maceno 0 Denunciar post Postado Fevereiro 22, 2012 Comprei um servidor de um game, e falaram que o arquivo era limpo e etc, mas quando analisei ele no site virustotal.com olha o que apareceu https://www.virustotal.com/file/0c0ca93ff90e99e12ee761e73bd34d5b4cfaa136ffe7e55cfadf4de7bc196f31/analysis/1329891233/ a empresa que me vendeu este server disse que é porque é arquivo em lotes as DLL faz aparecer esses vírus será que é confiável? analisem meu pc para que volte a ficar limpo como antes ok? Compartilhar este post Link para o post Compartilhar em outros sites
maceno 0 Denunciar post Postado Fevereiro 23, 2012 agora vai o log Hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:12:07, on 23/02/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\Asc.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file) F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe, O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Documentos\AppData\Roaming\Complitly\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Messenger Plus Community Toolbar - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Messenger Plus Community Toolbar - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart O4 - HKCU\..\Run: [DIMBaixando a sua atualização...1300677038363] "C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_410003\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\documentos\appdata\roaming\corel\messages\540215253_410003\br\messagecache2\workflow" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-1837178300-1776902075-3512206551-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1837178300-1776902075-3512206551-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10268 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 23, 2012 Bom Dia! maceno |- O log não mostra entradas ruins. ///°°°/// |- Baixe: < > |- < Link - 2 > |- < Link - 3 > |- Atualize o programa! |- Escolha o escaneamento Completo! |- Desabilite programas de proteção,ao executar o malwarebytes. |- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme! |- Ao concluir,clique em "Remover itens". |- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
maceno 0 Denunciar post Postado Fevereiro 23, 2012 Opa obrigado a atenção, abaixo o log do malwarebytes Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Versão da Base de Dados: v2012.02.23.02 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Documentos :: DOCUMENTOS-PC [administrador] 23/02/2012 17:53:10 mbam-log-2012-02-23 (17-53-10).txt Tipo de Verificação: Verificação Completa Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 458949 Tempo decorrido: 39 minuto(s), 40 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 24, 2012 Bom Dia! maceno ############## R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ ############## |- Pelo visto,já utilizastes ferramenta(s) francesas! |- Qual dela(s) foi executada em sua máquina? |- Ps: Você,ainda,tem seu(s) relatórios? ///°°°/// |- Baixe: < > ( ...by OldTimer Tools ) |- Clique em Salvar! < > |- Salve-o no desktop! < > |- Duplo clique em OTL.exe --> Executar: |- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida ) |- Ps: Para Windows 7,clique direito e execute-o como "Administrador". |- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log ) |- Poste,também,o relatório "Extras". Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
maceno 0 Denunciar post Postado Fevereiro 24, 2012 Sobre usar ferramentas francesas não sei te falar, pode ser porque quando comprei o pc a página inicial do internet explorer era o site msn la da frança. LOGS OTL: OTL logfile created on: 24/02/2012 08:50:04 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Documentos\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,98 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,44% Memory free 7,96 Gb Paging File | 6,06 Gb Available in Paging File | 76,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 92,67 Gb Total Space | 43,97 Gb Free Space | 47,45% Space Free | Partition Type: NTFS Drive D: | 838,74 Gb Total Space | 579,41 Gb Free Space | 69,08% Space Free | Partition Type: NTFS Computer Name: DOCUMENTOS-PC | User Name: Documentos | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/24 08:49:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe PRC - [2012/01/23 12:33:56 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012/01/11 20:13:26 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012/01/11 20:13:16 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2011/11/28 15:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/11/28 15:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe ========== Modules (No Company Name) ========== MOD - [2012/02/15 02:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll MOD - [2012/02/15 02:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll MOD - [2012/02/15 02:02:21 | 000,527,344 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\libglesv2.dll MOD - [2012/02/15 02:02:19 | 000,114,672 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\libegl.dll MOD - [2012/02/15 02:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll MOD - [2012/02/15 02:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll MOD - [2012/02/15 02:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll MOD - [2012/02/14 23:00:24 | 008,593,568 | ---- | M] () -- C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/11/28 15:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011/09/08 16:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2011/09/08 16:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV:64bit: - [2009/09/14 02:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV:64bit: - [2009/09/14 02:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/01/23 12:33:56 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012/01/11 20:13:26 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012/01/11 20:13:16 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2011/10/15 05:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/08/23 03:43:40 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Documentos\AppData\Local\Temp\7zS417D\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/28 14:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/11/28 14:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/11/28 14:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/11/28 14:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/11/28 14:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/11/28 14:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/11/02 12:57:07 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/09/08 16:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011/06/20 22:47:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2010/12/28 16:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/01/26 23:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009/09/21 20:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/02/16 16:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2011/11/02 09:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver) DRV - [2011/11/02 09:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc) DRV - [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2011/05/19 12:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2010/05/05 07:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util) DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.br/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 AC C6 BC 45 2F CC 01 [binary data] IE - HKCU\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Documentos\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Documentos\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) [2011/12/20 19:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Documentos\AppData\Roaming\Mozilla\Firefox\extensions [2011/12/20 19:05:36 | 000,000,000 | ---D | M] (uTorrentBar_PT Community Toolbar) -- C:\Users\Documentos\AppData\Roaming\Mozilla\Firefox\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Users\Documentos\AppData\Local\Google\Chrome\Application\plugins\npqtplugin6.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: Google Update (Enabled) = C:\Users\Documentos\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Complitly plugin for chrome = C:\Users\Documentos\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\ CHR - Extension: avast! WebRep = C:\Users\Documentos\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ O1 HOSTS File: ([2011/12/21 09:22:57 | 000,001,404 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Documentos\AppData\Roaming\Complitly\64\AutocompletePro64.dll (SimplyGen) O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Documentos\AppData\Roaming\Complitly\AutocompletePro.dll (SimplyGen) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll () O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DIMBaixando a sua atualização...1300677038363] C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe (Corel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A6B231-3B37-482D-AAC8-9E5BB8EDD376}: DhcpNameServer = 200.204.0.10 200.204.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/24 08:49:26 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe [2012/02/24 06:45:11 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E2AC6595-0AC1-421E-ACFF-6A28D170CBDE} [2012/02/23 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8D71DE31-8499-45DA-9EAB-8D14334994EF} [2012/02/23 18:44:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1CC92921-DE74-4169-A89B-23760D51666E} [2012/02/23 18:44:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6658B969-EB26-4BE4-96AA-FCEBF6FA50CC} [2012/02/23 18:43:49 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9F4E2738-3BA8-4E1B-8F37-FBF0883BBE13} [2012/02/23 06:43:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9A8B3278-1B8A-4FBA-A1EA-36CE035B0030} [2012/02/23 06:43:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5F80F67D-60F3-4A13-B207-073A96680CE2} [2012/02/23 06:43:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{DDFDBDAA-FAD9-415F-8D94-07E1D3A5AB07} [2012/02/22 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8AA87E56-FCFF-4936-8C49-D3773F088ADA} [2012/02/22 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{010C6D19-29C0-4686-8069-3108B8CBCA5B} [2012/02/22 05:47:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{63026656-54AB-496F-85C8-F108F0B3AC9E} [2012/02/22 05:47:06 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{568FB800-1C20-4571-9639-34D09F4F99CC} [2012/02/22 05:10:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Tibia [2012/02/22 05:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia [2012/02/22 04:46:29 | 000,023,896 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2012/02/22 04:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter [2012/02/22 04:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5 [2012/02/22 04:35:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\IObit [2012/02/22 04:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2012/02/22 04:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2012/02/22 04:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012/02/22 04:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012/02/22 04:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012/02/22 04:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/02/22 04:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012/02/21 17:46:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2AED12F3-BF85-4CB6-A687-965D418F21D2} [2012/02/21 17:46:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E40F9F04-A7A0-42B4-A1A3-09D06EFAB988} [2012/02/21 05:45:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FB6BE0E0-D941-4AD7-A84C-F74C67EC61A8} [2012/02/21 05:45:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{038C04C9-C14B-433D-AF55-06791E22BDF3} [2012/02/20 11:17:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9B6C3A57-869A-4F2D-B1F3-EB6E0EC0E1EC} [2012/02/20 11:16:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AF2FC8A1-239B-4B71-BFFB-52A0FDD2AA75} [2012/02/19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C623DD40-306E-482D-8231-4E0B9FC425B9} [2012/02/19 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6C561698-DC5E-4951-90BA-E073B7BEB80D} [2012/02/19 02:07:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{25E22023-64F6-4972-8F5F-5B753AC979A4} [2012/02/19 02:07:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6E64D12E-C75B-4EAE-A9D5-B1D93C01DB44} [2012/02/19 01:08:09 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1F3B9021-6EA3-45F8-BB5D-307F5FA3FE46} [2012/02/19 01:07:56 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5AAD9014-968E-4ED4-8D8B-87C19E21D31D} [2012/02/18 07:53:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B37B6604-9AA3-4822-90E2-23E4B0909148} [2012/02/17 19:52:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BE898782-B041-436F-A761-12BE56BBA013} [2012/02/17 19:51:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E7967E04-ACBA-4FB9-86BF-D9240C36D96B} [2012/02/17 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\Documentos\Documents\backup [2012/02/17 17:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asprate [2012/02/17 07:51:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{99694844-14B8-4B15-BA83-A1CDFE80CB2F} [2012/02/17 07:51:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{040924DB-1315-4E90-AF8D-93F9B5D4A7F6} [2012/02/16 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{EBFB7B75-BB90-4F12-99B6-A5A8C471AEBD} [2012/02/16 18:53:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{095B5A19-F506-4DA8-87A5-48FBEB04ABD4} [2012/02/16 18:53:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{DB54AB08-C8A6-4E90-8CFD-C22D810F9D45} [2012/02/16 18:52:42 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{3288B700-1F79-4F08-B8AC-B3DB637FF385} [2012/02/16 06:52:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{34E88AD5-5E1D-40BC-9BAA-BF559B9DA08D} [2012/02/16 06:52:06 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7DC59341-6D95-4CB0-9E81-F4236986DFFF} [2012/02/16 06:51:54 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{98C3CE52-171F-42B3-B9B3-3E1B1DBAB7FC} [2012/02/16 00:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2012/02/15 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Dev-Cpp [2012/02/15 18:51:18 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{083077C7-0C93-471E-A7CC-6F1EE1FC12CF} [2012/02/15 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6312B347-8420-49EF-8D1F-82C7D7CB7B64} [2012/02/15 06:27:43 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{3C038FD8-323B-4C00-A5E0-778E8FF3D192} [2012/02/15 06:27:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{76C454DD-16FC-434B-9C24-423797F0B795} [2012/02/15 06:27:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F45491CD-E637-402C-8DDA-C2071FC2EBDA} [2012/02/14 18:26:44 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8AEF1A5D-553B-439F-B472-0B0E94C3BACB} [2012/02/14 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{79194A9C-D391-4A96-9E06-54EE08A8402B} [2012/02/14 04:42:17 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4BB11F8E-8358-4125-BFBD-939F755D18E7} [2012/02/14 04:42:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FEF49979-4159-479A-AE24-2315D440B563} [2012/02/14 04:41:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{088CDAAB-C48B-4645-8D54-88A789BA166A} [2012/02/14 04:41:29 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{72DFFCAF-AA00-44F9-BF49-D30F6866EC93} [2012/02/13 16:40:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1EE9F5D8-825C-4749-AB7D-10287CC8E953} [2012/02/13 16:40:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F76101B4-4F54-4DE3-84C9-A3201E262C7F} [2012/02/12 22:13:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AC6BA421-291E-4A3A-954B-2B5BDDE3E602} [2012/02/12 22:13:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{05A154E5-6683-459A-A244-BC4FA935BDF4} [2012/02/12 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1DE68C5F-3038-4DD4-A9D1-436286038B1E} [2012/02/12 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{1B9BE88B-2836-4534-873E-352EC5981E03} [2012/02/12 10:12:00 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B9897534-C0D7-433F-94CA-B03362F537A7} [2012/02/11 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A09B4E4B-24AF-4843-8921-1A592EF18054} [2012/02/11 22:11:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{4E1C7FE7-580B-40C1-B3FD-CC67B569ED7F} [2012/02/11 22:11:02 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{74152C18-2393-4A8C-9355-A74FE67BB02C} [2012/02/11 22:10:39 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2AFFC316-0FD6-46CF-A916-8CF4FF092F2A} [2012/02/11 05:52:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0BDDF31A-51DF-4C86-A826-C0CA4AE11ADF} [2012/02/11 05:52:08 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7DD1F28E-D64B-4B16-9D93-93EEE7F3A47D} [2012/02/11 05:51:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CE818185-93FF-4818-80EE-D1C8CDA19A53} [2012/02/10 17:51:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9D7590D5-B02D-4498-A366-E811BB31DBBE} [2012/02/10 17:50:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{31BF3562-1CC6-412A-A6C5-51532612A67C} [2012/02/10 05:50:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A3DBBE34-3860-47A4-B15B-29532C237588} [2012/02/10 05:50:01 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BA1C268B-DFD3-426F-8AE7-F3CA6547F563} [2012/02/09 22:07:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\Desktop\Desenhar Terra [2012/02/09 21:19:59 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Roaming\Complitly [2012/02/09 21:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Complitly [2012/02/09 19:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security [2012/02/09 19:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marcos Velasco Security [2012/02/09 17:49:36 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9BF05EB8-5232-46F5-9D94-ABA8C7B25467} [2012/02/09 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{384472C0-73F3-4344-BD2D-FE5DB5E550E8} [2012/02/09 17:49:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{05A161F2-489D-44A6-9299-58E6C7847E83} [2012/02/09 17:48:50 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BC55B888-81D8-4AAA-A332-CB76352B175F} [2012/02/09 05:48:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{67359652-22B2-48D9-9A74-9F3C581479CA} [2012/02/09 05:48:00 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{049471D2-C9AD-4C7E-927A-473D7990A3AB} [2012/02/08 17:47:31 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E451EE61-41BD-49FD-9A57-9ACC6491E010} [2012/02/08 17:47:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{235C5E39-5B51-40AD-89FA-8F8341368283} [2012/02/07 17:20:38 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{53476C83-7402-4541-93ED-204C12B004BC} [2012/02/07 17:20:11 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{75A97807-5D82-4452-9C15-1A2EEC07CA81} [2012/02/07 05:19:45 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{064B55FB-2D21-46FE-A150-8C57A23B4D1B} [2012/02/06 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C6F2FB5B-F731-40CF-9C05-3ECA4A8F71D0} [2012/02/06 17:18:36 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F5D5F073-05B8-42C1-B996-2F99E95238D0} [2012/02/05 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D0BE57A0-460F-4848-978D-AB779939B012} [2012/02/05 20:49:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C7B430BB-30DE-4EE0-94E2-8B89B9576AEB} [2012/02/05 20:48:51 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{290C0C49-DFBE-4E1A-8A9C-EF24908085B1} [2012/02/05 05:58:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{97BDE42C-700D-42B9-8911-A301297E0C94} [2012/02/05 05:57:54 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{53D923DD-69CD-45BB-BFD6-1E208AAA38E0} [2012/02/04 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{31969706-677D-44A7-A228-DD84020D1F04} [2012/02/04 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{382583B7-CAC7-462E-A0F1-42B499754A93} [2012/02/04 05:56:36 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{87B1B7D8-D165-4944-B471-07E35ADE7ABF} [2012/02/03 17:55:56 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D7F3BBE2-B9CA-4D9C-9DC9-8EA2FBAF7373} [2012/02/03 17:55:33 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{30D0C55A-3B6C-4DC6-BADD-9AA3EADE820A} [2012/02/03 05:55:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{F1579436-20CA-4184-ACBC-5093BB461360} [2012/02/02 17:54:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5ED87632-8E71-470B-83BD-26B11C80783E} [2012/02/02 17:54:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C5270AFB-EA2D-4CDB-BB1B-8BA303A5A3AD} [2012/02/02 17:54:08 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{21CD337A-8F30-4D1C-B46B-CD865704F31A} [2012/02/02 17:53:46 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7CF9959D-729A-4533-B482-B43B02844610} [2012/02/02 05:53:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{70C34A24-38E3-491D-8F03-5FB2433DA471} [2012/02/02 05:52:55 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AC7C7F97-3679-4A89-B4F1-4CF38C01BC84} [2012/02/01 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{6CF65A01-3588-47AA-B154-A6C2557A0E14} [2012/02/01 17:52:31 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0874F612-F7D8-436D-B070-C17F2F138928} [2012/02/01 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BFE321D9-92E2-4C99-955E-C88D9DD7466E} [2012/02/01 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{5BFB4141-3F68-4C26-A7DB-1A24AFD76093} [2012/02/01 05:51:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B29363DB-CED4-4D10-8D78-8378EED06414} [2012/02/01 05:51:20 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D7464AEF-3ED2-4BCA-BC5F-105902E24CC2} [2012/02/01 05:51:05 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{C260C4CA-15CF-4D41-9C1A-7725F30EC6B2} [2012/01/31 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FA070E77-FDDF-402A-A08C-B2031D043E8A} [2012/01/31 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{9FCBE60E-DE0E-465A-93E3-38B0F58DACF9} [2012/01/31 17:50:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{08DE50E2-7CB1-4CCD-A2AB-7B7295FCD0B8} [2012/01/31 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{2A1B7F1D-BBBF-41B2-BE36-EF7E7E63BDA2} [2012/01/31 05:49:15 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B53D13F8-05C3-4CEF-870D-7115F5CDF750} [2012/01/31 05:49:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{20259D15-F5D1-44A9-B422-44CB85AAB422} [2012/01/31 05:48:51 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{75CD9410-9C1F-4D85-8F32-026B59EE5156} [2012/01/30 17:48:03 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{01B2D080-F8B8-4BF2-AD9E-25D696E8CCC8} [2012/01/30 17:47:52 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{15E6108C-74E3-4DC0-BDD4-49CE63A47780} [2012/01/30 17:47:41 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FF8B9E12-C20C-4054-A2AD-4680F403740E} [2012/01/30 17:46:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{92BCDF4D-EDE3-495C-B833-1456685F421C} [2012/01/30 05:46:32 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{54179CC4-E956-4D49-98A9-EC2744AA1B53} [2012/01/30 05:46:19 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{FD4F4155-31B6-4B3E-AA31-1BA0E46F69AA} [2012/01/30 05:46:07 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{49CDAEF3-FCF7-431D-BE5D-476F64CA790B} [2012/01/29 17:45:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8481F578-39E1-49AD-B8C2-9805A82BCFED} [2012/01/29 17:41:59 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{45CA642B-AE4B-4B9D-B0E7-4D42E3560D77} [2012/01/29 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{73983511-01BC-437E-8A06-504502ACF950} [2012/01/29 00:12:57 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{7F1FEF9F-3FC6-4FE8-BF2F-24679B359EA8} [2012/01/28 10:17:00 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{B7D5AE63-4AC0-4A4B-8AF0-72CB2796F525} [2012/01/28 10:16:37 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A40BF91B-8859-4547-9414-A9186BD1D391} [2012/01/27 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{8FC1F6C8-B872-4AED-8C04-B35D8283151C} [2012/01/27 22:15:30 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{0A188A60-4F4E-45ED-A7F3-684A08165C23} [2012/01/27 08:42:27 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{CA034FE4-79F6-422F-B2E3-7EA70950D1BA} [2012/01/27 08:42:16 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{70C59FE1-4533-494C-9F9C-3BCCD2EBFB07} [2012/01/27 08:42:04 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{E31CAB56-3861-4C5F-ADE8-2AC2B7548249} [2012/01/26 20:41:24 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{AE5ACAB0-38C4-4248-80AE-FB6B9B9BDE97} [2012/01/26 20:40:58 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{A8648392-6C7A-40B7-8C72-10530F3928AE} [2012/01/26 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{D122D185-1893-45D5-82AC-0052EF1BF395} [2012/01/26 07:58:23 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{299E4E69-7F5F-4C09-B54F-90264876316C} [2012/01/26 07:58:12 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{BF188223-1FF7-43D5-BCFC-028A7FF0DCDD} [2012/01/25 19:57:37 | 000,000,000 | ---D | C] -- C:\Users\Documentos\AppData\Local\{26877595-D181-47A6-9E70-E598B2366207} [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/24 08:49:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Documentos\Desktop\OTL.exe [2012/02/24 08:18:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1837178300-1776902075-3512206551-1000UA.job [2012/02/24 05:18:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1837178300-1776902075-3512206551-1000Core.job [2012/02/23 13:18:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/23 13:18:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/23 13:10:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/23 13:10:20 | 3207,323,648 | -HS- | M] () -- C:\hiberfil.sys [2012/02/22 19:01:46 | 000,043,472 | ---- | M] () -- C:\Users\Documentos\Desktop\whimsical-charm_en.jpg [2012/02/22 05:08:44 | 000,000,633 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2012/02/22 04:40:16 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk [2012/02/22 04:38:43 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012/02/20 09:56:27 | 000,005,291 | ---- | M] () -- C:\Windows\my.ini.old [2012/02/20 09:56:27 | 000,005,291 | ---- | M] () -- C:\Windows\my.ini [2012/02/20 01:27:45 | 000,070,269 | ---- | M] () -- C:\Users\Documentos\Desktop\10819.jpg [2012/02/17 19:42:53 | 000,001,387 | ---- | M] () -- C:\Users\Documentos\Desktop\energyhv32k - Atalho.lnk [2012/02/16 00:26:09 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Shank.lnk [2012/02/14 21:02:58 | 000,156,364 | ---- | M] () -- C:\Users\Documentos\Desktop\topo-novo2.jpg [2012/02/12 21:22:23 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/12 21:22:23 | 000,657,176 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2012/02/12 21:22:23 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/12 21:22:23 | 000,125,568 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2012/02/12 21:22:23 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/11 22:07:00 | 005,137,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/10 17:15:57 | 000,083,039 | ---- | M] () -- C:\Windows\FontData.fdb [2012/02/09 21:19:54 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk [2012/02/09 19:19:44 | 000,071,524 | ---- | M] () -- C:\Users\Documentos\Documents\cc_20120209_201934.reg [2012/02/09 19:11:55 | 000,001,309 | ---- | M] () -- C:\Users\Public\Desktop\MV RegClean 6.0.lnk [2012/02/08 18:23:13 | 000,162,377 | ---- | M] () -- C:\Users\Documentos\Desktop\fazer para mr. duff.jpg [2012/02/04 18:22:43 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 18:32:37 | 000,071,931 | ---- | M] () -- C:\Users\Documentos\Desktop\simples e bacana ID.jpg [2012/01/30 18:15:49 | 000,764,725 | ---- | M] () -- C:\Users\Documentos\Desktop\polaroid template.cdr [2012/01/29 23:58:31 | 000,000,192 | ---- | M] () -- C:\Users\Documentos\Desktop\alimentar bem.url [2012/01/28 08:48:39 | 000,000,759 | ---- | M] () -- C:\Users\Documentos\Desktop\Play Torchlight.lnk [2012/01/26 14:53:35 | 000,000,132 | ---- | M] () -- C:\Users\Documentos\AppData\Roaming\Adobe PNG Format CS5 Prefs [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/22 19:01:49 | 000,043,472 | ---- | C] () -- C:\Users\Documentos\Desktop\whimsical-charm_en.jpg [2012/02/22 05:08:44 | 000,000,633 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk [2012/02/22 04:40:16 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk [2012/02/22 04:38:43 | 000,001,226 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012/02/20 09:52:28 | 000,005,291 | ---- | C] () -- C:\Windows\my.ini.old [2012/02/20 09:52:21 | 000,005,291 | ---- | C] () -- C:\Windows\my.ini [2012/02/20 01:27:49 | 000,070,269 | ---- | C] () -- C:\Users\Documentos\Desktop\10819.jpg [2012/02/17 19:42:53 | 000,001,387 | ---- | C] () -- C:\Users\Documentos\Desktop\energyhv32k - Atalho.lnk [2012/02/16 00:26:09 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Shank.lnk [2012/02/14 19:21:54 | 000,156,364 | ---- | C] () -- C:\Users\Documentos\Desktop\topo-novo2.jpg [2012/02/09 19:19:37 | 000,071,524 | ---- | C] () -- C:\Users\Documentos\Documents\cc_20120209_201934.reg [2012/02/09 19:11:55 | 000,001,309 | ---- | C] () -- C:\Users\Public\Desktop\MV RegClean 6.0.lnk [2012/02/08 18:23:17 | 000,162,377 | ---- | C] () -- C:\Users\Documentos\Desktop\fazer para mr. duff.jpg [2012/02/04 18:22:43 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 18:32:37 | 000,071,931 | ---- | C] () -- C:\Users\Documentos\Desktop\simples e bacana ID.jpg [2012/01/30 18:15:46 | 000,764,725 | ---- | C] () -- C:\Users\Documentos\Desktop\polaroid template.cdr [2012/01/29 23:58:22 | 000,000,192 | ---- | C] () -- C:\Users\Documentos\Desktop\alimentar bem.url [2012/01/11 20:13:18 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/01/11 20:13:16 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/01/11 20:13:16 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/12/21 10:27:56 | 000,219,864 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/11/07 23:35:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011/11/07 23:33:46 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011/11/06 19:59:48 | 000,001,456 | ---- | C] () -- C:\Users\Documentos\AppData\Local\Adobe Save for Web 12.0 Prefs [2011/10/29 10:34:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/09/12 09:13:41 | 000,000,132 | ---- | C] () -- C:\Users\Documentos\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011/09/10 10:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011/09/10 09:41:49 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011/09/08 08:40:45 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/09/08 08:40:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011/09/08 08:40:45 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/09/08 08:40:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011/09/08 08:40:45 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/09/08 08:40:45 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/09/08 08:40:45 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/09/08 08:40:45 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/09/08 08:40:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/09/08 08:40:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/09/08 08:40:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/09/08 08:40:45 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/09/08 08:40:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/09/08 08:40:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/09/08 08:40:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/09/08 08:40:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/09/08 08:39:35 | 000,000,088 | ---- | C] () -- C:\Windows\ETX123_125.ini [2011/06/29 07:20:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011/06/20 09:40:05 | 001,508,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/20 09:15:51 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/06/20 09:15:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/06/20 09:15:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/06/20 09:15:51 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/06/20 09:15:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/06/17 23:40:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/06/17 23:40:47 | 000,019,444 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2012/02/22 04:46:36 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\BitTorrent [2012/02/09 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Complitly [2012/02/22 04:46:36 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\DAEMON Tools Lite [2012/02/15 22:14:41 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Dev-Cpp [2012/02/09 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Dropbox [2011/11/28 19:07:23 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Epson [2011/12/17 22:40:59 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\GetRightToGo [2011/11/03 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\ImgBurn [2012/02/22 04:40:12 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\IObit [2011/09/10 12:06:55 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\KastorFreeVimeoDownloader [2011/07/22 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Power Burning Wizard [2012/01/16 04:02:20 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\runic games [2011/11/08 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Samsung [2011/11/12 11:04:57 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\sqlitestudio [2012/01/18 20:12:02 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\TeamViewer [2012/02/22 05:12:45 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Tibia [2011/06/26 14:05:14 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Tibiacast [2012/02/22 05:30:36 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\uTorrent [2011/09/10 09:42:14 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\VDownloader [2011/06/23 09:51:54 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Wacom [2011/06/23 09:51:55 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011/12/17 22:41:00 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\WinAVI [2011/07/19 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Documentos\AppData\Roaming\Windows Live Writer [2012/02/17 16:28:56 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > EXTRAS: OTL Extras logfile created on: 24/02/2012 08:50:04 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Documentos\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,98 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,44% Memory free 7,96 Gb Paging File | 6,06 Gb Available in Paging File | 76,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 92,67 Gb Total Space | 43,97 Gb Free Space | 47,45% Space Free | Partition Type: NTFS Drive D: | 838,74 Gb Total Space | 579,41 Gb Free Space | 69,08% Space Free | Partition Type: NTFS Computer Name: DOCUMENTOS-PC | User Name: Documentos | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- D:\Programas\flashcs5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- D:\Programas\flashcs5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "EPSON TX125 Series" = Desinstalar impressora EPSON TX125 Series "Pen Tablet Driver" = Bamboo "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5 "{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.8.985 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6 "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D7A4A1E2-1F01-4325-BEC9-9F2A9EFF9B2B}" = Tibiacast "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E29D8938-2E48-498C-832D-9663DCABD55F}" = Visual Basic for Applications ® Core - Portuguese (Brazil) "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.3.1 "{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Advanced SystemCare 5_is1" = Advanced SystemCare 5 "avast" = avast! Free Antivirus "Bamboo Dock" = Bamboo Dock 3.3 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "Complitly_is1" = Complitly "Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DVD Shrink_is1" = DVD Shrink 3.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "ImgBurn" = ImgBurn "IObit Malware Fighter_is1" = IObit Malware Fighter "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000 "Messenger Plus!" = Messenger Plus! 5 "msgplscomtb" = Messenger Plus Community Toolbar "MV RegClean 6.0_is1" = MV RegClean 6.0 "Nero8Lite_is1" = Nero 8 Micro 8.3.2.1 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "QuicktimeAlt_is1" = QuickTime Alternative 3.2.2 "Runic Games Torchlight" = Torchlight "Shank_is1" = Shank Full Pc version "Tibia_is1" = Tibia "uTorrent" = µTorrent "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock "WinAVI Video Converter" = WinAVI Video Converter "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Arquivo do WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 24, 2012 Bom Dia! maceno |- Baixe: < MyHosts > ( ... par Jeanmimigab ) |- Salve-o no desktop! |- Execute o arquivo MyHosts.exe,que está na área de trabalho. |- Para Windows Vista ou 7,execute-o como administrador. ----------- ----------- ** Rapport MyHosts.txt ** MyHosts V.1.0.0.2 de jeanmimigab Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides Résultat de l'opération:restauration du fichier hosts réussi... ** Fin du rapport ** ----------- ----------- |- Poste o relatório: C:\MyHosts.txt ///°°°/// |- Execute o OTL.exe. |- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" ) :OTLO2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O4 - HKCU..\Run: [AdobeBridge] File not found O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Documentos\Desktop\*.tmp files -> C:\Users\Documentos\Desktop\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes] "Gopher"="gopher://" :Commands [emptyflash] [emptytemp] [reboot] |- Clique no botão Consertar. |- Ps: A ferramenta irá reiniciar o computador. |- Ao surgir,clique em executar. |- Poste o relatório: C:\_OTL\MovedFiles\*.log Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
maceno 0 Denunciar post Postado Fevereiro 24, 2012 Bom dia DigRam, ** Rapport MyHosts.txt ** MyHosts V.1.0.0.2 de jeanmimigab Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides Résultat de l'opération:restauration du fichier hosts réussi... ** Fin du rapport ** OTL LOG All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully. File Protocol\Handler\grooveLocalGWS - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Windows\SysNative\drivers\SETFFA8.tmp deleted successfully. C:\Users\Documentos\Desktop\~WRL0001.tmp deleted successfully. C:\timestmp.tmp deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 56475 bytes User: Default User ->Flash cache emptied: 0 bytes User: Documentos ->Flash cache emptied: 60888 bytes User: Public User: Todos os Usuários User: UpdatusUser User: Usuário Padrão ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Documentos ->Temp folder emptied: 33460412 bytes ->Temporary Internet Files folder emptied: 1086409 bytes ->Java cache emptied: 103571 bytes ->Google Chrome cache emptied: 379233310 bytes ->Flash cache emptied: 0 bytes User: Public User: Todos os Usuários User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Usuário Padrão ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 91424 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes RecycleBin emptied: 1167360 bytes Total Files Cleaned = 396,00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02242012_102008 Files\Folders moved on Reboot... C:\Users\Documentos\AppData\Local\Temp\7zS417D\HPSLPSVC64.DLL moved successfully. C:\Users\Documentos\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9GEEK9\api[1].htm moved successfully. C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9GEEK9\background-banner-right-v3[1].jpg moved successfully. C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWMOP0YN\background-banner-middle-v3[1].jpg moved successfully. C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWMOP0YN\background_button_green_full[1].png moved successfully. C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U0JJC6V\api[1].htm moved successfully. C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U0JJC6V\list-item-plus[1].png moved successfully. C:\Users\Documentos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VF6TUQ5\background_banner_green_50_v3[1].jpg moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 24, 2012 Bom Dia! maceno |- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme! |- Ps: O computador irá reiniciar! ///°°°/// |- Baixe: < exeHelper > ( ... by Raktor ) |- Salve-o no desktop! |- Inicie a ferramenta,com duplo clique em exeHelper.com. |- Surgirá uma tela preta e,à seguir,o relatório. ( exehelperlog.txt ) |- Ps: Caso ocorra alguma mensagem de erro: "Error deleting file" |- Execute,novamente,o scan e poste,também,o novo relatório que será gerado. ///°°°/// |- Baixe: < AVPTool > |- < Link-2 > <!> Você será conduzido a uma página da Kaspersky,solicitando um email para cadastro.|- Ps: Será pedido seu nome e sobrenome. |- Ps: Somente o campo "email" é obrigatório. |- Informe seu email e depois,clique no botão "Submit Form". |- Ps: A página será recarregada! |- Clique no botão "Download". |- Salve-o em seu desktop! |- Duplo clique no arquivo "setup". |- Ps: Aguarde a instalação! |- Ps: Na próxima tela,marque: "I accept the licence agreement" |- À seguir,clique em "Start". |- Clique no botão: < > |- Marque: |- <1> Meu Computador; |- <2> Disco local ( C: ) ou ( D: ); |- Ps: Normalmente,a unidade em que esteja instalado o SO! |- Clique em "Actions". |- Ps: Deixe os dois quadrinhos desmarcados! <-- Importante! |- Ps: Imprima estas orientações,para posterior consulta! |- Clique na aba "Automatic Scan" e aguarde o término da verificação. |- Clique no botão < > |- Clique em"Detected threats". |- Clique no botão "Save". |- Ps: Copie o conteúdo do arquivo salvo. <-- Se houver algo detectado! |- Poste-o em sua resposta! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
maceno 0 Denunciar post Postado Fevereiro 24, 2012 Boa tarde DigRam o kaspersky não encontrou nada então abaixo o log EXEHELPER exeHelper by Raktor Build 20100414 Run at 12:22:25 on 02/24/12 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 24, 2012 Boa Tarde! maceno |- Atualize o Java! |- Seus logs estão limpos! |- Tudo Ok? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
maceno 0 Denunciar post Postado Fevereiro 24, 2012 Boa Tarde! maceno |- Atualize o Java! |- Seus logs estão limpos! |- Tudo Ok? Abraços! Opa DigRam, muito obrigado já irei atualizar meu java. Parabéns pela competência. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 24, 2012 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
