[Resolvido] &nbspAnálise de log

[leandro aislan 0]

Bom dia, segue meu log para análise.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:26:09, on 14/05/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files (x86)\common files\installshield\updateservice\isuspm.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Asafer\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Asafer\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-3731980268-2904590947-1619489453-1006\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (User 'Asafer_2')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRA~2\GbPlugin\gbiehCef.dll (file missing)

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 16398 bytes

[DigRam 144]

Boa Tarde! leandro aislan

 

|- O log não mostra entradas ruins!

 

-/-/-/-

 

O4 - HKLM\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat

 

|- Com o HijackThis,dê Fix nesta entrada!

 

-/-/-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

 

|- Dê início ao scan,clicando em "Recherche" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt

 

-/-/-/-

 

|- Baixe: | ZHPDiag | *ºº* < > ( ... de Nicolas Coolman )

 

|- Estando na página,clique em: < >

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

 

|-

 

|- Clique em "Calendar" e escolha 30 dias!

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt.

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Recomendo compactá-lo e anexar em sua resposta!

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse: < >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

|- Ou acesse: < > ( Tire-o do zip ao enviar! )

 

|- Maiores informações: < |Link| >

 

Abraços!

[leandro aislan 0]

Segue o log do AdwCleaner

 

# AdwCleaner v1.606 - Logfile created 05/14/2012 at 13:40:07

# Updated 10/05/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Asafer - ASAFER-HP

# Running from : C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\2K52IH5R\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\Asafer\AppData\Local\Babylon

Folder Found : C:\Users\Asafer\AppData\Local\Linkury

Folder Found : C:\Users\Asafer\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\Asafer\AppData\Roaming\Babylon

Folder Found : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\extensions\ffxtlbr@babylon.com

Folder Found : C:\ProgramData\Babylon

 

***** [Registry] *****

 

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

[x64] Key Found : HKCU\Software\Softonic

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

 

***** [Registre - GUID] *****

 

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v12.0 (pt-BR)

 

Profile name : default

File : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js

 

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100340");

Found : user_pref("extensions.BabylonToolbar.bbDpng", 9);

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.id", "3ae4b33f0000000000001cc1debeb8de");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15278");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]

Found : user_pref("extensions.BabylonToolbar.lastDP", 9);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1014:13:47");

Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");

Found : user_pref("extensions.BabylonToolbar.newTab", true);

Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.propectorlck", 59394604);

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1014:13:47");

 

Profile name : default

File : C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [4357 octets] - [14/05/2012 13:40:07]

 

########## EOF - C:\AdwCleaner[R1].txt - [4485 octets] ##########

 

 

 

Segue o link

 

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120514_l6o10u12q11s13

[DigRam 144]

Boa Tarde! leandro aislan

 

|- Feche programas/pastas que estejam abertas.

|- Para Windows Vista,desabilite a UAC.

 

 

|- Dê um duplo clique em ZHPFix.

 

|- Clique no menu,H < >

 

O3 - Toolbar: (no name) [64Bits] - {ae07101b-46d4-4a98-af68-0333ea26e113} . (...) -- (.not file.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O45 - LFCP:[MD5.641032442E72F7649D23C763BB25ADA5] - 08/05/2012 - 14:01:30 ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3731980268-2904590947-1619489453-1000.snp.db

O45 - LFCP:[MD5.2C11FBEF15634FE347BBC156F8962AEE] - 08/05/2012 - 14:21:31 ---A- - C:\Windows\Prefetch\AgCx_S2_S-1-5-21-3731980268-2904590947-1619489453-1006.snp.db

O45 - LFCP:[MD5.894F29F8A16C5FA36131AAFAE1FCB3CC] - 08/05/2012 - 14:23:02 ---A- - C:\Windows\Prefetch\AgCx_SC3_23A8E318BE611078.db

O45 - LFCP:[MD5.E037BBB95BE82330E4273643F2BAD2D5] - 11/05/2012 - 03:40:18 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin

O45 - LFCP:[MD5.2CC739377446C7660179966BCD91185B] - 14/05/2012 - 07:35:06 ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3731980268-2904590947-1619489453-1006.snp.db

O45 - LFCP:[MD5.23C8D46581688744050FCE96A602AF35] - 14/05/2012 - 07:36:00 ---A- - C:\Windows\Prefetch\AgCx_SC4.db

O45 - LFCP:[MD5.8EDF367C9A54DE4B2D329DC3CC7A757A] - 14/05/2012 - 12:07:34 ---A- - C:\Windows\Prefetch\Layout.ini

O45 - LFCP:[MD5.3FAE8C337BBC8E4E129D287FE0A7FA26] - 14/05/2012 - 13:04:42 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3731980268-2904590947-1619489453-1000.db

O45 - LFCP:[MD5.57EEBA426A831C002DD67135ACFC671B] - 14/05/2012 - 13:04:42 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3731980268-2904590947-1619489453-1000.db

O45 - LFCP:[MD5.B1FEEF85783346F3FD58135764CB0B51] - 14/05/2012 - 13:29:19 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db

O45 - LFCP:[MD5.105785C30745964587B08A62D7A60D82] - 14/05/2012 - 13:29:19 ---A- - C:\Windows\Prefetch\AgRobust.db

O45 - LFCP:[MD5.9B0E01C51C312B36AB845E1015F23BC2] - 14/05/2012 - 13:29:20 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db

O45 - LFCP:[MD5.182BB85F096509F75D6556A66241CC74] - 14/05/2012 - 13:29:20 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db

O45 - LFCP:[MD5.494FEA467107AE04CAB971D17BF2E02F] - 16/04/2012 - 08:29:28 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3731980268-2904590947-1619489453-1006.db

O45 - LFCP:[MD5.71110B1A85C0182653920AA941AAEF44] - 16/04/2012 - 08:29:28 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3731980268-2904590947-1619489453-1006.db

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKLM\Software\WOW6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]

[HKLM\Software\WOW6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]

 

C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\Extensions\ffxtlbr@babylon.comC:\ProgramData\Babylon

C:\Users\Asafer\AppData\Roaming\Babylon

C:\Users\Asafer\AppData\Local\Babylon

C:\Users\Asafer\AppData\LocalLow\BabylonToolbar

 

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.

|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.

|- Clique em GO -> Oui.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

-/-/-/-

 

|- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

Abraços!

[leandro aislan 0]

Boa tarde segue o log:

 

Rapport de ZHPFix 1.2.05 par Nicolas Coolman, Update du 30/04/2012

Fichier d'export Registre :

Run by Asafer at 14/05/2012 14:36:27

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

ERROR O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

ERROR O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

 

========== Registry Value ==========

DELETED Toolbar: {ae07101b-46d4-4a98-af68-0333ea26e113}

DELETED CLSID SSODL: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

 

========== Registry Data Items ==========

REPLACED Value NoActiveDesktopChanges : Good (0) - Bad (1)

REPLACED Value EnableLUA : Good (1) - Bad (0)

 

========== Repertory ==========

DELETED Folder: c:\users\asafer\appdata\roaming\babylon

DELETED Folder: c:\users\asafer\appdata\local\babylon

DELETED Folder: c:\users\asafer\appdata\locallow\babylontoolbar

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED File: c:\windows\prefetch\agcx_s1_s-1-5-21-3731980268-2904590947-1619489453-1000.snp.db

DELETED File: c:\windows\prefetch\agcx_s2_s-1-5-21-3731980268-2904590947-1619489453-1006.snp.db

DELETED File: c:\windows\prefetch\agcx_sc3_23a8e318be611078.db

DELETED File: c:\windows\prefetch\pfsvperfstats.bin

DELETED File: c:\windows\prefetch\agcx_s1_s-1-5-21-3731980268-2904590947-1619489453-1006.snp.db

DELETED File: c:\windows\prefetch\agcx_sc4.db

DELETED File: c:\windows\prefetch\layout.ini

DELETED File: c:\windows\prefetch\aggluad_p_s-1-5-21-3731980268-2904590947-1619489453-1000.db

DELETED File: c:\windows\prefetch\aggluad_s-1-5-21-3731980268-2904590947-1619489453-1000.db

DELETED File: c:\windows\prefetch\agglglobalhistory.db

DELETED File: c:\windows\prefetch\agrobust.db

DELETED File: c:\windows\prefetch\agglfaulthistory.db

DELETED File: c:\windows\prefetch\agglfgapphistory.db

DELETED File: c:\windows\prefetch\aggluad_p_s-1-5-21-3731980268-2904590947-1619489453-1006.db

DELETED File: c:\windows\prefetch\aggluad_s-1-5-21-3731980268-2904590947-1619489453-1006.db

NOT FOUND File: c:\windows\system32\drivers\vgasave.sys

NOT FOUND Folder/File: c:\users\asafer\appdata\roaming\mozilla\firefox\profiles\5r2g6265.default\extensions\ffxtlbr@babylon.comc:\programdata\babylon

DELETED Window Temporary:

DELETED Flash Cookies:

 

 

========== Summary ==========

4 : Registry Key

9 : Registry Value

2 : Registry Data Items

5 : Repertory

19 : File

 

 

End of clean in 00mn 06s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 14/05/2012 14:36:27 [3214]

 

 

AdwCleaner

 

 

# AdwCleaner v1.606 - Logfile created 05/14/2012 at 14:39:56

# Updated 10/05/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Asafer - ASAFER-HP

# Running from : C:\Users\Asafer\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Asafer\AppData\Local\Linkury

Folder Deleted : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\extensions\ffxtlbr@babylon.com

Folder Deleted : C:\ProgramData\Babylon

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v12.0 (pt-BR)

 

Profile name : default

File : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js

 

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100340");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.id", "3ae4b33f0000000000001cc1debeb8de");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15278");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1014:13:47");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59394604);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1014:13:47");

 

Profile name : default

File : C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [4470 octets] - [14/05/2012 13:40:07]

AdwCleaner[s1].txt - [3493 octets] - [14/05/2012 14:39:56]

 

########## EOF - C:\AdwCleaner[s1].txt - [3621 octets] ##########

 

 

Obrigado até o momento....

 

 

 

Leandro

[DigRam 144]

Boa Tarde! leandro aislan

 

|- Parece que ZHPFix não pode estabelecer Ponto de restauração.

|- você consegue criá-lo manualmente?

 

-/-/-/-

 

|- Baixe: |DelFix| ( ... de Xplode )

 

 

|- Estando na página,clique em "Télécharger",para o download.

|- Salve-a em um local conveniente!

|- Feche aplicativos que estejam abertos.

 

 

|- Clique em "Suppression".

|- Poste o relatório! ( C:\DelFixSuppr.txt )

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

 

-/-/-/-

 

|- Baixe: < > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < >

 

|- Salve-o no desktop! < >

 

|- Duplo clique em OTL.exe --> Executar:

 

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )

|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".

|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )

|- Dispense o relatório "Extras".

 

Abraços!

[leandro aislan 0]

Boa tarde,

Não consegui baixar o DELFIX deu a seguinte msg de erro: You tried to start a download from a not authorised resource or your browser do not send a referrer!

If you deactivate the referrer in your browser please activate it in your browser configuration to download the file!

[DigRam 144]

Boa tarde,

Não consegui baixar o DELFIX deu a seguinte msg de erro: You tried to start a download from a not authorised resource or your browser do not send a referrer!

If you deactivate the referrer in your browser please activate it in your browser configuration to download the file!

Olá!

 

|- Pode seguir com a ferramenta OTL. Posteriormente verei o que está ocorrendo com o download de DelFix.

 

Abraços!

[leandro aislan 0]

OTL logfile created on: 14/05/2012 15:16:23 - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Asafer\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,88% Memory free

7,36 Gb Paging File | 5,06 Gb Available in Paging File | 68,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 921,62 Gb Total Space | 853,45 Gb Free Space | 92,60% Space Free | Partition Type: NTFS

Drive D: | 9,80 Gb Total Space | 1,19 Gb Free Space | 12,14% Space Free | Partition Type: NTFS

Drive J: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,43% Space Free | Partition Type: FAT

 

Computer Name: ASAFER-HP | User Name: Asafer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - File not found --

PRC - [2012/05/14 15:13:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Asafer\Desktop\OTL.exe

PRC - [2012/05/05 10:49:25 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

PRC - [2012/04/25 17:16:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2012/02/07 11:21:25 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

PRC - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/01/19 08:47:18 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

PRC - [2012/01/19 08:26:18 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

PRC - [2011/08/30 13:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010/01/18 10:21:08 | 000,568,888 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

PRC - [2010/01/15 12:41:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/01/15 12:41:28 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/05/11 03:46:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/11 03:46:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll

MOD - [2012/05/11 03:46:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll

MOD - [2012/05/11 03:46:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/11 03:46:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/11 03:46:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/11 03:46:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/11 03:46:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/05/05 11:49:15 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

MOD - [2012/04/25 17:16:36 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/08/07 13:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\detour32.dll

MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll

MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll

MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll

MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll

MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll

MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll

MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll

MOD - [2011/04/11 12:58:21 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll

MOD - [2011/04/11 12:58:17 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

MOD - [2011/03/04 11:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2011/03/04 11:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2011/03/04 11:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/11/12 21:33:11 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/01/18 10:21:08 | 000,568,888 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010/09/27 16:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)

SRV - [2012/05/05 11:49:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/25 17:16:36 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011/10/20 07:18:59 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/10/20 07:14:58 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2011/09/01 08:35:56 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV - [2011/08/31 09:57:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

SRV - [2011/08/30 13:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)

SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/12/10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 12:41:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)

SRV - [2009/10/15 05:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Arquivos de Programas\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/04/20 13:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/27 16:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)

DRV:64bit: - [2010/09/27 16:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)

DRV:64bit: - [2010/09/27 16:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)

DRV:64bit: - [2010/03/04 11:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/01/15 17:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/01/08 01:32:22 | 007,841,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/10/26 01:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/17 17:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/08/06 14:32:42 | 000,314,880 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)

DRV:64bit: - [2007/08/06 14:32:42 | 000,066,432 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)

DRV:64bit: - [2007/05/28 09:05:04 | 000,121,088 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)

DRV - [2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F5D78999-D62D-4B36-94BD-7CAF7853C20A}

IE:64bit: - HKLM\..\SearchScopes\{F5D78999-D62D-4B36-94BD-7CAF7853C20A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {F5D78999-D62D-4B36-94BD-7CAF7853C20A}

IE - HKLM\..\SearchScopes\{F5D78999-D62D-4B36-94BD-7CAF7853C20A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Asafer\Desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = {F5D78999-D62D-4B36-94BD-7CAF7853C20A}

IE - HKCU\..\SearchScopes\{F5D78999-D62D-4B36-94BD-7CAF7853C20A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "LocalStrike Search"

FF - prefs.js..browser.startup.homepage: "www.terra.com.br"

FF - prefs.js..keyword.URL: "http://find.localstrike.net/?q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asafer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asafer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/31 11:14:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/05/04 07:04:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/04 07:04:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/05/04 07:04:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 17:16:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/31 11:14:19 | 000,000,000 | ---D | M]

 

[2011/08/31 10:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asafer\AppData\Roaming\mozilla\Extensions

[2012/05/14 14:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions

[2011/10/20 15:04:50 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco do Brasil) -- C:\Users\Asafer\AppData\Roaming\mozilla\Firefox\Profiles\5r2g6265.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2012/04/26 07:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/04/25 17:16:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/11/09 07:29:37 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml

[2011/11/09 07:29:37 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml

[2011/11/10 07:55:09 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2011/11/09 07:29:37 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml

[2011/11/09 07:29:37 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Asafer\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Asafer\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Asafer\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Conselheiro de URLs da Kaspersky = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\

CHR - Extension: Teclado virtual = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\

CHR - Extension: Gmail = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Anti-Banner = C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

 

O1 HOSTS File: ([2012/04/09 07:55:35 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm ()

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\PROGRA~2\GbPlugin\gbiehCef.dll) - File not found

O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\PROGRA~2\GbPlugin\gbiehUni.dll) - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2011/02/15 17:06:52 | 000,000,000 | RH-D | M] - J:\autorun.inf -- [ FAT ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/14 15:13:34 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Asafer\Desktop\OTL.exe

[2012/05/14 14:48:30 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{1F0A9FCE-BFE2-4A29-83AC-A6897BD4DF46}

[2012/05/14 14:48:20 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{720D3B51-17E3-4BC5-8CF8-6CAEFC198190}

[2012/05/14 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C302F2E7-6ABA-4DE5-8C18-EE98543329A9}

[2012/05/14 14:42:36 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{DECC5286-70A0-4F1F-A138-A6046FC4FD6E}

[2012/05/14 13:43:11 | 000,000,000 | ---D | C] -- C:\ZHP

[2012/05/14 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

[2012/05/14 13:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2012/05/14 13:40:46 | 004,674,417 | ---- | C] (Nicolas Coolman ) -- C:\Users\Asafer\Desktop\ZHPDiag2.exe

[2012/05/14 13:37:28 | 000,000,000 | ---D | C] -- C:\Users\Asafer\Desktop\backups

[2012/05/14 13:24:44 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{88BAEF8F-8084-44F0-8876-DB9A952B6107}

[2012/05/14 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C3D2CE62-D76B-43BD-9E62-B1F8BA92F323}

[2012/05/14 11:24:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Asafer\Desktop\HiJackThis.exe

[2012/05/14 08:41:56 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{AAD9E5FF-11BF-4970-BA61-B0E595EBC41E}

[2012/05/14 08:41:35 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{7EFC12E9-A9BF-4D19-87D7-4BF772657246}

[2012/05/14 07:36:00 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{3E4A2F06-1094-4FC2-B6DD-20D91FD8755A}

[2012/05/14 07:35:49 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{EC5F5191-CE6C-4DF7-9745-5F8075A4D537}

[2012/05/11 14:26:33 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{EF9E4CEF-0280-44C9-82E1-0AE95344F151}

[2012/05/11 14:26:23 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C75F82E5-1B21-40A4-892E-7C3BE54A25A7}

[2012/05/11 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{E20DC2F0-55F5-402D-842A-6225D9586874}

[2012/05/11 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{29970003-6236-4DCB-BC82-8D1C06C8088A}

[2012/05/11 09:24:52 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/05/11 09:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012/05/11 08:49:05 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{938EC57B-6E41-40ED-87B2-64A236EB1975}

[2012/05/11 08:48:53 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{EC56BEA8-6131-4834-AEFB-E3F5605AF839}

[2012/05/11 07:41:20 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{6F047241-6879-4A45-85E6-BA65E93F8333}

[2012/05/11 07:41:10 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{B702A1AD-B9CE-4FF6-A3DB-FFA638B090D6}

[2012/05/10 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{378F3C0F-0A2C-4F6C-BE65-A10B2068BC9C}

[2012/05/10 09:12:25 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{9B503E0F-8313-497B-AB62-327CA19B4346}

[2012/05/10 09:12:15 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{81808FC7-3C14-441C-A7E3-25D799F018B6}

[2012/05/10 09:12:05 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{68A4CDBD-892F-4FF4-9594-5533326F1F6F}

[2012/05/09 20:27:13 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{6123CC4C-D548-474B-A2CF-3FE3C9178C71}

[2012/05/09 20:26:52 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{3325B4EC-A7DF-494B-AB39-DD501E30EBDA}

[2012/05/09 08:27:02 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C8553721-B7B6-46FC-8BD3-185CB2E12F24}

[2012/05/09 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{967FEE0A-6BDC-46EB-AF94-6ECE718DF0F0}

[2012/05/09 08:26:10 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C33AD365-063B-4D46-B857-375F0152DE60}

[2012/05/09 08:25:49 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{6701840D-5F4D-4B7A-9FBF-E43B2F482D2D}

[2012/05/08 08:27:57 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{1312B930-4BBC-43A8-8BCB-2056CF80ACD4}

[2012/05/08 08:27:34 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{32CB46CD-CA36-4004-9FF9-5C1C3D6A7DC2}

[2012/05/07 13:36:26 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{FEE48715-BFB7-470A-9A91-B6787FFAD64A}

[2012/05/07 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{E8BFEA28-BE66-4B96-87CA-3CC74EE4C2D2}

[2012/05/07 08:00:35 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{3C549FB0-11F4-4991-B5BE-701C9C5DD7F7}

[2012/05/07 08:00:26 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{866484F7-4EA1-4B62-86F6-C7547C768215}

[2012/05/07 08:00:16 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{362964AD-08C8-4E59-B14D-DF6D3BAE2FA0}

[2012/05/07 07:59:55 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{ADC4C3EF-5D72-4577-B2ED-75ADBCB7110F}

[2012/05/05 08:30:57 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{8881658C-4838-44F8-9D53-66DDA41A83BC}

[2012/05/05 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{A052DDEF-EAB9-4E31-9290-4173D5B47C7C}

[2012/05/05 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{6BC16C34-6E81-47F2-80FC-E61D93CEB03C}

[2012/05/05 08:30:06 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{FC05C1D9-4CC0-49DF-AD4F-55D18E09C258}

[2012/05/04 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{90760133-9294-41F1-B76F-30A41E79E35F}

[2012/05/04 21:12:47 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{7229EA21-9716-4150-BA1B-56C58B5BA771}

[2012/05/04 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{1F960D22-2294-491B-A1C5-E327CFF387E4}

[2012/05/04 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{201D713A-80D8-4DA7-AA39-842F46FD73BA}

[2012/05/04 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{339A0ED6-80AB-4AA2-83EC-722BEE58B41C}

[2012/05/04 09:10:31 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{8D26E902-1C26-40D4-B0B8-81994DB2C6AF}

[2012/05/04 08:07:27 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{3E5A64D4-FE20-4557-BE48-E618D4AF32CF}

[2012/05/04 08:07:05 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{ED0A5FD7-AEF2-4007-AE42-C88C57A85791}

[2012/05/03 08:40:46 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{2FFC69B3-0EEF-471B-989D-C1ABF5FA4851}

[2012/05/03 08:40:36 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{900DA26E-D2C1-4896-8475-914C7230DAFB}

[2012/05/03 08:40:27 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{A02ABA41-16C9-41B2-8D17-2E95141B8748}

[2012/05/03 08:40:06 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{8C1FEC84-4902-4E0A-8E1A-5137DA508A86}

[2012/05/02 08:22:11 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{A21B2ED9-2F3A-41F5-A4CB-A979D892542E}

[2012/05/02 08:21:58 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{E961A587-860B-4963-AF14-221ABD6C5E71}

[2012/05/02 07:44:08 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{ADB0FA79-ABA8-43ED-AA98-2D44D2D89979}

[2012/05/02 07:43:57 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{F061A1A4-945C-4EA0-A5C0-DB50A8D5A14E}

[2012/04/30 09:14:56 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{67DF897C-A365-48C4-89B5-C997A75F7F45}

[2012/04/30 09:14:45 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{03CEB930-975C-44DB-9369-CEA6D433E222}

[2012/04/30 07:50:12 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{0658DF2A-44E7-4EC0-B097-D4E493794009}

[2012/04/30 07:50:03 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{34292A4E-7527-4208-AB23-B9494D560AE6}

[2012/04/28 08:10:40 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{21C2BF88-C6E9-4249-930D-D157E7437446}

[2012/04/28 08:10:30 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{49868A8A-BEC0-4D88-9B7F-C35597C8EBDB}

[2012/04/28 08:01:36 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{DCE0300B-8FC0-4A3F-95A6-86B7F32F185F}

[2012/04/28 08:01:26 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{AC04A487-7387-4E6F-8E37-4CAEF1E779FB}

[2012/04/27 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{894ECB7A-4ED8-4983-AA1A-3E5B8106ABCC}

[2012/04/27 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{1668770F-001B-44AC-80BE-3ADCF68B00B1}

[2012/04/27 08:58:29 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{320D09AC-E5FA-4600-B668-754AD336CEA6}

[2012/04/27 08:58:17 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{4F9DEBE8-17EB-4A69-AAB2-7FD60C259A37}

[2012/04/27 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{26D77E54-3F4E-45D0-84D7-802EDFAF48B5}

[2012/04/27 08:46:06 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{EE400DFC-C31C-40FB-9319-A10E2DF2DBD7}

[2012/04/26 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{8E0421E3-4F6C-4DF7-88F9-F4665A70007E}

[2012/04/26 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{CB0891F9-88E1-4202-8151-E11D4F533B83}

[2012/04/26 07:54:01 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{DBC6F98D-57C2-4B6D-9EC7-4AA68634B88B}

[2012/04/26 07:53:40 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{B0734841-8E96-4273-8676-0D9624543CF1}

[2012/04/25 17:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/04/25 17:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/04/25 10:06:03 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{78160DBE-5363-4D68-A472-EC940F0B2CB0}

[2012/04/25 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{F55EFD00-FBC7-4281-8A8D-530E2E165790}

[2012/04/25 07:54:18 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{02ACE82F-4789-43B7-9E51-35803A875E35}

[2012/04/25 07:54:09 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C4DAB8E1-B33A-427C-8537-7F0F903475AB}

[2012/04/25 07:45:24 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{0FF0D1A7-3F9A-42D2-972F-654FEF3D477D}

[2012/04/25 07:45:03 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{842D9A43-F5E4-45E9-AFAB-7EB5F28349C0}

[2012/04/24 09:14:38 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{F2A09504-A569-40DF-95BD-1A8AAA20D867}

[2012/04/24 09:14:26 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{309DF417-FB4C-48B8-8CA8-E82D5B58EB64}

[2012/04/24 09:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/04/24 07:59:02 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{DE022895-7142-47B1-8CDE-5D2E7DA7DB98}

[2012/04/24 07:58:40 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{33ADDB73-BDC2-40A2-8EC1-7237F8BAB3B3}

[2012/04/23 08:31:23 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{EB310676-1E31-4F00-932A-0B1731439621}

[2012/04/23 08:31:10 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{1F0E3051-1248-47DA-9851-98B25BC1D28B}

[2012/04/23 07:37:28 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{B3A7EC96-A7FE-484E-9724-0FA14E4021D5}

[2012/04/23 07:37:18 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{1136288A-7956-4CF9-B8EB-2B38BE07868A}

[2012/04/20 10:05:28 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{566A7318-CF80-4C86-9B67-349A5EBF0563}

[2012/04/20 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{E963AE17-8756-43DF-8B0C-681B4CDB694C}

[2012/04/20 08:11:59 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{CC6F5ADF-0852-45A6-AE49-E236BE84D96A}

[2012/04/20 08:11:37 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{B52665C5-2AF3-46FD-B916-8AA5BDE6259B}

[2012/04/19 08:51:54 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{40651527-E4BD-4402-816C-D5F76A876432}

[2012/04/19 08:51:43 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{3797F608-FEB6-44D5-8391-7C5A63DB6409}

[2012/04/19 08:44:26 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C45DC43A-A00D-41BC-942F-D7C16D778647}

[2012/04/19 08:44:16 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{651A8F22-4172-44E7-A8FA-15DDBBB625DA}

[2012/04/18 09:55:03 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{00A3D131-1909-454B-92A7-F37023B936EF}

[2012/04/18 09:54:50 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{4A553B39-883A-4E37-A162-B47CA208F87D}

[2012/04/18 07:31:46 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{0E85E391-C496-452C-B3D6-89D21F53337C}

[2012/04/18 07:31:23 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{92FD291C-F85D-4076-B1D0-C9E2B18685CB}

[2012/04/17 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{6BC355A7-CF37-4B05-9484-64830C8FE668}

[2012/04/17 10:50:40 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{C57C50CA-A65A-4550-86C0-DF48C963B42D}

[2012/04/17 07:51:02 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{D709F64A-91AC-49F2-93AA-19434ED0B36C}

[2012/04/17 07:50:52 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{ED5ED0CD-A746-4AFA-AA02-0804DA2F23EB}

[2012/04/16 09:55:47 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{159E230E-37C7-4598-8955-8B14CEEF8D47}

[2012/04/16 09:55:35 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{52CC5AEB-3097-47C4-8E20-92BA126BB8BF}

[2012/04/16 08:29:57 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{88EF2188-A16E-4C46-BA5B-8FC52BC0D1ED}

[2012/04/16 08:29:46 | 000,000,000 | ---D | C] -- C:\Users\Asafer\AppData\Local\{78C56427-CFDF-4E5C-BEBA-F1AD4185E4F9}

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/14 15:13:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Asafer\Desktop\OTL.exe

[2012/05/14 14:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/14 14:49:05 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/14 14:49:05 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/14 14:49:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/14 14:41:46 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/14 14:41:36 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAsafer.job

[2012/05/14 14:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/14 14:41:18 | 2962,550,784 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/14 14:39:43 | 000,581,957 | ---- | M] () -- C:\Users\Asafer\Desktop\adwcleaner.exe

[2012/05/14 14:28:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731980268-2904590947-1619489453-1000UA.job

[2012/05/14 13:51:46 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2012/05/14 13:43:02 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk

[2012/05/14 13:43:02 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk

[2012/05/14 13:43:02 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk

[2012/05/14 13:41:12 | 004,674,417 | ---- | M] (Nicolas Coolman ) -- C:\Users\Asafer\Desktop\ZHPDiag2.exe

[2012/05/14 13:21:16 | 001,654,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/14 13:21:16 | 000,715,746 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/05/14 13:21:16 | 000,662,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/14 13:21:16 | 000,146,924 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/05/14 13:21:16 | 000,123,994 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/14 11:24:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Asafer\Desktop\HiJackThis.exe

[2012/05/14 09:28:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731980268-2904590947-1619489453-1000Core.job

[2012/05/11 09:25:03 | 000,002,326 | ---- | M] () -- C:\Users\Asafer\Desktop\Google Chrome.lnk

[2012/05/11 09:24:19 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\ Google Earth.lnk

[2012/05/11 03:41:16 | 000,541,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/09 15:24:39 | 000,002,016 | -H-- | M] () -- C:\Users\Asafer\Documents\Default.rdp

[2012/05/07 11:00:22 | 000,232,480 | ---- | M] () -- C:\Users\Asafer\Desktop\extrato.pdf

[2012/05/03 07:42:45 | 000,063,273 | ---- | M] () -- C:\Windows\FontData.fdb

[2012/04/30 14:42:55 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2012/04/30 09:27:46 | 000,000,212 | -H-- | M] () -- C:\Users\Asafer\Documents\Drawing1.dwl2

[2012/04/30 09:27:46 | 000,000,062 | -H-- | M] () -- C:\Users\Asafer\Documents\Drawing1.dwl

[2012/04/28 14:14:35 | 000,006,524 | ---- | M] () -- C:\Users\Asafer\Documents\cc_20120428_141432.reg

[2012/04/25 17:33:05 | 000,000,000 | ---- | M] () -- C:\Users\Asafer\AppData\Local\Temptable.xml

[2012/04/24 09:01:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/23 13:18:35 | 000,000,848 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/05/14 14:39:26 | 000,581,957 | ---- | C] () -- C:\Users\Asafer\Desktop\adwcleaner.exe

[2012/05/14 13:51:46 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2012/05/14 13:42:11 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk

[2012/05/14 13:42:11 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk

[2012/05/14 13:42:11 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk

[2012/05/11 09:25:03 | 000,002,326 | ---- | C] () -- C:\Users\Asafer\Desktop\Google Chrome.lnk

[2012/05/11 09:24:19 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\ Google Earth.lnk

[2012/05/11 09:23:55 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731980268-2904590947-1619489453-1000UA.job

[2012/05/11 09:23:51 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731980268-2904590947-1619489453-1000Core.job

[2012/05/07 11:00:22 | 000,232,480 | ---- | C] () -- C:\Users\Asafer\Desktop\extrato.pdf

[2012/04/28 14:14:34 | 000,006,524 | ---- | C] () -- C:\Users\Asafer\Documents\cc_20120428_141432.reg

[2012/04/24 09:01:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/04/24 09:01:02 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/02/02 14:24:53 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys

[2011/10/31 14:13:37 | 000,017,408 | ---- | C] () -- C:\Users\Asafer\AppData\Local\WebpageIcons.db

[2011/10/20 07:47:10 | 000,000,000 | ---- | C] () -- C:\Users\Asafer\AppData\Local\Temptable.xml

[2011/10/20 07:18:19 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI

[2011/09/16 09:00:18 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll

[2011/09/16 09:00:17 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll

[2011/09/05 10:41:23 | 000,099,840 | ---- | C] ( ) -- C:\Windows\SysWow64\Zipdll.dll

[2011/09/05 10:41:23 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\Unzdll.dll

[2011/08/31 11:13:30 | 000,223,041 | ---- | C] () -- C:\Windows\hpwins26.dat.temp

[2011/08/31 11:13:30 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp

[2011/08/31 10:46:32 | 000,223,200 | ---- | C] () -- C:\Windows\hpwins26.dat

[2011/08/31 09:58:32 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

[2011/08/31 08:22:06 | 000,000,000 | ---- | C] () -- C:\Users\Asafer\AppData\Roaming\wklnhst.dat

[2011/08/31 07:54:35 | 001,515,172 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/06/09 17:12:22 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010/06/09 17:12:22 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/06/09 17:12:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/06/09 17:12:21 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010/06/09 17:12:21 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

 

========== LOP Check ==========

 

[2011/09/02 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\Autodesk

[2012/04/02 16:21:44 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\DassaultSystemes

[2012/04/02 16:22:11 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\EDrawings

[2012/04/25 09:41:37 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\EurekaLog

[2011/08/31 08:17:03 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\SigmaTEK

[2011/10/07 11:13:24 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\TeamViewer

[2011/08/31 08:22:07 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\Template

[2011/08/31 10:26:32 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\Tific

[2011/09/14 07:59:47 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\WinBatch

[2011/10/31 15:51:18 | 000,000,000 | ---D | M] -- C:\Users\Asafer\AppData\Roaming\Windows Live Writer

[2012/04/30 14:42:55 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2011/12/16 06:39:52 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 310 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

 

< End of report >

[DigRam 144]

Boa Tarde! leandro aislan

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

 

:Files

%systemroot%\prefetch\*.*

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

 

:Commands

[CLEARALLRESTOREPOINTS]

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

[leandro aislan 0]

Boa Tarde segue o mesmo.

 

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}

C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.

File Protocol\Handler\ms-itss - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.

File Protocol\Handler\mso-offdap11 - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== FILES ==========

C:\Windows\prefetch\ACRORD32.EXE-96B65281.pf moved successfully.

C:\Windows\prefetch\ADOBEARM.EXE-7105D3A2.pf moved successfully.

C:\Windows\prefetch\ADWCLEANER.EXE-51E60F00.pf moved successfully.

C:\Windows\prefetch\AgAppLaunch.db moved successfully.

C:\Windows\prefetch\AgCx_SC1.db moved successfully.

C:\Windows\prefetch\AgCx_SC1.db.trx moved successfully.

C:\Windows\prefetch\AGENT.EXE-A3BDD164.pf moved successfully.

C:\Windows\prefetch\AgGlFaultHistory.db moved successfully.

C:\Windows\prefetch\AgGlFgAppHistory.db moved successfully.

C:\Windows\prefetch\AgGlGlobalHistory.db moved successfully.

C:\Windows\prefetch\AgGlUAD_P_S-1-5-21-3731980268-2904590947-1619489453-1000.db moved successfully.

C:\Windows\prefetch\AgGlUAD_S-1-5-21-3731980268-2904590947-1619489453-1000.db moved successfully.

C:\Windows\prefetch\AgRobust.db moved successfully.

C:\Windows\prefetch\AITAGENT.EXE-DA3E7689.pf moved successfully.

C:\Windows\prefetch\AUDIODG.EXE-BDFD3029.pf moved successfully.

C:\Windows\prefetch\AVP.EXE-C852AB98.pf moved successfully.

C:\Windows\prefetch\BCSSYNC.EXE-3F6C64A2.pf moved successfully.

C:\Windows\prefetch\CHROME.EXE-82295E2E.pf moved successfully.

C:\Windows\prefetch\CMD.EXE-AC113AA8.pf moved successfully.

C:\Windows\prefetch\CONHOST.EXE-1F3E9D7E.pf moved successfully.

C:\Windows\prefetch\CSC.EXE-A3B8D95D.pf moved successfully.

C:\Windows\prefetch\CSC.EXE-BE9AC2DF.pf moved successfully.

C:\Windows\prefetch\CSCRIPT.EXE-0FB3F22C.pf moved successfully.

C:\Windows\prefetch\CSRSS.EXE-3FE41F7E.pf moved successfully.

C:\Windows\prefetch\CVTRES.EXE-069169FB.pf moved successfully.

C:\Windows\prefetch\CVTRES.EXE-2B9D810D.pf moved successfully.

C:\Windows\prefetch\DEFRAG.EXE-588F90AD.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-3644570E.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-4F28A26F.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-5E46FA0D.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-766398D2.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-76936ED5.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-E7777CC4.pf moved successfully.

C:\Windows\prefetch\DOCPROC.EXE-0D87F86F.pf moved successfully.

C:\Windows\prefetch\DPE_OCR.EXE-1FB3A089.pf moved successfully.

C:\Windows\prefetch\DWM.EXE-6FFD3DA8.pf moved successfully.

C:\Windows\prefetch\EXPLORER.EXE-254441E9.pf moved successfully.

C:\Windows\prefetch\EXPLORER.EXE-A80E4F97.pf moved successfully.

C:\Windows\prefetch\FIREFOX.EXE-18ACFCFF.pf moved successfully.

C:\Windows\prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf moved successfully.

C:\Windows\prefetch\GFXUI.EXE-C6B3880F.pf moved successfully.

C:\Windows\prefetch\GOOGLEEARTH-WIN-BUNDLE-6.2.2.-658243B2.pf moved successfully.

C:\Windows\prefetch\GOOGLEEARTH-WIN-BUNDLE-6.2.2.-D29467CF.pf moved successfully.

C:\Windows\prefetch\GOOGLEEARTH.EXE-25705632.pf moved successfully.

C:\Windows\prefetch\GOOGLEUPDATE.EXE-56535429.pf moved successfully.

C:\Windows\prefetch\GOOGLEUPDATE.EXE-B95715F5.pf moved successfully.

C:\Windows\prefetch\HIJACKTHIS.EXE-FAAB5743.pf moved successfully.

C:\Windows\prefetch\HPADVISOR.EXE-FDFAE59D.pf moved successfully.

C:\Windows\prefetch\HPADVISORDOCK.EXE-9932610B.pf moved successfully.

C:\Windows\prefetch\HPCEE.EXE-6A33E4FB.pf moved successfully.

C:\Windows\prefetch\HPISCNAPP.EXE-9D0874F6.pf moved successfully.

C:\Windows\prefetch\HPQBAM08.EXE-AB267C75.pf moved successfully.

C:\Windows\prefetch\HPQDSTCP.EXE-5014A85B.pf moved successfully.

C:\Windows\prefetch\HPQGPC01.EXE-E2898B9C.pf moved successfully.

C:\Windows\prefetch\HPQKYGRP.EXE-A08CF20E.pf moved successfully.

C:\Windows\prefetch\HPQTRA08.EXE-0584DF50.pf moved successfully.

C:\Windows\prefetch\HPQUSGL.EXE-F8190D14.pf moved successfully.

C:\Windows\prefetch\HPSYSDRV.EXE-C93AA317.pf moved successfully.

C:\Windows\prefetch\HPWUSCHD2.EXE-DE9C9D03.pf moved successfully.

C:\Windows\prefetch\IASTORICON.EXE-FF322740.pf moved successfully.

C:\Windows\prefetch\IEXPLORE.EXE-4B6C9213.pf moved successfully.

C:\Windows\prefetch\IGFXPERS.EXE-254DBA08.pf moved successfully.

C:\Windows\prefetch\IGFXSRVC.EXE-96A493A4.pf moved successfully.

C:\Windows\prefetch\ISUSPM.EXE-4EE1F2CE.pf moved successfully.

C:\Windows\prefetch\JAVAW.EXE-95D02C48.pf moved successfully.

C:\Windows\prefetch\JAVAWS.EXE-446541A7.pf moved successfully.

C:\Windows\prefetch\JUSCHED.EXE-60F1FB86.pf moved successfully.

C:\Windows\prefetch\KLWTBLFS.EXE-D9348C50.pf moved successfully.

C:\Windows\prefetch\LADS.EXE-046BC4A8.pf moved successfully.

C:\Windows\prefetch\Layout.ini moved successfully.

C:\Windows\prefetch\LIGHTSCRIBECONTROLPANEL.EXE-29D93E2E.pf moved successfully.

C:\Windows\prefetch\LOGONUI.EXE-09140401.pf moved successfully.

C:\Windows\prefetch\LPKSETUP.EXE-90F505D8.pf moved successfully.

C:\Windows\prefetch\MBR.EXE-836B8DE9.pf moved successfully.

C:\Windows\prefetch\MBRCHECK.EXE-2CA9EB2F.pf moved successfully.

C:\Windows\prefetch\MPCMDRUN.EXE-F401FBB4.pf moved successfully.

C:\Windows\prefetch\MSCORSVW.EXE-C3C515BD.pf moved successfully.

C:\Windows\prefetch\MSIEXEC.EXE-A2D55CB6.pf moved successfully.

C:\Windows\prefetch\MSIEXEC.EXE-E09A077A.pf moved successfully.

C:\Windows\prefetch\MSNMSGR.EXE-D22CE80C.pf moved successfully.

C:\Windows\prefetch\NOTEPAD.EXE-1605FA5B.pf moved successfully.

C:\Windows\prefetch\NOTEPAD.EXE-D8414F97.pf moved successfully.

C:\Windows\prefetch\NSLOOKUP.EXE-8DBC12C3.pf moved successfully.

C:\Windows\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.

C:\Windows\prefetch\PfSvPerfStats.bin moved successfully.

C:\Windows\prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf moved successfully.

C:\Windows\prefetch\PLUSSERVICE.EXE-A3F8FF04.pf moved successfully.

C:\Windows\prefetch\PV.EXE-34B75B82.pf moved successfully.

C:\Windows\prefetch\READER_SL.EXE-BA37A2AE.pf moved successfully.

C:\Windows\prefetch\REGEDIT.EXE-2023FAA8.pf moved successfully.

C:\Windows\prefetch\REGSVR32.EXE-8461DBEE.pf moved successfully.

C:\Windows\prefetch\REGSVR32.EXE-D5170E12.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-230FC512.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-27E99165.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-3F5F437D.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-411A328D.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-A3E35360.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-DE9673F9.pf moved successfully.

C:\Windows\prefetch\RUNONCE.EXE-0E293DD6.pf moved successfully.

C:\Windows\prefetch\SCHTASKS.EXE-AD598958.pf moved successfully.

C:\Windows\prefetch\SCRNSAVE.SCR-51176AA7.pf moved successfully.

C:\Windows\prefetch\SDIAGNHOST.EXE-8D72177C.pf moved successfully.

C:\Windows\prefetch\SEARCHFILTERHOST.EXE-77482212.pf moved successfully.

C:\Windows\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf moved successfully.

C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf moved successfully.

C:\Windows\prefetch\SIGCHECK.EXE-F42FC051.pf moved successfully.

C:\Windows\prefetch\SKYPE.EXE-E71BF59F.pf moved successfully.

C:\Windows\prefetch\SMARTMENU.EXE-67945271.pf moved successfully.

C:\Windows\prefetch\SMSS.EXE-E9C28FC6.pf moved successfully.

C:\Windows\prefetch\SPLWOW64.EXE-297C4568.pf moved successfully.

C:\Windows\prefetch\SPPSVC.EXE-B0F8131B.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-05F624AB.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-3AB35CA7.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-7AC6742A.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-7CFEDEA3.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-80F4A784.pf moved successfully.

C:\Windows\prefetch\TASKENG.EXE-48D4E289.pf moved successfully.

C:\Windows\prefetch\TASKHOST.EXE-7238F31D.pf moved successfully.

C:\Windows\prefetch\TEAMVIEWER.EXE-61A23C68.pf moved successfully.

C:\Windows\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf moved successfully.

C:\Windows\prefetch\TV_W32.EXE-C76072DC.pf moved successfully.

C:\Windows\prefetch\USERINIT.EXE-2257A3E7.pf moved successfully.

C:\Windows\prefetch\VSSVC.EXE-B8AFC319.pf moved successfully.

C:\Windows\prefetch\WERFAULT.EXE-37549B7E.pf moved successfully.

C:\Windows\prefetch\WERMGR.EXE-0F2AC88C.pf moved successfully.

C:\Windows\prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-F21874F1.pf moved successfully.

C:\Windows\prefetch\WINLOGON.EXE-B020DC41.pf moved successfully.

C:\Windows\prefetch\WLCOMM.EXE-324C9362.pf moved successfully.

C:\Windows\prefetch\WMI64.EXE-7B5D7A66.pf moved successfully.

C:\Windows\prefetch\WMIADAP.EXE-F8DFDFA2.pf moved successfully.

C:\Windows\prefetch\WMIPRVSE.EXE-1628051C.pf moved successfully.

C:\Windows\prefetch\WMIPRVSE.EXE-6768A320.pf moved successfully.

C:\Windows\prefetch\WMPNSCFG.EXE-FC0D39BF.pf moved successfully.

C:\Windows\prefetch\WUAUCLT.EXE-70318591.pf moved successfully.

C:\Windows\prefetch\WUDFHOST.EXE-AFFEF87C.pf moved successfully.

C:\Windows\prefetch\ZHPDIAG.EXE-0D117CAF.pf moved successfully.

C:\Windows\prefetch\ZHPDIAG2.EXE-DBF086D6.pf moved successfully.

C:\Windows\prefetch\ZHPDIAG2.TMP-221FA5E9.pf moved successfully.

C:\Windows\prefetch\ZHPDIAG2.TMP-55E3A648.pf moved successfully.

C:\Windows\prefetch\ZHPFIX.EXE-1A4C3389.pf moved successfully.

C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3731980268-2904590947-1619489453-1000Core.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3731980268-2904590947-1619489453-1000UA.job moved successfully.

C:\WINDOWS\tasks\HPCeeScheduleForAsafer.job moved successfully.

C:\WINDOWS\tasks\PCDRScheduledMaintenance.job moved successfully.

File\Folder C:\*.sqm not found.

File\Folder C:\WINDOWS\System32\*.tmp not found.

File\Folder C:\WINDOWS\*.tmp not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: All Users

 

User: Asafer

->Temp folder emptied: 173529335 bytes

->Temporary Internet Files folder emptied: 26639668 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49816103 bytes

->Google Chrome cache emptied: 167300980 bytes

->Flash cache emptied: 895 bytes

 

User: Asafer_2

->Temp folder emptied: 5375395 bytes

->Temporary Internet Files folder emptied: 185408881 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 64354138 bytes

->Flash cache emptied: 1856 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 169970457 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36035126 bytes

RecycleBin emptied: 4444254 bytes

 

Total Files Cleaned = 842,00 mb

 

Error: Unable to interpret <[Reboot> in the current context!

 

OTL by OldTimer - Version 3.2.43.0 log created on 05142012_154848

 

Files\Folders moved on Reboot...

File\Folder C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\SBX9PEMM\ADSAdClient31[1].htm not found!

File\Folder C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\2K52IH5R\ADSAdClient31[2].htm not found!

File\Folder C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\2K52IH5R\direct;auc.8543069350075168877;ai.129903245.226323224;wi.234;hi.60;cp.0[1].htm not found!

File\Folder C:\Users\Asafer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\2K52IH5R\tt[1].htm not found!

C:\Users\Asafer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NCZJ1153\like[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NCZJ1153\xd_arbiter[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\430NV2FD\index[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30P9QIE2\464783-analise-de-log[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30P9QIE2\ads[5].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30P9QIE2\forum-botao[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30P9QIE2\forum-super[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30P9QIE2\select[2].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\30P9QIE2\xd_arbiter[1].htm moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

 

Registry entries deleted on Reboot...

[DigRam 144]

Boa Tarde! leandro aislan

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

-/-/-/-

 

|- Baixe: < > (...par A.Rothstein & dj Quiou )

 

|- Clique em "Télécharger",para o download.

|- Salve-o no desktop!

|- Feche programas que estejam abertos,e execute a ferramenta.

|- Clique no botão Recherche,para iniciar o scan.

|- Ao concluir,teremos relacionados as ferramentas que serão removidas.

|- Clique,à seguir,no botão "Suppression" para remover os itens encontrados.

|- Clique em Quitter para sair! --> OK.

|- Caso queira,poste os relatórios: Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU)

|- Selecione e copie para o Bloco de Notas.

 

-/-/-/-

 

|- Seus logs estão limpos!

|- Não há malwares em seu PC. Tudo Ok?

 

Abraços!

[leandro aislan 0]

Estou scaneando neste exato momento.

Este computador não é o meu maior problema, meu notebook, toda vez que scaneio o anti virus ele acha mais de 60 virus, quando vou ver o nome dos arquivos, a maioria são pastas de arquivos de fotos, e outros programas....

Posso colocar o log dele aqui ou preciso criar um novo tópico??

No aguardo obrigado...

[DigRam 144]

Estou scaneando neste exato momento.

Este computador não é o meu maior problema, meu notebook, toda vez que scaneio o anti virus ele acha mais de 60 virus, quando vou ver o nome dos arquivos, a maioria são pastas de arquivos de fotos, e outros programas....

Posso colocar o log dele aqui ou preciso criar um novo tópico??

No aguardo obrigado...

Olá!

 

|- Estabeleça um novo Tópico! Sendo que darei oportunidade ao wings,para que faça a análise do seu Notebook.

 

Abraços!

[leandro aislan 0]

Muito Obrigado pela ajuda.

Parabenizo pela rapidez e atenção.

 

Tópico encerrado e obrigado

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.