3.1

"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced SystemCare 5_is1" = Advanced SystemCare 5

"avast" = avast! Free Antivirus

"Bamboo Dock" = Bamboo Dock 3.3

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"Complitly_is1" = Complitly

"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects

"DAEMON Tools Lite" = DAEMON Tools Lite

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"DVD Shrink_is1" = DVD Shrink 3.2

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Scanner" = EPSON Scan

"ImgBurn" = ImgBurn

"IObit Malware Fighter_is1" = IObit Malware Fighter

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000

"Messenger Plus!" = Messenger Plus! 5

"msgplscomtb" = Messenger Plus Community Toolbar

"MV RegClean 6.0_is1" = MV RegClean 6.0

"Nero8Lite_is1" = Nero 8 Micro 8.3.2.1

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PunkBusterSvc" = PunkBuster Services

"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2

"Runic Games Torchlight" = Torchlight

"Shank_is1" = Shank Full Pc version

"Tibia_is1" = Tibia

"uTorrent" = µTorrent

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock

"WinAVI Video Converter" = WinAVI Video Converter

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.1

"WinRAR archiver" = Arquivo do WinRAR

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! maceno

 

|- Baixe: < MyHosts > ( ... par Jeanmimigab )

|- Salve-o no desktop!

 

MyHosts.jpg

 

|- Execute o arquivo MyHosts.exe,que está na área de trabalho.

|- Para Windows Vista ou 7,execute-o como administrador.

-----------

-----------

** Rapport MyHosts.txt **

 

MyHosts V.1.0.0.2 de jeanmimigab

 

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

 

Résultat de l'opération:restauration du fichier hosts réussi...

 

** Fin du rapport **

-----------

-----------

 

|- Poste o relatório: C:\MyHosts.txt

 

///°°°///

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O4 - HKCU..\Run: [AdobeBridge] File not found

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

 

:Commands

[emptyflash]

[emptytemp]

[reboot]

|- Clique no botão Consertar.

|- Ps: A ferramenta irá reiniciar o computador.

|- Ao surgir,clique em executar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam,

 

 

** Rapport MyHosts.txt **

 

MyHosts V.1.0.0.2 de jeanmimigab

 

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

 

Résultat de l'opération:restauration du fichier hosts réussi...

 

** Fin du rapport **

 

 

OTL LOG

 

 

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.

File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\Windows\SysNative\drivers\SETFFA8.tmp deleted successfully.

C:\Users\Documentos\Desktop\~WRL0001.tmp deleted successfully.

C:\timestmp.tmp deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 56475 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Documentos

->Flash cache emptied: 60888 bytes

 

User: Public

 

User: Todos os Usuários

 

User: UpdatusUser

 

User: Usuário Padrão

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Documentos

->Temp folder emptied: 33460412 bytes

->Temporary Internet Files folder emptied: 1086409 bytes

->Java cache emptied: 103571 bytes

->Google Chrome cache emptied: 379233310 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Todos os Usuários

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 91424 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes

RecycleBin emptied: 1167360 bytes

 

Total Files Cleaned = 396,00 mb

 

 

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_102008

 

Files\Folders moved on Reboot...

C:\Users\Documentos\AppData\Local\Temp\7zS417D\HPSLPSVC64.DLL moved successfully.

C:\Users\Documentos\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9GEEK9\api[1].htm moved successfully.

C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9GEEK9\background-banner-right-v3[1].jpg moved successfully.

C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWMOP0YN\background-banner-middle-v3[1].jpg moved successfully.

C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWMOP0YN\background_button_green_full[1].png moved successfully.

C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U0JJC6V\api[1].htm moved successfully.

C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U0JJC6V\list-item-plus[1].png moved successfully.

C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VF6TUQ5\background_banner_green_50_v3[1].jpg moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! maceno

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

///°°°///

 

|- Baixe: < exeHelper > ( ... by Raktor )

|- Salve-o no desktop!

|- Inicie a ferramenta,com duplo clique em exeHelper.com.

|- Surgirá uma tela preta e,à seguir,o relatório. ( exehelperlog.txt )

|- Ps: Caso ocorra alguma mensagem de erro: "Error deleting file"

|- Execute,novamente,o scan e poste,também,o novo relatório que será gerado.

 

///°°°///

 

|- Baixe: < AVPTool >

 

|- < Link-2 >

 

<!> Você será conduzido a uma página da Kaspersky,solicitando um email para cadastro.

|- Ps: Será pedido seu nome e sobrenome.

|- Ps: Somente o campo "email" é obrigatório.

 

452fe62dcc1e70a4612473394b450d3f6b2ac7718d67d0f3b91993f3bd1c411d6g.jpg

|- Informe seu email e depois,clique no botão "Submit Form".

|- Ps: A página será recarregada!

|- Clique no botão "Download".

|- Salve-o em seu desktop!

|- Duplo clique no arquivo "setup".

|- Ps: Aguarde a instalação!

|- Ps: Na próxima tela,marque: "I accept the licence agreement"

|- À seguir,clique em "Start".

 

|- Clique no botão: < 76f0fc3841655bbb20073c5eafb99183ff229129be65005edaffab3e7d5270d76g.jpg >

|- Marque:

 

|- <1> Meu Computador;

|- <2> Disco local ( C: ) ou ( D: );

 

|- Ps: Normalmente,a unidade em que esteja instalado o SO!

 

88fecb3b2eff98883b66e8cdb9d80724cd68fc43575f9b35e4a44c1ee6132b786g.jpg

 

|- Clique em "Actions".

|- Ps: Deixe os dois quadrinhos desmarcados! <-- Importante!

|- Ps: Imprima estas orientações,para posterior consulta!

|- Clique na aba "Automatic Scan" e aguarde o término da verificação.

 

|- Clique no botão < b32fe2186e639ada1d2d057fd914121da5aca6d7cf049a1359c50213fa487d7b6g.jpg >

|- Clique em"Detected threats".

|- Clique no botão "Save".

|- Ps: Copie o conteúdo do arquivo salvo. <-- Se houver algo detectado!

|- Poste-o em sua resposta!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde DigRam

 

o kaspersky não encontrou nada então abaixo o log EXEHELPER

 

 

 

 

exeHelper by Raktor

Build 20100414

Run at 12:22:25 on 02/24/12

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! maceno

 

|- Atualize o Java!

|- Seus logs estão limpos!

|- Tudo Ok?

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! maceno

 

|- Atualize o Java!

|- Seus logs estão limpos!

|- Tudo Ok?

 

Abraços!

 

 

Opa DigRam, muito obrigado já irei atualizar meu java.

 

Parabéns pela competência.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.