[Resolvido] &nbspPC Infectado

[moicanofacul 0]

Ao instalar um jogo, o Avira detectou um trojan no crack. Depois disso, utilizei utilizei o Eset Online pra escanear o pc, onde foram encontrados 2 vírus (um deles estava na pasta System32 e chamava-se 'Algumacoisa Serial Crack.dll'). Deletei os arquivos da quarentena.

 

Como ainda estou inseguro quanto ao meu pc estar limpo, vim aqui pedir a ajuda de vocês.

 

Log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 07:02:45, on 25/05/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Pierre Cardoso\Downloads\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=Userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pierre Cardoso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F91A47DD-2831-4021-A2F9-94A55DAB31FD}: NameServer = 200.222.145.84 200.222.123.102

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11289 bytes

[DigRam 144]

Bom Dia! moicanofacul

 

|- Baixe: < >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Completo!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!

|- Ao concluir,clique em "Remover itens".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

 

Abraços!

[moicanofacul 0]

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.05.25.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Pierre Cardoso :: PIERRECARDOSO [administrador]

 

25/05/2012 16:16:39

mbam-log-2012-05-25 (16-16-39).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 380897

Tempo decorrido: 43 minuto(s), 8 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

[DigRam 144]

Boa Tarde! moicanofacul

 

|- Baixe: < > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < >

 

|- Salve-o no desktop! < >

 

|- Duplo clique em OTL.exe -> Executar:

 

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )

|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".

|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )

|- Poste,também,o relatório "Extras".

 

Abraços!

[moicanofacul 0]

OTL logfile created on: 25/05/2012 17:44:04 - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Pierre Cardoso\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,87 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 39,36% Memory free

7,73 Gb Paging File | 5,29 Gb Available in Paging File | 68,39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 471,17 Gb Total Space | 390,25 Gb Free Space | 82,83% Space Free | Partition Type: NTFS

Drive D: | 9,48 Gb Total Space | 1,44 Gb Free Space | 15,23% Space Free | Partition Type: NTFS

Drive P: | 450,76 Gb Total Space | 162,73 Gb Free Space | 36,10% Space Free | Partition Type: NTFS

 

Computer Name: PIERRECARDOSO | User Name: Pierre Cardoso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/05/25 17:43:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

PRC - [2012/05/02 05:46:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/12/01 16:57:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/12/01 16:57:42 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/12/01 16:57:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/07/18 08:11:44 | 000,208,264 | ---- | M] ( ) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/10/02 11:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/05/09 23:52:29 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll

MOD - [2012/05/09 23:52:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/09 23:51:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll

MOD - [2012/05/09 23:51:52 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll

MOD - [2012/05/09 23:51:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/09 23:51:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/09 23:51:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/09 23:51:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/09 23:51:27 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/05/05 03:08:40 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

MOD - [2012/05/02 05:46:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2010/11/12 21:33:11 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/08/30 10:17:26 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/09/08 20:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/05/05 03:08:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/02 05:46:44 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011/12/01 16:57:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/12/01 16:57:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/07/18 08:11:44 | 000,208,264 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/04/13 22:09:43 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 16:52:38 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/12/01 16:58:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011/12/01 16:58:02 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/08/30 10:17:24 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)

DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2011/07/12 18:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 07:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2009/10/02 08:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/29 22:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/09/17 09:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/09/08 21:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/08/20 21:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV - [2011/07/18 08:13:36 | 000,043,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006/10/23 11:42:30 | 000,031,899 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}

IE:64bit: - HKLM\..\SearchScopes\{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}

IE - HKLM\..\SearchScopes\{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{0CFC0FF2-7D28-4419-B506-086356381DDA}: "URL" = http://www.americanas.com.br/busca/{searchTerms}

IE - HKCU\..\SearchScopes\{0D763647-EF4D-4055-AA9E-5AA247285547}: "URL" = http://www.livrariasaraiva.com.br/pesquisaweb/pesquisaweb.dll/pesquisa?FILTRON1=X&PALAVRASN1={searchTerms}&ESTRUTN1=&MODELON1=C&ORDEMN1=E&QTTOP=100

IE - HKCU\..\SearchScopes\{0EACAB93-7E9C-41D7-ACE4-B696381E2C0E}: "URL" = http://br.wikipedia.org/w/index.php?title=Dibar:Klask&search={searchTerms}

IE - HKCU\..\SearchScopes\{5D3373DE-E345-414F-9E6C-5EA687463EA2}: "URL" = http://www.submarino.com.br/busca?q={searchTerms}

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={530891EA-3B39-4C54-8741-897DB8E8BD05}&mid=d4338c13a5a147d0ad35a9ae97e400ef-330e5ea7beb1a8f22c81d2be9e250e02521e5642〈=pt-br&ds=gm011&pr=sa&d=2012-04-25 22:52:08&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{9AFB250B-3A9F-4BE3-BA52-E5235AC5E952}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}

IE - HKCU\..\SearchScopes\{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{E354496C-DDB9-47A7-A193-3ED9DEE8EA88}: "URL" = http://www.bondfaro.com.br/cprocura?produto={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B216c50da-0608-4bde-9d80-b28cd16b9594%7D&mid=d4338c13a5a147d0ad35a9ae97e400ef-330e5ea7beb1a8f22c81d2be9e250e02521e5642&ds=gm011&v=11.0.0.9〈=pt-br&pr=sa&d=2012-04-25%2022%3A52%3A08&sap=ku&q="

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pierre Cardoso\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/15 21:52:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/02 05:46:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/28 14:16:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/15 21:52:28 | 000,000,000 | ---D | M]

 

[2010/07/06 23:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Extensions

[2012/05/17 05:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions

[2012/05/08 21:31:54 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2012/05/17 05:35:27 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

[2010/11/16 23:12:19 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\pt-BR@dictionaries.addons.mozilla.org

[2012/02/25 17:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/07/17 12:26:56 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\PIERRE CARDOSO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HAWBR6LM.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

[2012/03/01 06:01:36 | 000,126,158 | ---- | M] () (No name found) -- C:\USERS\PIERRE CARDOSO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HAWBR6LM.DEFAULT\EXTENSIONS\DESPROTETORDELINKS@CLAUDIO-SILVA.COM.XPI

[2012/05/02 05:46:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/14 21:57:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/04/25 22:52:03 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml

[2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml

[2011/11/08 20:45:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml

[2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2011/06/27 12:13:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [Facebook Update] C:\Users\Pierre Cardoso\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F91A47DD-2831-4021-A2F9-94A55DAB31FD}: NameServer = 200.222.145.84 200.222.123.102

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/25 17:43:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

[2012/05/25 00:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/05/25 00:14:24 | 000,000,000 | R--D | C] -- C:\Users\Pierre Cardoso\Videos

[2012/05/25 00:14:24 | 000,000,000 | R--D | C] -- C:\Users\Pierre Cardoso\Pictures

[2012/05/25 00:14:24 | 000,000,000 | R--D | C] -- C:\Users\Pierre Cardoso\Music

[2012/05/24 20:25:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{43ECBBDB-6AD6-413C-9866-3146E194968C}

[2012/05/24 19:59:24 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\Desktop\PES

[2012/05/24 08:25:17 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B05A415F-BC28-4491-A7DE-D163D47590AE}

[2012/05/24 08:25:06 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{03C34F10-2335-44A2-8AD0-41F8657E25DE}

[2012/05/23 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{6EA2E67C-250E-435B-A997-AA49B0B77082}

[2012/05/23 08:24:14 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{12C70282-79A9-4825-BDE5-AADF38C16C26}

[2012/05/22 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{E64096FF-162F-4664-83DC-A6E50DE48B59}

[2012/05/22 08:23:27 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B45DB9D5-4A0E-4A80-AD7C-DFF808DB15A9}

[2012/05/21 20:23:03 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{BE1F7801-7523-4A5E-AD63-AF0C7CD213EE}

[2012/05/21 08:22:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{4AB8541D-72CE-4DE4-8EF4-14C19F866266}

[2012/05/20 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{7AED9AE5-7EBA-442E-8211-806B8D5ABB8A}

[2012/05/20 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{60817F1E-EB63-440C-854E-D1F9B3DEA1A2}

[2012/05/19 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{886FDCEF-1007-4F2D-AECB-67664904437A}

[2012/05/19 08:19:03 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{A2EB3F4F-6977-40AA-A6D3-0784C6C65AC5}

[2012/05/18 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{8AFFDC37-2690-4BB0-9FD7-CB92003EBF71}

[2012/05/18 08:18:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{162C3CDC-E1BE-46FF-9797-8649FE910E41}

[2012/05/17 20:16:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{7404C811-4406-4D76-9A4F-DCD1183C5AC8}

[2012/05/17 08:15:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{A087CC15-0B43-4BD1-BDF2-377422017CC5}

[2012/05/17 08:14:48 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{EBAEAC86-04DC-42B0-AB4A-547516C8B8BC}

[2012/05/16 20:14:23 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C5231FE7-9E8F-48BA-9B90-7DC98A15FC4D}

[2012/05/16 08:13:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{E0571846-0744-430B-B7CF-CE06005DBCD0}

[2012/05/15 20:13:35 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{77057993-A672-4766-8F7C-C05A8F864FBB}

[2012/05/15 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{54680506-5DBF-4977-915D-C9D3528089F7}

[2012/05/14 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{A280FF2B-32DC-445E-8FFB-648A6360D9B2}

[2012/05/13 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DD28C1DD-5C56-4816-9E61-A9D3CF246F2F}

[2012/05/12 08:14:53 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{39FC8DAD-669D-4502-A7C9-AE87511E9F7D}

[2012/05/12 08:12:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B1DEAE12-441D-4861-BA47-81768004D967}

[2012/05/11 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{085140FC-FA32-49B6-848D-B27830ECD5DC}

[2012/05/11 07:15:57 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{643FA17F-E4AC-4352-AE61-42222D39BE45}

[2012/05/10 19:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/05/10 19:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/05/10 19:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/05/10 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{5D96410C-DA5C-4DA0-BF94-312D784C097B}

[2012/05/10 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D8F6ADA3-FC9E-4B42-9C6B-3E0F1672CFFE}

[2012/05/09 23:32:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/05/09 19:58:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C3BD66B9-33D4-4459-83CB-8510E6927920}

[2012/05/09 07:57:34 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D9262D0F-3BAC-42CB-ABA1-24E2AFC93CF7}

[2012/05/08 19:57:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D6B19831-A99B-4C45-B7DA-33B5640C23A9}

[2012/05/08 07:56:43 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{74B2D6BB-89B0-48FA-90E5-FC4C2039D4BF}

[2012/05/08 07:56:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D848B9B2-DAE2-4F9E-B7D3-51DA78C85DE8}

[2012/05/07 19:56:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{FF52AE5A-C6F9-4A33-AFE5-6A573D753DBA}

[2012/05/07 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{38B43596-FD58-49AE-B2CD-1E3DD0FEC458}

[2012/05/07 06:13:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{9F12701A-E7B4-470C-A288-0F5F3EDF4961}

[2012/05/06 18:12:43 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DC74FA8C-5AD6-46CD-9B35-C370EFB3B6A2}

[2012/05/06 06:11:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{70C58FF3-90E2-4BDA-92ED-F78BE4D54EF5}

[2012/05/05 18:11:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C8E75C8A-EEB5-4FD5-B0E0-E9D6B427A18C}

[2012/05/05 06:10:30 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DC0748D6-B623-4508-956A-0FC987E6FB7D}

[2012/05/04 18:10:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{0C409F2F-A8A7-41D3-B1B0-36F3198B2711}

[2012/05/04 06:09:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{0936DEA9-FD47-4C3D-844A-70C3E86A0F3C}

[2012/05/03 18:44:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system32

[2012/05/03 18:09:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{1840F289-78FA-4E1E-9FB5-A7A4738259BC}

[2012/05/03 06:08:46 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{50677B40-B6CD-49ED-BED9-F73B533E6C64}

[2012/05/02 18:08:23 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{442027DE-9E4E-4774-9DA9-8851AF01FCF4}

[2012/05/02 06:07:13 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{ED9562C2-1174-4EE2-ABA8-1BE7BDBFF6CD}

[2012/05/02 05:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/02 05:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/05/01 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{9E6A3909-4A4E-4299-BAC6-D4DD756AC763}

[2012/05/01 18:06:37 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{ACBB87AC-1FE2-4B0D-92DA-E68FC0841414}

[2012/05/01 06:06:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D208E02E-23ED-4A92-BD79-F29A1CCE48CE}

[2012/05/01 06:05:59 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D09F1316-C542-46C2-B3C1-85780892F740}

[2012/04/30 18:05:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{CA1E1DF8-DE26-4D9F-9AF5-97ECE6DDB31A}

[2012/04/30 18:05:21 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{ACC774CA-5B87-45B8-B60B-7A2E34256655}

[2012/04/29 07:43:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{520C4FEF-5D23-4CF4-BFEC-2178B65D69E9}

[2012/04/29 00:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode

[2012/04/28 19:43:13 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{58D6A6CD-7841-47DD-8230-FCAAE306D29B}

[2012/04/28 07:42:49 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{89E0C090-F0FF-461F-B5F9-82A0B1BCCE9B}

[2012/04/27 19:42:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B00A9FB5-09AD-437C-A7A2-4A2B35BDD5BF}

[2012/04/27 07:41:34 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{479D2151-A1A1-4B62-8E76-C519A7CF47CA}

[2012/04/26 19:39:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{398DA48E-A900-4F1E-A963-EA7084E683A2}

[2012/04/26 07:38:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{47F5CE42-6365-4450-A6A5-F23344E88B2B}

[2012/04/25 22:57:33 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/04/25 22:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/04/25 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Formats

[2012/04/25 19:37:54 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{A81FFB0E-2DA3-4D4E-A12D-D4A6883DCBA6}

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/25 17:43:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

[2012/05/25 17:08:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/25 15:52:01 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000UA.job

[2012/05/25 00:21:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/25 00:21:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/25 00:18:05 | 001,541,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/25 00:18:05 | 000,672,262 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/05/25 00:18:05 | 000,624,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/25 00:18:05 | 000,131,632 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/05/25 00:18:05 | 000,109,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/25 00:13:32 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2012/05/25 00:13:20 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/24 18:52:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000Core.job

[2012/05/24 06:22:04 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPierre Cardoso.job

[2012/05/09 23:45:50 | 000,355,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/04/30 10:45:43 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2012/04/27 20:54:10 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv

[2012/04/26 09:01:03 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPIERRECARDOSO$.job

[2012/04/25 22:57:32 | 000,000,022 | ---- | M] () -- C:\Program Files (x86)\zipnew.dat

[2012/04/25 22:57:32 | 000,000,020 | ---- | M] () -- C:\Program Files (x86)\rarnew.dat

 

========== Files Created - No Company Name ==========

 

[2012/05/15 23:07:56 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPierre Cardoso.job

[2012/04/30 20:53:07 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/25 22:57:32 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat

[2012/04/25 22:57:32 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat

[2012/04/25 22:57:10 | 001,914,638 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm

[2012/04/25 22:57:10 | 001,150,464 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe

[2012/04/25 22:57:10 | 000,403,968 | ---- | C] () -- C:\Program Files (x86)\Rar.exe

[2012/04/25 22:57:10 | 000,266,240 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe

[2012/04/25 22:57:10 | 000,193,536 | ---- | C] () -- C:\Program Files (x86)\RarExt64.dll

[2012/04/25 22:57:10 | 000,166,912 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll

[2012/04/25 22:57:10 | 000,123,904 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe

[2012/04/25 22:57:10 | 000,101,610 | ---- | C] () -- C:\Program Files (x86)\Default.SFX

[2012/04/25 22:57:10 | 000,081,130 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX

[2012/04/25 22:57:10 | 000,076,032 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX

[2012/04/25 22:57:10 | 000,052,993 | ---- | C] () -- C:\Program Files (x86)\winrar.lng

[2012/04/25 22:57:10 | 000,018,797 | ---- | C] () -- C:\Program Files (x86)\rar.lng

[2012/04/25 22:57:10 | 000,004,007 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng

[2012/04/25 22:57:10 | 000,001,671 | ---- | C] () -- C:\Program Files (x86)\rarext.lng

[2012/04/25 22:57:10 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst

[2012/04/25 22:57:10 | 000,000,607 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst

[2012/04/25 22:57:09 | 000,003,975 | ---- | C] () -- C:\Program Files (x86)\Order.htm

[2012/04/25 22:57:09 | 000,001,016 | ---- | C] () -- C:\Program Files (x86)\Descript.ion

[2012/04/25 22:57:09 | 000,000,494 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz

[2012/04/23 17:40:02 | 000,039,629 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2011/09/01 17:22:04 | 000,000,501 | ---- | C] () -- C:\Windows\SysWow64\MMoney20.drv

[2011/09/01 17:22:04 | 000,000,501 | ---- | C] () -- C:\Windows\SysWow64\drcmmsys20.drv

[2011/05/15 19:47:41 | 000,001,854 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Roaming\GhostObjGAFix.xml

[2011/04/14 14:30:33 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll

[2011/01/26 12:31:54 | 001,534,752 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/09/12 14:19:32 | 004,477,480 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00310.JPG

[2010/09/12 14:16:02 | 000,175,810 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.JPG

[2010/09/12 14:16:02 | 000,144,847 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.0

[2010/07/09 13:49:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe

[2010/07/09 13:49:26 | 000,001,125 | ---- | C] () -- C:\Windows\winamp.ini

[2010/07/09 12:27:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010/07/09 11:59:07 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv

[2010/07/09 11:59:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2010/07/08 22:40:32 | 000,073,757 | ---- | C] () -- C:\Windows\SysWow64\dancemat.exe

 

========== LOP Check ==========

 

[2012/02/06 18:26:14 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Ajpa

[2012/05/25 00:16:49 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\DAEMON Tools Lite

[2012/02/06 22:30:33 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Evil

[2012/02/26 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Nokia

[2012/03/15 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Origin

[2011/01/26 10:41:24 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\PC Suite

[2010/07/09 12:00:40 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\pdf995

[2011/02/10 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Sports Interactive

[2010/09/08 20:29:39 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\VDownloader

[2010/07/03 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\WinBatch

[2010/10/20 20:51:16 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Windows Live Writer

[2011/04/15 21:09:04 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\XMedia Recode

[2012/05/24 18:52:00 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000Core.job

[2012/05/25 15:52:01 | 000,000,964 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000UA.job

[2012/04/30 10:45:43 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2009/07/14 02:08:49 | 000,019,288 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(19).TXT

[2011/08/30 10:18:45 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Rox Poker:MID

@Alternate Data Stream - 204 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

 

< End of report >

 

Esse foi o único relatório gerado.

 

Desculpe! Encontrei o relatório Extras:

 

OTL Extras logfile created on: 25/05/2012 17:44:04 - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Pierre Cardoso\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,87 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 39,36% Memory free

7,73 Gb Paging File | 5,29 Gb Available in Paging File | 68,39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 471,17 Gb Total Space | 390,25 Gb Free Space | 82,83% Space Free | Partition Type: NTFS

Drive D: | 9,48 Gb Total Space | 1,44 Gb Free Space | 15,23% Space Free | Partition Type: NTFS

Drive P: | 450,76 Gb Total Space | 162,73 Gb Free Space | 36,10% Space Free | Partition Type: NTFS

 

Computer Name: PIERRECARDOSO | User Name: Pierre Cardoso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{258D68FA-F279-4C9C-A101-0A237040642F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{41E8FACF-17D1-456E-B281-316F616DA0AE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{4F12DE93-10A8-4515-8618-59A3D0B90BFD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6689CB41-3CDD-4166-8B0D-28AC4882C942}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07EF475D-AEB9-4BC2-BB27-9EE18C9104E4}" = protocol=17 | dir=in | app=c:\program files (x86)\rox poker\pokerclient.exe |

"{0BC45608-0347-4D2A-A672-64EFB48943F1}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |

"{0DD04D8B-0B5D-4EE1-A7EE-CD37EDA40AF3}" = protocol=17 | dir=in | app=c:\program files (x86)\full tilt poker\fulltiltpoker.exe |

"{1934CC94-990B-421A-BF77-A48428190F56}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{1C13D696-15B3-47F3-932C-9E3B749FC524}" = protocol=6 | dir=in | app=c:\program files (x86)\central de jogos\central.exe |

"{2AA68B86-BEB5-4CA7-8372-AF7A06804E7B}" = protocol=6 | dir=in | app=c:\program files (x86)\full tilt poker\fulltiltpoker.exe |

"{2CA00626-AA68-40B7-B6D2-441DAC7D624A}" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |

"{3F029268-29FF-4260-8CB7-18626A86D9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\full tilt poker\ftp_ccr.exe |

"{44DFADFC-8F08-42C6-8854-9337E1DDE429}" = protocol=6 | dir=in | app=c:\program files (x86)\rox poker\pokerclient.exe |

"{4B4DBD33-1A2D-4830-9249-CC5F9442F472}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{51E2D151-31D1-4BB8-8D28-A4DC4E5C0F9D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{5988183A-C83F-423E-BDD3-468A4815D208}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"{5AA90511-A617-4C79-BEFE-10237E0D705B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{5CC1F799-5B1E-41F6-9D5B-BFA46BFCD838}" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |

"{5FD8DB63-54D3-4AC8-A715-666F4A46CC73}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{815BD90D-F69E-4606-AD91-75B262C5997C}" = protocol=17 | dir=in | app=c:\program files (x86)\full tilt poker\ftp_ccr.exe |

"{8207561F-134D-498A-88C5-17076A00C9F0}" = protocol=17 | dir=in | app=c:\program files (x86)\rox poker\updater.exe |

"{82B79882-0B3E-42DD-A3FB-8B5E4E406DED}" = protocol=6 | dir=in | app=c:\program files (x86)\rox poker\pokerclient.exe |

"{85ABC916-4F94-4343-B706-D4C9596B1B7E}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |

"{8618CF45-478B-4F86-8E93-2206490E3DC8}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |

"{89E4F693-E8EF-4DA8-8E82-21CD3F83D2B0}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |

"{8E94DE1C-32BD-4377-83EF-E4C35A9D725F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{92FA78EA-769A-4E9B-A9F8-4BECC4004056}" = protocol=17 | dir=in | app=c:\program files (x86)\rox poker\roxpokerpoker.exe |

"{9871F5EE-3B2B-41CB-8037-9CD44ED94C1B}" = protocol=58 | dir=in | app=system |

"{9BAE9A6E-8D14-4967-9176-B8F87E16DF5A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{9DB499FB-8036-4ED4-A272-EF710C7042C7}" = protocol=6 | dir=in | app=c:\program files (x86)\full tilt poker\updater.exe |

"{9FDDD0DF-C9DC-4217-9E0F-58987B7EF008}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{A1CE858E-5339-4F60-95BE-33494AB4029C}" = protocol=17 | dir=in | app=c:\program files (x86)\spywareblaster\spywareblaster.exe |

"{AACE1A92-0655-4264-9F8B-910DA04DE26E}" = protocol=6 | dir=in | app=c:\program files (x86)\rox poker\updater.exe |

"{AB0E73DB-8CCC-4F12-83BB-643E05D41624}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{B091AC49-75E5-42BB-8896-81E488DFA000}" = protocol=17 | dir=in | app=c:\program files (x86)\full tilt poker\updater.exe |

"{B542CF71-B441-4E49-B50A-240EBD8BB755}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{B853B515-A811-45AB-AD05-EF156FBB67EA}" = protocol=17 | dir=in | app=c:\program files (x86)\rox poker\pokerclient.exe |

"{B962AAC0-ADF6-477C-A8E2-8CAF8209346B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C61130AD-2641-42AD-884D-C2F485974332}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |

"{CFACAB39-8C9A-4795-8A4E-76F4F8D3AE0F}" = dir=in | app=c:\users\pierre cardoso\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{D1722E7A-2968-451B-9872-28DE018FAD62}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |

"{DAEE1920-383C-48FB-A2E0-B2675F0AD526}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{DEA08F2B-60BC-4D3A-A657-43FF8C580262}" = protocol=6 | dir=in | app=c:\program files (x86)\spywareblaster\spywareblaster.exe |

"{DEF241D7-C11A-4DCB-B815-CD99BF862DD3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{EB0851DA-9F07-47F8-8409-6A2B4D4E1D8B}" = protocol=17 | dir=in | app=c:\program files (x86)\central de jogos\central.exe |

"{ED5F68D5-78B8-490F-9854-83C42CF0F691}" = protocol=6 | dir=in | app=c:\program files (x86)\rox poker\roxpokerpoker.exe |

"{F005D49D-F195-4E89-9359-064A857F5942}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"{F150AAC7-D664-48C2-985A-CE9518AF521F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{F4572E32-6EAA-41B7-A040-54ED668754B2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"TCP Query User{1EA9332A-206C-4F7E-9133-79B72FD6702C}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |

"TCP Query User{92FE8F26-7D28-4843-A346-51BEE2212FA6}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |

"TCP Query User{A0C2162E-4F75-4793-B73C-0FC8178D1328}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{0F2F31C9-FBE6-4DEC-AFBE-0A46C17ECAB0}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |

"UDP Query User{2677D2F7-7A95-43E2-9945-CF42A28AF5AC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{B5FA24D6-B2AB-4A60-8958-777E31FA2B3D}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{46CCB0D4-A98F-4009-B5A5-DE38A667D068}" = Windows Live Family Safety

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{5A569CBA-9BE4-EAB0-9B43-468CEA2323B7}" = ATI Catalyst Install Manager

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{65E1E6AE-1DA5-51F3-80B2-8E1F4798EE90}" = ccc-utility64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C957F82-7EE0-423D-A386-587C9A4A83FB}" = Software básico do dispositivo HP Deskjet 2050 J510 series

"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B4861B32-A6CD-4E01-BB79-3F19ED307B59}" = Estudo de melhoria do produto HP Deskjet 2050 J510 series

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"72A50F48CC5601190B9C4E74D81161693133E7F7" = Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"E0AC723A3DE3A04256288CADBBB011B112AED454" = Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"PC-Doctor for Windows" = Ferramentas de Diagnóstico de Hardware

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0A0EA5EE-B154-B71F-8F19-38D8A7880A2D}" = CCC Help Finnish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1305721F-9D11-28D6-4905-87C6E1C59483}" = CCC Help Spanish

"{13D751B7-252D-B3CC-4BA4-E9BEB44E3E52}" = CCC Help Danish

"{16B9D94B-6BD5-6AD2-7524-4742D2B0FD2E}" = Catalyst Control Center InstallProxy

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = TWIN PS TO PC CONVERTER

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21A6E85C-0310-4623-BE61-35DFE2F9AA88}" = USB Dual Vibration Joystick - Twin

"{23F766D0-ED47-1CDB-43ED-4D796523EE04}" = Catalyst Control Center Graphics Previews Vista

"{250C5899-57E3-9FCE-EC65-7D97EB26E801}" = CCC Help Thai

"{251823D1-E0F5-CF28-9228-23BB9BFA331A}" = CCC Help Japanese

"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2C68C9C3-EBE9-6E0D-A1F8-2BAAA38BAB31}" = CCC Help German

"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{363B792C-587F-FC44-52ED-CC96C40189DD}" = Catalyst Control Center Graphics Full New

"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion

"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3F461172-D41D-D4DC-C5FF-DD55047BFB62}" = Catalyst Control Center Localization All

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{43C93F31-8A0A-D660-1EA8-A50AFC3AF08E}" = CCC Help Portuguese

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player

"{5585CB69-5BD3-7BCB-C8E9-8801153AEA7E}" = Catalyst Control Center Graphics Previews Common

"{57A67EC6-0652-4C0A-B8D4-20CD437AD033}" = Catalyst Control Center - Branding

"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable

"{5C7C6A1A-472A-6A71-B76B-6362E7D754C1}" = CCC Help Greek

"{60A01572-96E0-0992-7D46-A14DE39DF744}" = CCC Help Hungarian

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66A7B066-7B5A-D0C8-CD4A-3956F28D0F19}" = Catalyst Control Center Core Implementation

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72C13C57-30D0-A4F2-0152-93497B41B4D1}" = CCC Help Italian

"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25

"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Ajuda

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine

"{82507042-E161-7BC4-C0F8-2CC89FA78B08}" = CCC Help English

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{882CB5E3-A35E-64EA-502B-B5ACBCDB0E10}" = CCC Help Chinese Standard

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{88B9E14A-8D6F-1C30-4058-3874FDC8EB2C}" = HydraVision

"{89BF497F-006C-8EDF-D631-DD571B5F34AD}" = CCC Help French

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{900CD40F-16D4-0823-9CC5-13C400292E70}" = ccc-core-static

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0416-1000-0000000FF1CE}_HOMESTUDENTR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_HOMESTUDENTR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_HOMESTUDENTR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00B2-0416-0000-0000000FF1CE}" = Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92CB7642-7B94-0386-712C-B56625BEE89F}" = CCC Help Chinese Traditional

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9A169679-3201-2C0C-9F31-D9ED7C2CF73A}" = Catalyst Control Center Graphics Light

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A3F79A0-6348-1AEC-C74E-D0839CF67E66}" = CCC Help Dutch

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{9F6667C6-1653-9F63-C529-A46BDFB752C1}" = CCC Help Norwegian

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A447DD0F-CF77-8088-4A7E-E6EBA1AF288B}" = CCC Help Turkish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Português

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B34C21F4-19EF-226B-DFC6-CDE873D4765D}" = CCC Help Polish

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CA68D835-CFBB-4140-310C-24E531EED00B}" = Catalyst Control Center HydraVision Full

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D5D1C55B-CF2E-6DF9-B7D1-7D459605E095}" = CCC Help Czech

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater

"{EE5B6291-45EF-4705-A20E-89A3C5D2F87E}" = Microsoft Works

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F580CD50-FEE4-BD23-6E92-06E097A62179}" = Catalyst Control Center Graphics Full Existing

"{F739E726-0A18-D419-C1CF-9DD9164CB63C}" = CCC Help Korean

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{F8D69CD2-512F-2BA9-EE88-B24B3380851B}" = CCC Help Russian

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FEDF630C-92DC-3EC1-04A7-2F32B34DB801}" = CCC Help Swedish

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Avira AntiVir Desktop" = Avira Free Antivirus

"BitLord" = BitLord 1.1

"Central de Jogos" = Central de Jogos

"ClocX" = ClocX (1.5b2)

"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero

"DAEMON Tools Lite" = DAEMON Tools Lite

"Diablo II" = Diablo II

"ESET Online Scanner" = ESET Online Scanner v3

"GOM Player" = GOM Player

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photo Creations" = HP Photo Creations

"HP Remote Solution" = HP Remote Solution

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.61.0.1400

"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6

"Mozilla Firefox 12.0 (x86 pt-BR)" = Mozilla Firefox 12.0 (x86 pt-BR)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Suite" = Nokia PC Suite

"PartyPoker" = PartyPoker

"Pdf995" = Pdf995

"PokerStars" = PokerStars

"RealAlt_is1" = Real Alternative 2.0.2

"Rox Poker" = Rox Poker

"SpywareBlaster_is1" = SpywareBlaster 4.6

"Winamp" = Winamp (remove only)

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.11 (32-bit)

"XMedia Recode" = XMedia Recode 3.0.9.4

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

[DigRam 144]

Boa Noite! moicanofacul

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

 

|- Dê início ao scan,clicando em "Recherche" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt

 

-/-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pierre Cardoso\Desktop\PartyPoker.lnk File not found

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

 

:Files

%systemroot%\prefetch\*.*

C:\WINDOWS\tasks\*.job

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

 

:Commands

[CLEARALLRESTOREPOINTS]

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

[moicanofacul 0]

Vou fazer. Porém preciso informar que surgiram vários atalhos e arquivos estranhos na minha pasta de arquivos:

 

http://img833.imageshack.us/img833/3032/errou.jpg

 

# AdwCleaner v1.607 - Logfile created 05/25/2012 at 18:30:42

# Updated 23/05/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Pierre Cardoso - PIERRECARDOSO

# Running from : C:\Users\Pierre Cardoso\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Program Files (x86)\Uninstall.exe

 

***** [Registry] *****

 

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Software

[x64] Key Found : HKCU\Software\Softonic

 

***** [Registre - GUID] *****

 

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v12.0 (pt-BR)

 

Profile name : default

File : C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [1080 octets] - [25/05/2012 18:30:42]

 

########## EOF - C:\AdwCleaner[R1].txt - [1208 octets] ##########

 

All processes killed

========== OTL ==========

Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.

File Protocol\Handler\ms-itss - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

ADS C:\ProgramData\Temp:5C321E34 deleted successfully.

========== FILES ==========

C:\Windows\prefetch\ACRORD32.EXE-97743AA9.pf moved successfully.

C:\Windows\prefetch\ADWCLEANER.EXE-6F943427.pf moved successfully.

C:\Windows\prefetch\AgAppLaunch.db moved successfully.

C:\Windows\prefetch\AGCP.EXE-CF249B5E.pf moved successfully.

C:\Windows\prefetch\AgCx_S1_S-1-5-21-3781067526-2966764731-2999422385-1000.snp.db moved successfully.

C:\Windows\prefetch\AgCx_SC1.db moved successfully.

C:\Windows\prefetch\AgCx_SC1.db.trx moved successfully.

C:\Windows\prefetch\AgCx_SC4.db moved successfully.

C:\Windows\prefetch\AgGlFaultHistory.db moved successfully.

C:\Windows\prefetch\AgGlFgAppHistory.db moved successfully.

C:\Windows\prefetch\AgGlGlobalHistory.db moved successfully.

C:\Windows\prefetch\AgGlUAD_P_S-1-5-21-3781067526-2966764731-2999422385-1000.db moved successfully.

C:\Windows\prefetch\AgGlUAD_S-1-5-21-3781067526-2966764731-2999422385-1000.db moved successfully.

C:\Windows\prefetch\AgRobust.db moved successfully.

C:\Windows\prefetch\AITAGENT.EXE-DA3E7689.pf moved successfully.

C:\Windows\prefetch\AUDIODG.EXE-BDFD3029.pf moved successfully.

C:\Windows\prefetch\AUTORUN.EXE-29C0BC07.pf moved successfully.

C:\Windows\prefetch\AVADMIN.EXE-5E525FF7.pf moved successfully.

C:\Windows\prefetch\AVCENTER.EXE-FD66D2A7.pf moved successfully.

C:\Windows\prefetch\AVCONFIG.EXE-1AA497F0.pf moved successfully.

C:\Windows\prefetch\AVNOTIFY.EXE-377AF47F.pf moved successfully.

C:\Windows\prefetch\AVSCAN.EXE-EDA6668B.pf moved successfully.

C:\Windows\prefetch\AVWSC.EXE-9DE67EBB.pf moved successfully.

C:\Windows\prefetch\CALC.EXE-77FDF17F.pf moved successfully.

C:\Windows\prefetch\CCC.EXE-B637C9BF.pf moved successfully.

C:\Windows\prefetch\CCLEANER.EXE-72C9B7B3.pf moved successfully.

C:\Windows\prefetch\CCLEANER64.EXE-7BB3E865.pf moved successfully.

C:\Windows\prefetch\CCSETUP319.EXE-5E7593EA.pf moved successfully.

C:\Windows\prefetch\CLI.EXE-BB402402.pf moved successfully.

C:\Windows\prefetch\CLOCX.EXE-8EDE2490.pf moved successfully.

C:\Windows\prefetch\CONHOST.EXE-1F3E9D7E.pf moved successfully.

C:\Windows\prefetch\CONSENT.EXE-531BD9EA.pf moved successfully.

C:\Windows\prefetch\CONTROL.EXE-817F8F1D.pf moved successfully.

C:\Windows\prefetch\CORREÇÃO 1.0.EXE-2F5DF00F.pf moved successfully.

C:\Windows\prefetch\CRASHREPORTER.EXE-E090245C.pf moved successfully.

C:\Windows\prefetch\CSC.EXE-A3B8D95D.pf moved successfully.

C:\Windows\prefetch\CVTRES.EXE-069169FB.pf moved successfully.

C:\Windows\prefetch\DEFRAG.EXE-588F90AD.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-072DB435.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-4F28A26F.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-5E46FA0D.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-6A473D35.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-766398D2.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-76936ED5.pf moved successfully.

C:\Windows\prefetch\DLLHOST.EXE-E7777CC4.pf moved successfully.

C:\Windows\prefetch\DTLITE.EXE-368347E6.pf moved successfully.

C:\Windows\prefetch\ESETSMARTINSTALLER_ENU.EXE-B2D5426F.pf moved successfully.

C:\Windows\prefetch\EXCEL.EXE-16800A1F.pf moved successfully.

C:\Windows\prefetch\EXPLORER.EXE-A80E4F97.pf moved successfully.

C:\Windows\prefetch\FACEBOOKUPDATE.EXE-E36D6F4B.pf moved successfully.

C:\Windows\prefetch\FIREFOX.EXE-18ACFCFF.pf moved successfully.

C:\Windows\prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf moved successfully.

C:\Windows\prefetch\FLASHUTIL32_11_2_202_235_ACTI-65380E54.pf moved successfully.

C:\Windows\prefetch\GUARDGUI.EXE-BDAEFB77.pf moved successfully.

C:\Windows\prefetch\HEARTS.EXE-EDB3F29F.pf moved successfully.

C:\Windows\prefetch\HH.EXE-0A439DDA.pf moved successfully.

C:\Windows\prefetch\HIJACKTHIS.EXE-5F4197D8.pf moved successfully.

C:\Windows\prefetch\HPCUSTPARTIC.EXE-DEB77C19.pf moved successfully.

C:\Windows\prefetch\HPSA_SERVICE.EXE-AD6579F0.pf moved successfully.

C:\Windows\prefetch\IEXPLORE.EXE-4B6C9213.pf moved successfully.

C:\Windows\prefetch\JAVA.EXE-873AF69D.pf moved successfully.

C:\Windows\prefetch\JAVAW.EXE-95D02C48.pf moved successfully.

C:\Windows\prefetch\JAVAWS.EXE-446541A7.pf moved successfully.

C:\Windows\prefetch\Layout.ini moved successfully.

C:\Windows\prefetch\LOGONUI.EXE-09140401.pf moved successfully.

C:\Windows\prefetch\LPREMOVE.EXE-284EF282.pf moved successfully.

C:\Windows\prefetch\MBAM.EXE-80210E2F.pf moved successfully.

C:\Windows\prefetch\MOM.EXE-42E9F9DF.pf moved successfully.

C:\Windows\prefetch\MPAS-D_BD_1.127.390.0.EXE-36B6F763.pf moved successfully.

C:\Windows\prefetch\MPCMDRUN.EXE-F401FBB4.pf moved successfully.

C:\Windows\prefetch\MPMINISIGSTUB.EXE-8EE7A36A.pf moved successfully.

C:\Windows\prefetch\MPSIGSTUB.EXE-6CB27A06.pf moved successfully.

C:\Windows\prefetch\MSCORSVW.EXE-57D17DAF.pf moved successfully.

C:\Windows\prefetch\MSCORSVW.EXE-C3C515BD.pf moved successfully.

C:\Windows\prefetch\MSIEXEC.EXE-A2D55CB6.pf moved successfully.

C:\Windows\prefetch\MSIEXEC.EXE-E09A077A.pf moved successfully.

C:\Windows\prefetch\MSPAINT.EXE-76E10B24.pf moved successfully.

C:\Windows\prefetch\NOTEPAD.EXE-1605FA5B.pf moved successfully.

C:\Windows\prefetch\NOTEPAD.EXE-D8414F97.pf moved successfully.

C:\Windows\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.

C:\Windows\prefetch\ONLINECMDLINESCANNER.EXE-495F0529.pf moved successfully.

C:\Windows\prefetch\ONLINESCANNERAPP.EXE-B2412F9A.pf moved successfully.

C:\Windows\prefetch\ONLINESCANNERUNINSTALLER.EXE-377384F2.pf moved successfully.

C:\Windows\prefetch\OTL.EXE-850B12EC.pf moved successfully.

C:\Windows\prefetch\OTL.EXE-B5537439.pf moved successfully.

C:\Windows\prefetch\PARTE 01.EXE-3B973049.pf moved successfully.

C:\Windows\prefetch\PARTE 01.EXE-AF61F5C1.pf moved successfully.

C:\Windows\prefetch\PARTE 02.EXE-4EECEACE.pf moved successfully.

C:\Windows\prefetch\PARTE 02.EXE-C2B7B046.pf moved successfully.

C:\Windows\prefetch\PARTE 03.EXE-6242A553.pf moved successfully.

C:\Windows\prefetch\PARTE 04.EXE-75985FD8.pf moved successfully.

C:\Windows\prefetch\PES2012.EXE-0A158DFB.pf moved successfully.

C:\Windows\prefetch\PfSvPerfStats.bin moved successfully.

C:\Windows\prefetch\PING.EXE-371F41E2.pf moved successfully.

C:\Windows\prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf moved successfully.

C:\Windows\prefetch\RAREXTLOADER.EXE-352C1CF6.pf moved successfully.

C:\Windows\prefetch\READER_SL.EXE-B1C62096.pf moved successfully.

C:\Windows\prefetch\REGSVR32.EXE-D5170E12.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-230FC512.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-411A328D.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-A3E35360.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-C4E7262A.pf moved successfully.

C:\Windows\prefetch\RUNDLL32.EXE-DE9673F9.pf moved successfully.

C:\Windows\prefetch\SCHTASKS.EXE-5CA45734.pf moved successfully.

C:\Windows\prefetch\SDCLT.EXE-E10B972A.pf moved successfully.

C:\Windows\prefetch\SEARCHFILTERHOST.EXE-77482212.pf moved successfully.

C:\Windows\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf moved successfully.

C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf moved successfully.

C:\Windows\prefetch\SETTINGS.EXE-9F3919F7.pf moved successfully.

C:\Windows\prefetch\SETUP.EXE-E589C2EE.pf moved successfully.

C:\Windows\prefetch\SILVERLIGHT.CONFIGURATION.EXE-3F58C846.pf moved successfully.

C:\Windows\prefetch\SPPSVC.EXE-B0F8131B.pf moved successfully.

C:\Windows\prefetch\SPYWAREBLASTER.EXE-9C9D6919.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-007FEA55.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-05F624AB.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-3AB35CA7.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-7AC6742A.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-7CFEDEA3.pf moved successfully.

C:\Windows\prefetch\SVCHOST.EXE-80F4A784.pf moved successfully.

C:\Windows\prefetch\TASKENG.EXE-48D4E289.pf moved successfully.

C:\Windows\prefetch\TASKHOST.EXE-7238F31D.pf moved successfully.

C:\Windows\prefetch\TASKMGR.EXE-5F5F473D.pf moved successfully.

C:\Windows\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf moved successfully.

C:\Windows\prefetch\UNINSTAL.EXE-91C2CC20.pf moved successfully.

C:\Windows\prefetch\UPDATE.EXE-0D8A637E.pf moved successfully.

C:\Windows\prefetch\UPDRGUI.EXE-D0FBFF97.pf moved successfully.

C:\Windows\prefetch\VSSVC.EXE-B8AFC319.pf moved successfully.

C:\Windows\prefetch\WERFAULT.EXE-37549B7E.pf moved successfully.

C:\Windows\prefetch\WERFAULT.EXE-E69F695A.pf moved successfully.

C:\Windows\prefetch\WERMGR.EXE-0F2AC88C.pf moved successfully.

C:\Windows\prefetch\WINAMP.EXE-015FB5E1.pf moved successfully.

C:\Windows\prefetch\WINRAR.EXE-0CE07324.pf moved successfully.

C:\Windows\prefetch\WLCOMM.EXE-324C9362.pf moved successfully.

C:\Windows\prefetch\WMIADAP.EXE-F8DFDFA2.pf moved successfully.

C:\Windows\prefetch\WMIPRVSE.EXE-1628051C.pf moved successfully.

C:\Windows\prefetch\WMIPRVSE.EXE-6768A320.pf moved successfully.

C:\Windows\prefetch\WMPNETWK.EXE-D9F2A96F.pf moved successfully.

C:\Windows\prefetch\WMPNSCFG.EXE-FC0D39BF.pf moved successfully.

C:\Windows\prefetch\WSQMCONS.EXE-118B52B7.pf moved successfully.

C:\Windows\prefetch\WUAUCLT.EXE-70318591.pf moved successfully.

C:\Windows\prefetch\WUDFHOST.EXE-AFFEF87C.pf moved successfully.

C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000Core.job moved successfully.

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3781067526-2966764731-2999422385-1000UA.job moved successfully.

C:\WINDOWS\tasks\HPCeeScheduleForPierre Cardoso.job moved successfully.

C:\WINDOWS\tasks\HPCeeScheduleForPIERRECARDOSO$.job moved successfully.

C:\WINDOWS\tasks\PCDRScheduledMaintenance.job moved successfully.

File\Folder C:\WINDOWS\System32\*.tmp not found.

File\Folder C:\WINDOWS\*.tmp not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Pierre Cardoso

->Temp folder emptied: 899694 bytes

->Temporary Internet Files folder emptied: 32425857 bytes

->Java cache emptied: 534881 bytes

->FireFox cache emptied: 102870514 bytes

->Flash cache emptied: 926 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 19074 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67872 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 130,00 mb

 

 

OTL by OldTimer - Version 3.2.43.1 log created on 05252012_183205

 

Files\Folders moved on Reboot...

C:\Users\Pierre Cardoso\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

 

PS: Todos os atalhos e arquivos da imagem que postei aí sumiram após usar o OTL.

[DigRam 144]

Boa Noite! moicanofacul

 

|- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

 

Abraços!

[moicanofacul 0]

# AdwCleaner v1.607 - Logfile created 05/26/2012 at 02:12:45

# Updated 23/05/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Pierre Cardoso - PIERRECARDOSO

# Running from : C:\Users\Pierre Cardoso\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Program Files (x86)\Uninstall.exe

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Software

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v12.0 (pt-BR)

 

Profile name : default

File : C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\prefs.js

 

C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\user.js ... Deleted !

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [1205 octets] - [25/05/2012 18:30:42]

AdwCleaner[s1].txt - [1213 octets] - [26/05/2012 02:12:45]

 

########## EOF - C:\AdwCleaner[s1].txt - [1341 octets] ##########

[DigRam 144]

Bom Dia! moicanofacul

 

|- O relatório da ferramenta OTL,mostrou indícios de alterações em políticas administrativas.Onde RogueKiller nos dará maiores detalhes e efetuando algumas correções.

 

 

|- Abra a ferramenta AdwCleaner e clique em "Uninstall".

 

-/-/-

 

|- Baixe: < > ( ... par tigzy )

 

|- Salve-o no desktop!

 

|- Feche aplicativos que estejam abertos!

 

 

|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.

|- Aguarde a finalização de seu Pre-scan.

 

 

|- Dê início ao diagnóstico,clicando no botão "Verificar".

|- Ao ler o log,teremos: Mode: Verificar -- Date: mm/dd/2012 00:52:24

|- Poste o relatório: RKreport[1].txt

 

Abraços!

[moicanofacul 0]

BOM DIA!

 

RogueKiller V7.5.0 [05/24/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario: Pierre Cardoso [Privilegios de Admnistrador]

Modo: Verificar -- Data: 05/26/2012 10:08:54

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 5 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F91A47DD-2831-4021-A2F9-94A55DAB31FD} : NameServer (200.222.145.84 200.222.123.102) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 +++++

--- User ---

[MBR] 1c7fae1b0a91b793fc5a06bd77905b7d

[bSP] 213e4a89d7cfc630a789a84abc4a5ffd : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 482482 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 988329984 | Size: 461580 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1933645824 | Size: 9705 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[1].txt >>

RKreport[1].txt

[DigRam 144]

Boa Noite! moicanofacul

 

|- Abra,novamente,a ferramenta RogueKiller.

 

 

|- <1> Clique em "Verificar".

|- <2> Clique em "Deletar".

|- <3> Clique em "Consertar DNS".

 

|- Cabe relatar que teremos 3 relatórios,em função das guias utilizadas.

|- Poste todos os relatórios,que resultarão dessas operações!

 

-/-/-

 

|- Baixe: | ZHPDiag2 | *ºº* < > ( ... de Nicolas Coolman )

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

 

|-

 

|- Clique em "Calendar" e escolha 30 dias!

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt.

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Recomendo compactá-lo e anexar em sua resposta!

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse: < >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

|- Ou acesse: < > ( Tire-o do zip ao enviar! )

 

|- Maiores informações: < |Link| >

 

Abraços!

[moicanofacul 0]

Relatório 1

 

RogueKiller V7.5.0 [05/24/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario: Pierre Cardoso [Privilegios de Admnistrador]

Modo: Verificar -- Data: 05/27/2012 01:52:29

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 5 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F91A47DD-2831-4021-A2F9-94A55DAB31FD} : NameServer (200.222.145.84 200.222.123.102) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 +++++

--- User ---

[MBR] 1c7fae1b0a91b793fc5a06bd77905b7d

[bSP] 213e4a89d7cfc630a789a84abc4a5ffd : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 482482 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 988329984 | Size: 461580 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1933645824 | Size: 9705 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

 

 

Relatório 2

 

RogueKiller V7.5.0 [05/24/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario: Pierre Cardoso [Privilegios de Admnistrador]

Modo: Remover -- Data: 05/27/2012 01:52:47

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 5 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F91A47DD-2831-4021-A2F9-94A55DAB31FD} : NameServer (200.222.145.84 200.222.123.102) -> NOT REMOVED, USE DNSFIX

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 +++++

--- User ---

[MBR] 1c7fae1b0a91b793fc5a06bd77905b7d

[bSP] 213e4a89d7cfc630a789a84abc4a5ffd : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 482482 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 988329984 | Size: 461580 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1933645824 | Size: 9705 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

 

 

Relatório 3

 

RogueKiller V7.5.0 [05/24/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario: Pierre Cardoso [Privilegios de Admnistrador]

Modo: DNSFix -- Data: 05/27/2012 01:52:56

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Entradas do Registro: 1 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F91A47DD-2831-4021-A2F9-94A55DAB31FD} : NameServer (200.222.145.84 200.222.123.102) -> REPLACED ()

 

Concluido : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

 

ZHPDiag

 

http://wikisend.com/download/405882/ZHPDiag.rar

[DigRam 144]

Bom Dia! moicanofacul

 

|- Caso não tenha sido de seu conhecimento,a instalação destes softwares,pode removê-los.

 

|- <1> C:\Program Files (x86)\PokerStars

|- <2> C:\Program Files (x86)\Rox Poker

|- <3> C:\Program Files (x86)\Full Tilt Poker

 

-/-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

 

 

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key

O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Orphean Key

O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key

O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key

O2 - BHO: (no name) [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} Orphean Key

O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key

O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key

[MD5.00000000000000000000000000000000] [APT] [DVDAgent] (...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{2FBE8D5E-E4B2-4626-9ECD-DC007CCBCE08}] (...) -- C:\Users\Pierre Cardoso\Desktop\Flash_Disinfector.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{97357085-0498-4C3B-8098-347E1CA2C80F}] (...) -- C:\Users\Pierre Cardoso\Desktop\WWParty\RegSetup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{9EBA07A6-BE43-447E-AC2D-04C1D415A519}] (...) -- J:\MEDICINA\Medicina Battlefield 3 Repack.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{ACD5EDD8-D2C5-4D4E-8D28-6FF1D54AD86B}] (...) -- E:\AUTORUN.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{E0AC368C-7111-4909-8529-E489F527DA23}] (...) -- C:\Users\Pierre Cardoso\Downloads\7z465.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{EF7A9B34-053A-4139-89CE-2ABAD9E3300F}] (...) -- C:\Users\Pierre Cardoso\Downloads\ps2pdf995.exe (.not file.)

O43 - CFD: 16/07/2010 - 15:53:35 - [5,167] ----D C:\Program Files (x86)\BitLord

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://isearch.avg.com

 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\Software\bitlord]

[HKCU\Software\PartyGaming]

[HKCU\Software\poker 770]

[HKLM\Software\WOW6432Node\poker 770]

[HKLM\Software\WOW6432Node\Trymedia Systems]

 

C:\Program Files (x86)\BitLord

C:\ProgramData\Trymedia

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord

 

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste Clipboard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços! ( Ps: Devido à compromisso inadiável,somente poderei atendê-lo na segunda feira. )

[moicanofacul 0]

Esses 3 softwares fui eu que instalei sim. Eis o Relatório:

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Pierre Cardoso at 27/05/2012 10:29:29

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

NOT FOUND Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

NOT FOUND Key: CLSID BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}

NOT FOUND Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}

NOT FOUND Key: CLSID BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289}

NOT FOUND Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}

NOT FOUND Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key*: SearchScopes :{95B7759C-8C7F-4BF1-B163-73684A933233}

DELETED Key*: HKCU\Software\bitlord

DELETED Key*: HKCU\Software\PartyGaming

DELETED Key*: HKCU\Software\poker 770

DELETED Key*: HKLM\Software\WOW6432Node\poker 770

DELETED Key*: HKLM\Software\WOW6432Node\Trymedia Systems

 

========== Registry Value ==========

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Registry Data Items ==========

REMOVED StartMenuInternet: C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

REMOVED StartMenuInternet: C:\Windows\System32\ie4uinit.exe

REPLACED Value NoActiveDesktopChanges : Good (0) - Bad (1)

 

========== Repertory ==========

DELETE on Reboot Folder**: C:\Program Files (x86)\BitLord

DELETE on Reboot Folder**: c:\programdata\trymedia

DELETED Folder: c:\programdata\microsoft\windows\start menu\programs\bitlord

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETE on Reboot c:\program files (x86)\mozilla firefox\uninstall\helper.exe

DELETE on Reboot c:\windows\system32\ie4uinit.exe

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: DVDAgent

DELETED Task: {2FBE8D5E-E4B2-4626-9ECD-DC007CCBCE08}

DELETED Task: {97357085-0498-4C3B-8098-347E1CA2C80F}

DELETED Task: {9EBA07A6-BE43-447E-AC2D-04C1D415A519}

DELETED Task: {ACD5EDD8-D2C5-4D4E-8D28-6FF1D54AD86B}

DELETED Task: {E0AC368C-7111-4909-8529-E489F527DA23}

DELETED Task: {EF7A9B34-053A-4139-89CE-2ABAD9E3300F}

 

========== Restoration ==========

Restore System Point not created

 

 

========== Summary ==========

13 : Registry Key

3 : Registry Value

3 : Registry Data Items

5 : Repertory

4 : File

7 : Task

1 : Restoration

 

 

End of clean in 00mn 11s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 27/05/2012 10:29:29 [2744]

[moicanofacul 0]

RELATO:

 

O programa que utilizo para fazer download (Bitlord) sumiu do meu menu iniciar (a pasta que está lá está vazia).

 

Quando eu vou no Windows Explorer, encontro a pasta dele, mas a pasta 'downloads', onde ficam os arquivos baixados, sumiu! Acabei de fazer o download de um filme (baixei por completo) e não faço a mínima ideia de onde esteja ele por conta do desaparecimento da pasta 'downloads'.

 

Caminho correto da pasta que estou falando: C:\Program Files (x86)\BitLord\Downloads

 

Novo Relato:

 

Todas as configurações de idioma e preferências dos programas que utilizo foram resetadas. oO

[DigRam 144]

Bom Dia! moicanofacul

 

|- < Adware.Win32.BitLord 1.1 >

 

|- ZHPDiag detecta seu software como instalador de Adwares.

|- Como ZHPFix estabeleceu Ponto de Restauração do Sistema,durante o Fix,procure restaurar seu computador para esse ponto.

|- Ps: Informe se obteve êxito ao utilizar a RS.

 

Abraços!

[moicanofacul 0]

O bitlord voltou pro menu iniciar, porém a pasta 'downloads' dele continua sumida do Win Explorer. Consegui abrir ela pelo menu iniciar e ela está vazia!

 

O erro de milhares de arquivos e atalhos voltou: http://img833.images.../3032/errou.jpg

 

Surgiram também vários drives de disco removível: http://desmond.imageshack.us/Himg220/scaled.php?server=220&filename=outroerro.jpg&res=landing

[DigRam 144]

O bitlord voltou pro menu iniciar, porém a pasta 'downloads' dele continua sumida do Win Explorer. Consegui abrir ela pelo menu iniciar e ela está vazia!

 

O erro de milhares de arquivos e atalhos voltou: http://img833.images.../3032/errou.jpg

 

Surgiram também vários drives de disco removível: http://desmond.imageshack.us/Himg220/scaled.php?server=220&filename=outroerro.jpg&res=landing

Boa Tarde! moicanofacul

 

|- Verificou se existe Ponto de Reatauração,em data anterior ao que estabeleceu?

 

-/-

 

|- Execute,novamente,a ferramenta OTL e poste seu relatório. ( OTL Quick Scan )

 

Abraços!

[moicanofacul 0]

Existem mais 2 pontos de restauração, que são vinculados a atualizações automáticas do windows.

 

O ponto que eu havia utilizado estava vinculado à utilização do OTL.

 

Relatório:

 

OTL logfile created on: 28/05/2012 16:05:22 - Run 2

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Pierre Cardoso\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,87 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 60,26% Memory free

7,73 Gb Paging File | 5,79 Gb Available in Paging File | 74,83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 471,17 Gb Total Space | 388,78 Gb Free Space | 82,51% Space Free | Partition Type: NTFS

Drive D: | 9,48 Gb Total Space | 1,44 Gb Free Space | 15,23% Space Free | Partition Type: NTFS

Drive P: | 450,76 Gb Total Space | 169,89 Gb Free Space | 37,69% Space Free | Partition Type: NTFS

 

Computer Name: PIERRECARDOSO | User Name: Pierre Cardoso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/05/25 17:43:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

PRC - [2012/05/02 05:46:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/04/05 18:47:34 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Pierre Cardoso\AppData\Local\Facebook\Update\FacebookUpdate.exe

PRC - [2011/12/01 16:57:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/12/01 16:57:42 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/12/01 16:57:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/07/18 08:11:44 | 000,208,264 | ---- | M] ( ) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe

PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/10/02 11:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/05/09 23:52:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/09 23:51:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll

MOD - [2012/05/09 23:51:52 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll

MOD - [2012/05/09 23:51:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/09 23:51:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/09 23:51:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/09 23:51:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/09 23:51:27 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/05/05 03:08:40 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

MOD - [2012/05/02 05:46:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2010/11/12 21:33:11 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/08/30 10:17:26 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/09/08 20:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/05/05 03:08:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/02 05:46:44 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011/12/01 16:57:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/12/01 16:57:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/07/18 08:11:44 | 000,208,264 | ---- | M] ( ) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/04/13 22:09:43 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 16:52:38 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/12/01 16:58:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011/12/01 16:58:02 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/08/30 10:17:24 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)

DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2011/07/12 18:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 07:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2009/10/02 08:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/29 22:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/09/17 09:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/09/08 21:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/08/20 21:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV - [2011/07/18 08:13:36 | 000,043,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006/10/23 11:42:30 | 000,031,899 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}

IE:64bit: - HKLM\..\SearchScopes\{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}

IE - HKLM\..\SearchScopes\{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{0CFC0FF2-7D28-4419-B506-086356381DDA}: "URL" = http://www.americanas.com.br/busca/{searchTerms}

IE - HKCU\..\SearchScopes\{0D763647-EF4D-4055-AA9E-5AA247285547}: "URL" = http://www.livrariasaraiva.com.br/pesquisaweb/pesquisaweb.dll/pesquisa?FILTRON1=X&PALAVRASN1={searchTerms}&ESTRUTN1=&MODELON1=C&ORDEMN1=E&QTTOP=100

IE - HKCU\..\SearchScopes\{0EACAB93-7E9C-41D7-ACE4-B696381E2C0E}: "URL" = http://br.wikipedia.org/w/index.php?title=Dibar:Klask&search={searchTerms}

IE - HKCU\..\SearchScopes\{5D3373DE-E345-414F-9E6C-5EA687463EA2}: "URL" = http://www.submarino.com.br/busca?q={searchTerms}

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={530891EA-3B39-4C54-8741-897DB8E8BD05}&mid=d4338c13a5a147d0ad35a9ae97e400ef-330e5ea7beb1a8f22c81d2be9e250e02521e5642〈=pt-br&ds=gm011&pr=sa&d=2012-04-25 22:52:08&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{9AFB250B-3A9F-4BE3-BA52-E5235AC5E952}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}

IE - HKCU\..\SearchScopes\{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{E354496C-DDB9-47A7-A193-3ED9DEE8EA88}: "URL" = http://www.bondfaro.com.br/cprocura?produto={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "about:home"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pierre Cardoso\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/12/15 21:52:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/02 05:46:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/28 14:16:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/15 21:52:28 | 000,000,000 | ---D | M]

 

[2010/07/06 23:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Extensions

[2012/05/17 05:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions

[2012/05/08 21:31:54 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2012/05/17 05:35:27 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

[2010/11/16 23:12:19 | 000,000,000 | ---D | M] (Dicionário para Ortografia pt-BR) -- C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\extensions\pt-BR@dictionaries.addons.mozilla.org

[2012/02/25 17:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/07/17 12:26:56 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\PIERRE CARDOSO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HAWBR6LM.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI

[2012/03/01 06:01:36 | 000,126,158 | ---- | M] () (No name found) -- C:\USERS\PIERRE CARDOSO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HAWBR6LM.DEFAULT\EXTENSIONS\DESPROTETORDELINKS@CLAUDIO-SILVA.COM.XPI

[2012/05/02 05:46:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/14 21:57:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/04/25 22:52:03 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml

[2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml

[2011/11/08 20:45:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml

[2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2011/06/27 12:13:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Pierre Cardoso\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F91A47DD-2831-4021-A2F9-94A55DAB31FD}: NameServer = 200.222.145.84 200.222.123.102

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/28 15:48:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{FA79CED6-1A3E-42F3-BB75-8487019DC760}

[2012/05/28 15:46:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{71487CED-CB72-4348-A604-F93B26A953CB}

[2012/05/28 00:15:53 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{300BE666-5332-4BF2-AC92-ED4F1DAC2487}

[2012/05/27 12:15:26 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{4300DEE1-E85A-441E-AB43-E8C1BAC43AF3}

[2012/05/27 12:15:01 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B7183221-BC00-4250-80E3-BF20414AFD87}

[2012/05/27 01:57:27 | 000,000,000 | ---D | C] -- C:\ZHP

[2012/05/27 01:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2012/05/26 10:08:18 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\Desktop\RK_Quarantine

[2012/05/26 02:16:45 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C970A15A-6802-47AF-97F4-63F1ED2298D2}

[2012/05/26 02:16:33 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{FD006140-7B65-44C8-A50B-D60C826704FF}

[2012/05/25 18:32:05 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/05/25 17:43:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

[2012/05/25 00:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/05/25 00:14:24 | 000,000,000 | R--D | C] -- C:\Users\Pierre Cardoso\Videos

[2012/05/25 00:14:24 | 000,000,000 | R--D | C] -- C:\Users\Pierre Cardoso\Pictures

[2012/05/25 00:14:24 | 000,000,000 | R--D | C] -- C:\Users\Pierre Cardoso\Music

[2012/05/24 20:25:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{43ECBBDB-6AD6-413C-9866-3146E194968C}

[2012/05/24 19:59:24 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\Desktop\PES

[2012/05/24 08:25:17 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B05A415F-BC28-4491-A7DE-D163D47590AE}

[2012/05/24 08:25:06 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{03C34F10-2335-44A2-8AD0-41F8657E25DE}

[2012/05/23 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{6EA2E67C-250E-435B-A997-AA49B0B77082}

[2012/05/23 08:24:14 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{12C70282-79A9-4825-BDE5-AADF38C16C26}

[2012/05/22 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{E64096FF-162F-4664-83DC-A6E50DE48B59}

[2012/05/22 08:23:27 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B45DB9D5-4A0E-4A80-AD7C-DFF808DB15A9}

[2012/05/21 20:23:03 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{BE1F7801-7523-4A5E-AD63-AF0C7CD213EE}

[2012/05/21 08:22:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{4AB8541D-72CE-4DE4-8EF4-14C19F866266}

[2012/05/20 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{7AED9AE5-7EBA-442E-8211-806B8D5ABB8A}

[2012/05/20 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{60817F1E-EB63-440C-854E-D1F9B3DEA1A2}

[2012/05/19 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{886FDCEF-1007-4F2D-AECB-67664904437A}

[2012/05/19 08:19:03 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{A2EB3F4F-6977-40AA-A6D3-0784C6C65AC5}

[2012/05/18 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{8AFFDC37-2690-4BB0-9FD7-CB92003EBF71}

[2012/05/18 08:18:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{162C3CDC-E1BE-46FF-9797-8649FE910E41}

[2012/05/17 20:16:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{7404C811-4406-4D76-9A4F-DCD1183C5AC8}

[2012/05/17 08:15:25 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{A087CC15-0B43-4BD1-BDF2-377422017CC5}

[2012/05/17 08:14:48 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{EBAEAC86-04DC-42B0-AB4A-547516C8B8BC}

[2012/05/16 20:14:23 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C5231FE7-9E8F-48BA-9B90-7DC98A15FC4D}

[2012/05/16 08:13:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{E0571846-0744-430B-B7CF-CE06005DBCD0}

[2012/05/15 20:13:35 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{77057993-A672-4766-8F7C-C05A8F864FBB}

[2012/05/15 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{54680506-5DBF-4977-915D-C9D3528089F7}

[2012/05/14 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{A280FF2B-32DC-445E-8FFB-648A6360D9B2}

[2012/05/13 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DD28C1DD-5C56-4816-9E61-A9D3CF246F2F}

[2012/05/12 08:14:53 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{39FC8DAD-669D-4502-A7C9-AE87511E9F7D}

[2012/05/12 08:12:58 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{B1DEAE12-441D-4861-BA47-81768004D967}

[2012/05/11 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{085140FC-FA32-49B6-848D-B27830ECD5DC}

[2012/05/11 07:15:57 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{643FA17F-E4AC-4352-AE61-42222D39BE45}

[2012/05/10 19:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/05/10 19:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/05/10 19:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/05/10 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{5D96410C-DA5C-4DA0-BF94-312D784C097B}

[2012/05/10 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D8F6ADA3-FC9E-4B42-9C6B-3E0F1672CFFE}

[2012/05/09 19:58:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C3BD66B9-33D4-4459-83CB-8510E6927920}

[2012/05/09 07:57:34 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D9262D0F-3BAC-42CB-ABA1-24E2AFC93CF7}

[2012/05/08 19:57:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D6B19831-A99B-4C45-B7DA-33B5640C23A9}

[2012/05/08 07:56:43 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{74B2D6BB-89B0-48FA-90E5-FC4C2039D4BF}

[2012/05/08 07:56:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D848B9B2-DAE2-4F9E-B7D3-51DA78C85DE8}

[2012/05/07 19:56:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{FF52AE5A-C6F9-4A33-AFE5-6A573D753DBA}

[2012/05/07 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{38B43596-FD58-49AE-B2CD-1E3DD0FEC458}

[2012/05/07 06:13:08 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{9F12701A-E7B4-470C-A288-0F5F3EDF4961}

[2012/05/06 18:12:43 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DC74FA8C-5AD6-46CD-9B35-C370EFB3B6A2}

[2012/05/06 06:11:28 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{70C58FF3-90E2-4BDA-92ED-F78BE4D54EF5}

[2012/05/05 18:11:04 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{C8E75C8A-EEB5-4FD5-B0E0-E9D6B427A18C}

[2012/05/05 06:10:30 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{DC0748D6-B623-4508-956A-0FC987E6FB7D}

[2012/05/04 18:10:07 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{0C409F2F-A8A7-41D3-B1B0-36F3198B2711}

[2012/05/04 06:09:42 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{0936DEA9-FD47-4C3D-844A-70C3E86A0F3C}

[2012/05/03 18:44:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system32

[2012/05/03 18:09:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{1840F289-78FA-4E1E-9FB5-A7A4738259BC}

[2012/05/03 06:08:46 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{50677B40-B6CD-49ED-BED9-F73B533E6C64}

[2012/05/02 18:08:23 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{442027DE-9E4E-4774-9DA9-8851AF01FCF4}

[2012/05/02 06:07:13 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{ED9562C2-1174-4EE2-ABA8-1BE7BDBFF6CD}

[2012/05/02 05:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/02 05:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/05/01 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{9E6A3909-4A4E-4299-BAC6-D4DD756AC763}

[2012/05/01 18:06:37 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{ACBB87AC-1FE2-4B0D-92DA-E68FC0841414}

[2012/05/01 06:06:10 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D208E02E-23ED-4A92-BD79-F29A1CCE48CE}

[2012/05/01 06:05:59 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{D09F1316-C542-46C2-B3C1-85780892F740}

[2012/04/30 18:05:32 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{CA1E1DF8-DE26-4D9F-9AF5-97ECE6DDB31A}

[2012/04/30 18:05:21 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{ACC774CA-5B87-45B8-B60B-7A2E34256655}

[2012/04/29 07:43:40 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{520C4FEF-5D23-4CF4-BFEC-2178B65D69E9}

[2012/04/29 00:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode

[2012/04/28 19:43:13 | 000,000,000 | ---D | C] -- C:\Users\Pierre Cardoso\AppData\Local\{58D6A6CD-7841-47DD-8230-FCAAE306D29B}

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/28 11:33:06 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/28 11:33:06 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/28 11:30:04 | 001,541,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/28 11:30:04 | 000,672,262 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/05/28 11:30:04 | 000,624,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/28 11:30:04 | 000,131,632 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/05/28 11:30:04 | 000,109,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/28 11:27:47 | 000,150,667 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\Outro erro.jpg

[2012/05/28 11:25:32 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2012/05/28 11:25:26 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/27 02:02:31 | 000,039,851 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\ZHPDiag.rar

[2012/05/27 02:01:06 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2012/05/25 18:25:15 | 000,583,245 | ---- | M] () -- C:\Users\Pierre Cardoso\Desktop\adwcleaner.exe

[2012/05/25 17:43:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre Cardoso\Desktop\OTL.exe

[2012/05/09 23:45:50 | 000,355,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2012/05/28 11:27:47 | 000,150,667 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\Outro erro.jpg

[2012/05/27 02:02:31 | 000,039,851 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\ZHPDiag.rar

[2012/05/27 02:01:06 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2012/05/25 18:25:13 | 000,583,245 | ---- | C] () -- C:\Users\Pierre Cardoso\Desktop\adwcleaner.exe

[2012/04/25 22:57:32 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat

[2012/04/25 22:57:32 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat

[2012/04/25 22:57:10 | 001,914,638 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm

[2012/04/25 22:57:10 | 001,150,464 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe

[2012/04/25 22:57:10 | 000,403,968 | ---- | C] () -- C:\Program Files (x86)\Rar.exe

[2012/04/25 22:57:10 | 000,266,240 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe

[2012/04/25 22:57:10 | 000,193,536 | ---- | C] () -- C:\Program Files (x86)\RarExt64.dll

[2012/04/25 22:57:10 | 000,166,912 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll

[2012/04/25 22:57:10 | 000,123,904 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe

[2012/04/25 22:57:10 | 000,101,610 | ---- | C] () -- C:\Program Files (x86)\Default.SFX

[2012/04/25 22:57:10 | 000,081,130 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX

[2012/04/25 22:57:10 | 000,076,032 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX

[2012/04/25 22:57:10 | 000,052,993 | ---- | C] () -- C:\Program Files (x86)\winrar.lng

[2012/04/25 22:57:10 | 000,018,797 | ---- | C] () -- C:\Program Files (x86)\rar.lng

[2012/04/25 22:57:10 | 000,004,007 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng

[2012/04/25 22:57:10 | 000,001,671 | ---- | C] () -- C:\Program Files (x86)\rarext.lng

[2012/04/25 22:57:10 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst

[2012/04/25 22:57:10 | 000,000,607 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst

[2012/04/25 22:57:09 | 000,003,975 | ---- | C] () -- C:\Program Files (x86)\Order.htm

[2012/04/25 22:57:09 | 000,001,016 | ---- | C] () -- C:\Program Files (x86)\Descript.ion

[2012/04/25 22:57:09 | 000,000,494 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz

[2012/04/23 17:40:02 | 000,039,629 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2011/09/01 17:22:04 | 000,000,501 | ---- | C] () -- C:\Windows\SysWow64\MMoney20.drv

[2011/09/01 17:22:04 | 000,000,501 | ---- | C] () -- C:\Windows\SysWow64\drcmmsys20.drv

[2011/05/15 19:47:41 | 000,001,854 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Roaming\GhostObjGAFix.xml

[2011/04/14 14:30:33 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll

[2011/01/26 12:31:54 | 001,534,752 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/09/12 14:19:32 | 004,477,480 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00310.JPG

[2010/09/12 14:16:02 | 000,175,810 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.JPG

[2010/09/12 14:16:02 | 000,144,847 | ---- | C] () -- C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.0

[2010/07/09 13:49:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe

[2010/07/09 13:49:26 | 000,001,125 | ---- | C] () -- C:\Windows\winamp.ini

[2010/07/09 12:27:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010/07/09 11:59:07 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv

[2010/07/09 11:59:06 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2010/07/08 22:40:32 | 000,073,757 | ---- | C] () -- C:\Windows\SysWow64\dancemat.exe

 

========== LOP Check ==========

 

[2012/02/06 18:26:14 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Ajpa

[2012/05/25 00:16:49 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\DAEMON Tools Lite

[2012/02/06 22:30:33 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Evil

[2012/02/26 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Nokia

[2012/03/15 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Origin

[2011/01/26 10:41:24 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\PC Suite

[2010/07/09 12:00:40 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\pdf995

[2011/02/10 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Sports Interactive

[2010/09/08 20:29:39 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\VDownloader

[2010/07/03 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\WinBatch

[2010/10/20 20:51:16 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\Windows Live Writer

[2011/04/15 21:09:04 | 000,000,000 | ---D | M] -- C:\Users\Pierre Cardoso\AppData\Roaming\XMedia Recode

[2009/07/14 02:08:49 | 000,019,288 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(19).TXT

[2011/08/30 10:18:45 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Rox Poker:MID

@Alternate Data Stream - 204 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

 

< End of report >