Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

thisartori

[Arquivado] Muitos processos desconhecidos e interrompidos

Recommended Posts

Boa tarde gurizada!

Esteé meu primeiro post, portando vamos lá:

 

Meu computador começou a travar e eu não entendia porque. Quando abri o gerenciador de dispositivos percebi que existem muitos processos que não conheço e ainda por cima estão todos como "interrompidos".

Acredito que seja Malware ou essas coisas.

Já passei os seguintes programas:

- Bitdefender (90 dias gratuitos que consegui pelo facebook)

- Spybot

- 1, 2, 3 Spyware free

 

Meu windows é o seven, e não atualizo ele (por motivos pessoais, hehehe).

Não sei se é importante falar, mas não faz muito tempo que eu formatei meu pc e recém troquei minha placa de vídeo pois a antiga estava superaquecendo.

 

 

Meu pc é um Core 2 quad com 4 giga de ram. Faltou alguma informação?

 

No aguardo de uma ajuda,

 

Abraços,

Thiago Sartori

 

Boa tarde gurizada!

Esteé meu primeiro post, portando vamos lá:

 

Meu computador começou a travar e eu não entendia porque. Quando abri o gerenciador de dispositivos percebi que existem muitos processos que não conheço e ainda por cima estão todos como "interrompidos".

Acredito que seja Malware ou essas coisas.

Já passei os seguintes programas:

- Bitdefender (90 dias gratuitos que consegui pelo facebook)

- Spybot

- 1, 2, 3 Spyware free

 

Meu windows é o seven, e não atualizo ele (por motivos pessoais, hehehe).

Não sei se é importante falar, mas não faz muito tempo que eu formatei meu pc e recém troquei minha placa de vídeo pois a antiga estava superaquecendo.

 

 

Meu pc é um Core 2 quad com 4 giga de ram. Faltou alguma informação?

 

No aguardo de uma ajuda,

 

Abraços,

Thiago Sartori

 

Utilizei aquele hijackthis segue abaixo:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:20:05, on 08/09/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Users\Thiago Sartori\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll

R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Thiago Sartori\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [EPSON TX430 Series (Copiar 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE /FU "C:\Users\THIAGO~1\AppData\Local\Temp\E_S47C9.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Dropbox.lnk = Thiago Sartori\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12048 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite thisartori

 

 

:seta: Baixe o OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

adh9R4J8.jpg

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

*Clique [Verificar]

 

acwleCSw.jpg

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Desinstale o Spybot

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

 

adkcONNW.jpg

 

 

:OTL

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849856

IE - HKU\S-1-5-21-1141545486-2957593714-247043568-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849856

O33 - MountPoints2\{058977d6-b74f-11e1-bc9b-00241df1a373}\Shell - "" = AutoRun

O33 - MountPoints2\{058977d6-b74f-11e1-bc9b-00241df1a373}\Shell\AutoRun\command - "" = F:\INSTALL.EXE

 

:Commands

[emptytemp]

 

 

*Clique [Consertar]

 

acwleCSw.jpg

 

*Clique [OK] para reiniciar o PC

 

aalOzPIh.jpg

 

*Cole o relatório criado em C:\_OTL\MovedFiles\data_hora.txt

 

 

:seta: Baixe o AdwCleaner (...de Xplode) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

acbFQ3lq.jpg

 

*Clique [Delete]

 

*Cole o relatório apresentado

 

 

:seta: Instale o SP1

Compartilhar este post


Link para o post
Compartilhar em outros sites

O material do ADW:

 

 

# AdwCleaner v1.504 - Logfile created 09/10/2012 at 15:46:23

# Updated 01/04/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Thiago Sartori - SARTORI

# Running from : C:\Users\Thiago Sartori\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor

Folder Deleted : C:\Users\Thiago Sartori\AppData\LocalLow\Conduit

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Iminent

 

***** [H. Navipromo] *****

 

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849856

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

 

***** [Registry (x64)] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registry is clean.

 

*************************

 

AdwCleaner[s1].txt - [1989 octets] - [10/09/2012 15:46:23]

 

########## EOF - C:\AdwCleaner[s1].txt - [2117 octets] ##########

 

 

 

__________________________

 

 

Agora o material do Extras:

 

 

OTL Extras logfile created on: 10/09/2012 11:11:41 - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Thiago Sartori\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 48,41% Memory free

8,00 Gb Paging File | 5,16 Gb Available in Paging File | 64,52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698,54 Gb Total Space | 536,34 Gb Free Space | 76,78% Space Free | Partition Type: NTFS

 

Computer Name: SARTORI | User Name: Thiago Sartori | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{216F22D2-5223-419E-9054-8FF662FEB010}" = rport=139 | protocol=6 | dir=out | app=system |

"{258B9337-8CC0-4D86-9355-05F2B5A913C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{278BDA9B-8FFB-4B19-B50D-7DB77863D021}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{339F443F-9B2F-4394-A2AE-733AAF84FEBF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3FED42A1-0B6B-43E0-B834-A7248BBFFAEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{436E18A3-C7A1-40E6-A41D-2AE3EA195BF3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{469C559D-0CF9-4920-95B6-AADBA99E7FE1}" = lport=137 | protocol=17 | dir=in | app=system |

"{48A014D6-6E5E-4DC2-8A0A-373ECBDF4D0A}" = lport=10243 | protocol=6 | dir=in | app=system |

"{5DEE8C6E-AA18-4841-9B46-155DBE2EE9DD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{6D7E61E9-BD61-420B-9746-16E7B3C3E1F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{70D2A2EF-E744-4618-8AAC-1922BC2D0F92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{78F6C322-D996-4AEB-AEDC-61B840DFB098}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{8A370E85-437B-46C4-9AFD-94CB40144D64}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8E5536D4-4384-4D93-9720-795C1281A647}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{90B5FA4E-9E43-46EE-BFBD-7FB6C29A852C}" = lport=139 | protocol=6 | dir=in | app=system |

"{9579403A-38FD-419A-8585-35C84C87D4B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9D993534-B682-4FD1-BFC1-9CA34D4BF9A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{A453B245-4677-498B-8CE4-637F51B1F146}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A6EE2CFE-49EF-45C3-B74F-574E83A4444C}" = rport=138 | protocol=17 | dir=out | app=system |

"{A71F0DBF-4559-4F1A-A7EE-3B397EF1273A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ACBB96DD-74C0-4BE8-8FE5-712976A9188F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B2F95CDA-FB5E-4C67-B3B7-12CE0B1CA120}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{B820367A-2581-425B-A238-D01ABF8FD2E2}" = rport=137 | protocol=17 | dir=out | app=system |

"{C37BF591-836D-45DD-8769-E054494DEE4A}" = rport=445 | protocol=6 | dir=out | app=system |

"{D61C69A4-C72A-4C5F-B887-96141AE6ED0B}" = rport=10243 | protocol=6 | dir=out | app=system |

"{E1C9BF4D-E0BA-4D2A-89AA-888C9199F9B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EBA00757-962C-41FC-8D32-2A851C5587B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F84D1F9E-3CEC-4194-B18D-F652497179CD}" = lport=138 | protocol=17 | dir=in | app=system |

"{FB39FD22-18F9-46E1-BC11-0FF70E859E55}" = lport=445 | protocol=6 | dir=in | app=system |

"{FF7DD54F-8777-4953-B0F9-E8A8AFD099E4}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0560BF3E-9E07-4437-B53D-80C064A9FEE3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{064EB9A5-A9A8-426F-803B-1CC9410AE480}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{083003E7-BBCA-4FAA-A65C-E2D9BCD789B8}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |

"{14D18A17-2E5E-41F0-B6DA-775605F512CF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |

"{152E66B4-2E14-4526-A0C1-BCB6DB8BD025}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{18DDB2C6-9ED0-471C-BEB2-E98445A5CB89}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{194FFB6F-B356-4E74-920D-AE48DCA0D8A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe |

"{224015FF-171E-4EE5-9BDE-FAE5E15110DD}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |

"{24F40FBB-655D-43DD-A066-AEF4F9A2BBCC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{253EA645-F9C5-428A-9B10-67D46A00196F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2768F432-CF67-4A2D-A2FA-D9BA8B1D62B4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{289EC98D-B9CD-4912-B645-C626DF6AE67F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2F573EC2-36CE-4811-B7CA-86064043087C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{2FE1BC02-EB49-46FF-8E02-5CDDAECDD8AA}" = protocol=6 | dir=out | app=system |

"{33B04557-1618-4EE8-9E4A-C125BB19B3EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{37217758-386B-49F6-A8A5-590F9BC88BB8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{38D97241-A867-4BB9-AAE6-9BEC5CA58942}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{3C93217A-EDC2-4D8E-B5FF-A08F22766C9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3E2507E2-E915-4042-A5E3-E168D216684D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{4082CDDB-DB8F-48F0-A34D-A0595E86E773}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{4191A105-C95D-4D5A-9E55-7D97D73FD716}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{44EC8BE0-A4C7-4A8D-A4CF-95308B94EEF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{4694627F-879B-4D6B-BBB4-DD0C4EC95737}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{47E0CC5E-C19E-46AA-BE3D-098445139544}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4813AC21-E9E6-4125-AE05-52BE43FAE5F5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{51D40B5C-9459-4CEE-8A88-809282EF282C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{571D8644-D7CE-4853-A3C3-A6AA8B52F839}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{631AE6B0-FA5D-49FD-9C9F-A6D53E8271A3}" = protocol=6 | dir=in | app=c:\users\thiago sartori\appdata\roaming\dropbox\bin\dropbox.exe |

"{65A5D72A-3E84-4395-B7B7-505BAA3C230E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{67C3A3D5-A386-455E-82FD-7CFF269CB9D2}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{753A6902-2172-4A33-BF43-9DF0A6EBCDE8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{7A343D2C-C914-40A9-868F-A7A8AABAD8D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{84BE04C5-662F-4E34-B273-2A0CD3033193}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{8580B91A-278B-48C9-926F-FFD4C822B51F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{8805B9C4-401E-4096-B372-CF9AD1B0A03C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{8EC8FCF0-0111-4D03-83DF-1DFEBFB279BA}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{924C1AA0-CC43-4483-9788-E7361B5E7E08}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{A0E1C5D7-9A97-4C57-AA0F-1B467CF37282}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{A4B73215-AE76-47AC-AFCA-2D5A415B315D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{AB8C630F-5FFD-474F-852E-93C823FF9468}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{B1430CF5-D54C-4DC4-BFFA-5C45BCC722BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B4BEA1A7-44CB-4BD6-BB17-4C4591C51D4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{BA6406BE-8415-4839-8E1D-9399792D26CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BAA3B60D-3741-465B-B7CA-5052FA774491}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BDBF73C7-3818-4170-8EA3-4DF7FDD55939}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{BE649857-4698-4340-BA7C-54E09A124030}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C464F1EE-03B0-4341-B88C-5B42EB087DE5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C54C9C34-8A8B-4422-8A14-5FCB129A22E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C95235CD-FC4C-4067-94C5-F5E884F7267F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{D08DEDAB-1E9B-4664-98FC-F5A150AC45F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{D1CCAD64-B0D0-4B86-969A-033A601FD5BB}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |

"{D3D39CEE-FF17-47FC-8E57-1D524632D014}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{DA574B3D-FF4F-43BD-B8B8-4ACAC220990A}" = protocol=17 | dir=in | app=c:\users\thiago sartori\appdata\roaming\dropbox\bin\dropbox.exe |

"{DD254F1C-957A-44A4-95B4-B3717243045E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E4954F12-9F7E-4B64-9C03-526E5B504DEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E65228C6-F38A-44FF-A5D2-7A7BD8B2D9A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{EEA7CB8A-DF33-496A-BED0-786EA3A86729}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{F39402D1-B32A-4008-BB49-EF19AF6BB261}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe |

"{F64F3096-F40A-415D-9233-DBF5056A785F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F6AA5601-9C03-468B-88FB-0A698E40DDF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{FA3E3662-6717-4A39-8146-45A0AC26C0F4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{FE815785-2C82-45E5-B8BF-C607CFB817B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FEB3CD5E-A0B4-4CA3-81B4-AAC96E46D606}" = dir=in | app=c:\users\thiago sartori\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"TCP Query User{232EBE15-0F28-4F01-957B-90977F790A00}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{2A3B452B-DD1F-4B7F-9D07-201B45A8B111}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"TCP Query User{406E128D-2332-4709-B055-194B8D98C5E6}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

"TCP Query User{4A2C3669-761E-4D29-B813-C698A2AA10FC}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |

"TCP Query User{50DCAD51-3C9D-47BE-846F-C927B4075318}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{60D80F9A-14B7-4269-AA09-424465F9AD98}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{648B21C1-817B-48CB-A9AE-B566E817B19A}C:\users\thiago sartori\desktop\starcraft_2_la_pt-br.exe" = protocol=6 | dir=in | app=c:\users\thiago sartori\desktop\starcraft_2_la_pt-br.exe |

"TCP Query User{7F07D3B7-70E9-429E-9C1D-B802A3352662}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

"TCP Query User{87B57866-3CFD-4643-821A-7DC7F1C72292}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"TCP Query User{89268EB6-15EB-4E1E-A592-223ECE054462}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"TCP Query User{898094E5-CCB2-4D8A-8F8A-249E88A50AF7}C:\program files (x86)\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wolfenstein - enemy territory\et.exe |

"TCP Query User{89DB2FF0-1CDC-48A2-9F08-EA8CEC0CAC24}C:\program files (x86)\steam\steamapps\thisartori\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\thisartori\team fortress 2\hl2.exe |

"TCP Query User{971042C6-B9FB-4F1E-A1C7-7616889F2F16}C:\users\thiago sartori\downloads\starcraft_2_la_pt-br.exe" = protocol=6 | dir=in | app=c:\users\thiago sartori\downloads\starcraft_2_la_pt-br.exe |

"TCP Query User{A98B1DCD-4FE8-4169-B2F8-D82D60EC79CD}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"TCP Query User{D43CACA3-6A17-4E2B-9714-C25D98CD6438}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"TCP Query User{D73A26D8-7FE5-42E3-AF9E-EDF7674B17A6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{F3246BC7-173E-446C-9EC6-16AE677EB7E3}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"TCP Query User{FC119E2C-EB75-439A-9063-A55C26525158}C:\users\thiago sartori\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thiago sartori\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{10304684-4808-4708-A0C7-57FE5F04FF94}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{1621633F-CE41-49E0-99A5-7B6723BB8983}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{39142C53-07C1-4DE9-A511-1AE66F435712}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

"UDP Query User{3A308082-FB87-4E98-97DF-EE422D4EC67A}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |

"UDP Query User{3F43AAEB-55D4-43B3-9B0E-D7EA1A76D964}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"UDP Query User{4396C66C-9BF3-4D89-B6C8-4845D56B1ECF}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{4F782E90-AE6D-4194-A062-D69F33E4DDFD}C:\program files (x86)\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wolfenstein - enemy territory\et.exe |

"UDP Query User{58E53896-1E82-40F9-9055-70429D2AFA18}C:\users\thiago sartori\desktop\starcraft_2_la_pt-br.exe" = protocol=17 | dir=in | app=c:\users\thiago sartori\desktop\starcraft_2_la_pt-br.exe |

"UDP Query User{88A62F47-2711-4F19-90C5-FC602CE578BB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{8E48F004-7F6C-440B-A6A4-93FE82E4A5E2}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{A02FB1DF-8E40-4000-BE37-744671397363}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"UDP Query User{AFD7F397-6878-4F92-A4F4-7F3BB35A95EC}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"UDP Query User{B03ABEEC-F817-4DA9-BFE3-5A5FC0AC4476}C:\users\thiago sartori\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thiago sartori\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{B22DE071-CB5C-4B70-B10D-DA5A65417A2E}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{CA874865-F799-40E3-B05F-ABFBF30F5191}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

"UDP Query User{CFCC999C-3062-4B93-9097-84334DE2664F}C:\program files (x86)\steam\steamapps\thisartori\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\thisartori\team fortress 2\hl2.exe |

"UDP Query User{E9FCCDB4-E085-42BC-BDC5-A3454CA012B8}C:\users\thiago sartori\downloads\starcraft_2_la_pt-br.exe" = protocol=17 | dir=in | app=c:\users\thiago sartori\downloads\starcraft_2_la_pt-br.exe |

"UDP Query User{F01AC718-416F-4214-A540-EC621DB5BC1A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.16.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Bitdefender" = Bitdefender Total Security 2013

"EPSON TX430 Series" = Desinstalar impressora EPSON TX430 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1046-7B44-A90000000001}" = Adobe Reader 9 - Português

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"1-2-3 Spyware Free_is1" = 1-2-3 Spyware Free v4.5

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor

"BitTorrent" = BitTorrent

"BSPlayerf" = BS.Player FREE

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.WidgetBrowser" = Adobe Widget Browser

"Diablo III" = Diablo III

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Scanner" = EPSON Scan

"FileZilla Client" = FileZilla Client 3.5.3

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)

"Mozilla Thunderbird 15.0 (x86 pt-BR)" = Mozilla Thunderbird 15.0 (x86 pt-BR)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PDF Compress_is1" = PDF Compress 2.02

"SpeedFan" = SpeedFan (remove only)

"StarCraft II" = StarCraft II

"Steam App 22600" = Worms Reloaded

"Steam App 440" = Team Fortress 2

"Steam App 550" = Left 4 Dead 2

"Steam App 6120" = Shank

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory

"World of Warcraft" = World of Warcraft

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1141545486-2957593714-247043568-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 03/09/2012 20:12:20 | Computer Name = Sartori | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo

de hora: 0x4f72c3ee Nome do módulo de falhas: Public.dll, versão: 8.0.0.370, carimbo

de hora: 0x4f72c345 Código de exceção: 0xc0000005 Deslocamento com falha: 0x0004db8e

Identificação

do processo com falha: 0x1064 Hora de início do aplicativo com falha: 0x01cd8a318cf0137a

Caminho

do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe

FCaminho

do módulo de falhas: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Public.dll

Identificação

do Relatório: 30d6a54a-f625-11e1-a372-00241df1a373

 

Error - 04/09/2012 10:36:00 | Computer Name = Sartori | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: InDesign.exe, versão: 8.0.0.370, carimbo

de hora: 0x4f72c3ee Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo

de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x03460000

Identificação

do processo com falha: 0x117c Hora de início do aplicativo com falha: 0x01cd8aaa8cfa772c

Caminho

do aplicativo com falha: C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe

FCaminho

do módulo de falhas: unknown Identificação do Relatório: d8360827-f69d-11e1-ac97-00241df1a373

 

Error - 31/12/2007 23:01:55 | Computer Name = Sartori | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no período de validade ao ser verificado

em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

.

 

Error - 31/12/2007 23:02:37 | Computer Name = Sartori | Source = Google Update | ID = 20

Description =

 

Error - 31/12/2007 23:07:55 | Computer Name = Sartori | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no período de validade ao ser verificado

em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

.

 

Error - 31/12/2007 23:08:50 | Computer Name = Sartori | Source = Google Update | ID = 20

Description =

 

Error - 06/09/2012 16:26:23 | Computer Name = Sartori | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: WinRAR.exe, versão: 3.51.0.0, carimbo

de hora: 0x00000000 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385,

carimbo de hora: 0x4a5bdb3b Código de exceção: 0xc0000374 Deslocamento com falha:

0x000cdcbb Identificação do processo com falha: 0x17e8 Hora de início do aplicativo

com falha: 0x01cd8c6dda02bf78 Caminho do aplicativo com falha: C:\Program Files

(x86)\WinRAR\WinRAR.exe FCaminho do módulo de falhas: C:\Windows\SysWOW64\ntdll.dll

Identificação

do Relatório: 1f7f486a-f861-11e1-9f2e-001f81000830

 

Error - 06/09/2012 16:26:38 | Computer Name = Sartori | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: WinRAR.exe, versão: 3.51.0.0, carimbo

de hora: 0x00000000 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385,

carimbo de hora: 0x4a5bdb3b Código de exceção: 0xc0000374 Deslocamento com falha:

0x000cdcbb Identificação do processo com falha: 0x1740 Hora de início do aplicativo

com falha: 0x01cd8c6de8333474 Caminho do aplicativo com falha: C:\Program Files

(x86)\WinRAR\WinRAR.exe FCaminho do módulo de falhas: C:\Windows\SysWOW64\ntdll.dll

Identificação

do Relatório: 286f65a7-f861-11e1-9f2e-001f81000830

 

Error - 08/09/2012 15:43:40 | Computer Name = Sartori | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor

"*" do atributo language no elemento assemblyIdentity é inválido.

 

Error - 08/09/2012 23:32:15 | Computer Name = Sartori | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor

"*" do atributo language no elemento assemblyIdentity é inválido.

 

[ System Events ]

Error - 08/09/2012 18:53:22 | Computer Name = Sartori | Source = Service Control Manager | ID = 7038

Description = O serviço nvUpdatusService não pôde fazer logon como .\UpdatusUser

com a senha configurada atualmente devido ao seguinte erro: %%1330 Para verificar

se o serviço está configurado corretamente, use o snap-in de Serviços do Console

de Gerenciamento Microsoft.

 

Error - 08/09/2012 18:53:22 | Computer Name = Sartori | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço NVIDIA Update Service Daemon devido

ao seguinte erro: %%1069

 

Error - 09/09/2012 15:26:32 | Computer Name = Sartori | Source = BTHUSB | ID = 327685

Description = O driver Bluetooth esperava um evento HCI com um determinado tamanho,

mas não o recebeu.

 

Error - 09/09/2012 15:26:36 | Computer Name = Sartori | Source = BTHUSB | ID = 327685

Description = O driver Bluetooth esperava um evento HCI com um determinado tamanho,

mas não o recebeu.

 

Error - 09/09/2012 15:28:59 | Computer Name = Sartori | Source = Service Control Manager | ID = 7038

Description = O serviço nvUpdatusService não pôde fazer logon como .\UpdatusUser

com a senha configurada atualmente devido ao seguinte erro: %%1330 Para verificar

se o serviço está configurado corretamente, use o snap-in de Serviços do Console

de Gerenciamento Microsoft.

 

Error - 09/09/2012 15:28:59 | Computer Name = Sartori | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço NVIDIA Update Service Daemon devido

ao seguinte erro: %%1069

 

Error - 10/09/2012 09:58:10 | Computer Name = Sartori | Source = BTHUSB | ID = 327685

Description = O driver Bluetooth esperava um evento HCI com um determinado tamanho,

mas não o recebeu.

 

Error - 10/09/2012 09:58:14 | Computer Name = Sartori | Source = BTHUSB | ID = 327685

Description = O driver Bluetooth esperava um evento HCI com um determinado tamanho,

mas não o recebeu.

 

Error - 10/09/2012 10:00:36 | Computer Name = Sartori | Source = Service Control Manager | ID = 7038

Description = O serviço nvUpdatusService não pôde fazer logon como .\UpdatusUser

com a senha configurada atualmente devido ao seguinte erro: %%1330 Para verificar

se o serviço está configurado corretamente, use o snap-in de Serviços do Console

de Gerenciamento Microsoft.

 

Error - 10/09/2012 10:00:36 | Computer Name = Sartori | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço NVIDIA Update Service Daemon devido

ao seguinte erro: %%1069

 

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não entendi o motivo do relatório Extras.txt.

 

Leia o que solicitei do OTL...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa cara, é que tentei entrar em C:\_OTL\MovedFiles\data_hora.txt mas não achei nada, só tinha esse caminho:

 

C:\_OTL\MovedFiles\09102012_153546\C_Users\Thiago Sartori\AppData\Local\Temp

 

e nenhum arquivo txt.

 

Daí entrei na pesquisa do windows e digitei "data_hora.txt" e abriu aquele arquivo Extras.txt então pensei que fosse ele.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Execute o AdwCleaner e clique [uninstall]

 

 

*Desative temporariamente seu antivírus

 

:seta: Baixe o ComboFix (...de sUBs) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Usuários do Windows XP: Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação. Após a instalação do Console, clique [sim].

 

*Aceite o contrato

 

aag8OIvd.jpg

 

*Aguarde a extração dos arquivos

 

aatrYiR0.jpg

 

*Aguarde a conclusão das etapas...pode demorar!

 

aadiHyHA.jpg

 

*Evite usar o mouse e o teclado. Não use nenhum outro programa até que o ComboFix termine![/b]

 

*Aguarde o término e cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-09-11.02 - Thiago Sartori 12/09/2012 1:37.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4094.2840 [GMT -3:00]

Executando de: c:\users\Thiago Sartori\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}

FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Thiago Sartori\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll

c:\users\THIAGO~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-08-12 to 2012-09-12 ))))))))))))))))))))))))))))

.

.

2012-09-12 04:46 . 2012-09-12 04:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-12 04:46 . 2012-09-12 04:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-10 23:34 . 2012-09-10 23:34 -------- d-----w- c:\windows\system32\SPReview

2012-09-10 21:52 . 2010-11-20 08:37 2560 ----a-w- c:\windows\system32\drivers\pt-BR\rdpwd.sys.mui

2012-09-10 21:52 . 2010-11-20 08:45 3584 ----a-w- c:\windows\system32\drivers\pt-BR\tsusbflt.sys.mui

2012-09-10 21:47 . 2010-11-20 07:19 84480 ----a-w- c:\windows\SysWow64\mciavi32.dll

2012-09-10 19:27 . 2012-09-10 19:27 -------- d-----w- c:\windows\system32\EventProviders

2012-09-10 18:35 . 2012-09-10 18:35 -------- d-----w- C:\_OTL

2012-09-08 19:18 . 2012-09-08 19:19 -------- d-----w- C:\Hijackthis

2012-09-08 11:07 . 2012-09-08 11:07 -------- d-----w- c:\programdata\bdch

2012-09-08 03:51 . 2012-09-08 03:51 -------- d-----w- c:\program files (x86)\Smart PC Solutions

2012-09-08 03:27 . 2012-09-10 17:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-09-08 03:27 . 2012-09-10 17:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-09-07 18:46 . 2012-09-07 18:46 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2012-09-05 22:18 . 2012-09-06 12:05 -------- d-----w- c:\programdata\BDLogging

2012-09-05 22:18 . 2012-04-17 17:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

2012-09-05 22:18 . 2012-07-06 18:21 93160 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys

2012-09-05 22:18 . 2007-04-11 14:11 511328 ----a-w- c:\windows\capicom.dll

2012-09-05 22:18 . 2009-07-14 19:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-09-05 22:18 . 2012-09-07 18:44 577248 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-09-05 22:18 . 2011-11-25 18:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys

2012-09-05 22:18 . 2012-09-07 18:45 700384 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-09-05 22:16 . 2012-09-06 12:05 -------- d-----w- c:\users\Thiago Sartori\AppData\Roaming\Bitdefender

2012-09-05 22:16 . 2012-09-05 22:19 -------- d-----w- c:\programdata\Bitdefender

2012-09-05 22:15 . 2012-09-05 22:15 -------- d-----w- c:\users\Thiago Sartori\AppData\Roaming\QuickScan

2012-09-05 22:14 . 2012-09-07 18:43 350160 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-09-05 22:14 . 2012-09-05 22:16 -------- d-----w- c:\program files\Bitdefender

2012-09-05 22:14 . 2012-04-11 20:03 138232 ----a-w- c:\windows\system32\drivers\gzflt.sys

2012-09-05 22:11 . 2012-09-05 22:14 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-09-02 21:40 . 2012-09-02 21:40 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-02 21:40 . 2012-09-02 21:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-02 21:40 . 2012-09-02 21:40 -------- d-----w- c:\program files (x86)\Java

2012-08-31 21:26 . 2012-08-31 21:26 -------- d-----w- c:\users\Thiago Sartori\AppData\Roaming\Unity

2012-08-31 21:20 . 2012-08-31 21:20 -------- d-----w- c:\users\Thiago Sartori\AppData\Local\Unity

2012-08-27 20:57 . 2012-08-28 21:31 -------- d-----w- c:\program files (x86)\World of Warcraft

2012-08-20 23:21 . 2012-08-20 23:22 -------- d-----w- c:\users\Thiago Sartori\AppData\Local\Skyrim

2012-08-20 23:13 . 2012-08-20 23:21 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim

2012-08-19 23:19 . 2012-08-19 23:19 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-19 23:19 . 2012-08-19 23:19 -------- d-----w- c:\windows\system32\Wat

2012-08-16 22:48 . 2012-09-02 23:37 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-16 22:22 . 2012-08-16 22:22 -------- d-----w- c:\users\Thiago Sartori\AppData\Local\PunkBuster

2012-08-16 22:01 . 2012-08-16 22:01 -------- d-----w- c:\users\AppData

2012-08-16 21:47 . 2012-09-02 23:37 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-16 21:47 . 2012-09-02 19:25 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-08-16 21:47 . 2012-08-16 22:24 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-08-16 21:47 . 2012-08-16 21:47 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-08-16 17:10 . 2012-09-02 19:26 -------- d-----w- c:\program files (x86)\Wolfenstein - Enemy Territory

2012-08-13 19:25 . 2008-03-05 19:04 489480 ----a-w- c:\windows\system32\XAudio2_0.dll

2012-08-13 18:25 . 2012-09-08 19:24 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-08-13 18:25 . 2012-09-12 04:48 -------- d-----w- c:\program files (x86)\Steam

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 04:48 . 2012-06-20 17:13 24072 ----a-w- c:\windows\gdrv.sys

2012-09-10 23:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-09-10 23:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-09-02 21:40 . 2012-07-06 19:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-02 21:40 . 2012-07-06 19:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-15 14:35 . 2012-06-30 03:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 14:35 . 2012-06-17 02:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-30 16:32 . 2012-07-30 16:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-30 16:32 . 2012-07-30 16:32 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-06-26 19:03 . 2012-08-04 16:27 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-06-26 19:02 . 2012-06-26 19:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-06-26 19:02 . 2012-06-26 19:02 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 19:02 . 2012-06-26 19:02 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-06-26 19:02 . 2012-06-26 19:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-06-26 19:02 . 2012-06-26 19:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-06-26 19:02 . 2012-06-26 19:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-06-26 19:02 . 2012-06-26 19:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-06-26 19:02 . 2012-06-26 19:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-06-26 19:02 . 2012-06-26 19:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-06-26 19:02 . 2012-06-26 19:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-06-26 19:02 . 2012-06-26 19:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-06-26 19:02 . 2012-06-26 19:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-06-26 19:02 . 2012-06-26 19:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-06-26 19:02 . 2012-06-26 19:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-06-26 19:02 . 2012-06-26 19:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-06-26 19:02 . 2012-06-26 19:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-06-26 19:02 . 2012-06-26 19:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-06-26 19:02 . 2012-06-26 19:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-06-26 19:02 . 2012-06-26 19:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-06-26 19:02 . 2012-06-26 19:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-06-26 19:02 . 2012-06-26 19:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-06-26 19:02 . 2012-06-26 19:02 172032 ----a-w- c:\windows\SysWow64\muzapp.exe

2012-06-26 19:02 . 2012-06-26 19:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-06-26 19:02 . 2012-06-26 19:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-06-26 19:02 . 2012-06-26 19:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-06-26 19:02 . 2012-06-26 19:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-06-26 19:02 . 2012-06-26 19:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-06-26 19:02 . 2012-06-26 19:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-06-26 19:02 . 2012-06-26 19:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-06-26 19:02 . 2012-08-04 16:26 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-06-20 17:24 . 2012-06-20 17:24 525792 ----a-w- c:\windows\DIFxAPI.dll

2012-06-20 17:24 . 2012-06-20 17:24 319488 ----a-w- c:\windows\HideWin.exe

2012-06-19 02:24 . 2012-06-19 02:24 21504 ----a-w- c:\windows\jestertb.dll

2012-06-18 15:22 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Thiago Sartori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Thiago Sartori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-14 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Thiago Sartori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Thiago Sartori\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-09-07 82384]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]

R3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;D:\ECSIoDriverX64.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-19 1255736]

R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-09-07 64832]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-09-07 700384]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-06-16 834544]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]

S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-07-02 168448]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-07-02 131072]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]

S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-09-24 68136]

S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-07-03 68416]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]

S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-09-07 577248]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 14:35]

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1141545486-2957593714-247043568-1001Core.job

- c:\users\Thiago Sartori\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 21:14]

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1141545486-2957593714-247043568-1001UA.job

- c:\users\Thiago Sartori\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 21:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Thiago Sartori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Thiago Sartori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Thiago Sartori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Thiago Sartori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2012-06-29 14:19 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2012-06-29 14:19 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2012-06-29 14:19 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2012-06-29 14:19 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]

"Skytel"="Skytel.exe" [2008-07-24 1833504]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-09-07 1534064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 201.21.192.156 201.21.192.151

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]

"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]

"0"="Microsoft Actions Pane 3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-09-12 01:54:23 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-09-12 04:54

.

Pré-execução: 574.240.559.104 bytes disponíveis

Pós execução: 573.692.895.232 bytes disponíveis

.

- - End Of File - - 39D8D55865FBBE706D224A29B5ED11E4

 

Ainda tenho processos interrompidos, só para saberem.

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cole uma screen dos processos que você refere estarem interrompidos, pois seus logs estão limpos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

São serviços do Windows. Não sei se sua conta seria tão restrita para chegar a este ponto.

 

Já tentou logar como administrador e verificar se os serviços estão funcionando?

 

Esse problema não tem relação com malwares.

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vou tentar. Me falaram que se eu fizer alguns procedimentos em modo de segurança pode melhorar.

Isso é verdade?

Se sim, quais seriam esses "procedimentos"??

Desconheço...

 

Pergunte a quem te informou.

 

Uma possibilidade é usar a ferramenta abaixo:

 

 

*Baixe o Set Windows Services To Default Startup (...de Tweaking.com)

 

*Instale-o. Durante a instalação, desmarque as opções

 

14aaqrn.jpg

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

aamDwv9v.jpg

 

*Clique [start]

 

*Aguarde o término e reinicie o PC

 

 

Informe.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.