Remoção de vírus

flavio-sp · 28/04/2012

olá Mr. Wolf
antes de vc responder eu tinha tentado um tal de combo box que eu li na net ae e tal..mais naum resolveu nada aqui.
tem problema de ter baixado esse programa e passado aqui??
fiz a parada com o rooter e o logfile dele tae

muito obrigado cara

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] Dell
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 11.0 (pt-BR)
.
C:\ [Fixed-NTFS] .. ( Total:465 Go - Free:341 Go )
D:\ [CD_Rom]
.
Scan : 14:01.29
Path : C:\Users\Flavio\Desktop\Rooter.exe
User : Flavio ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (540)
Locked csrss.exe (692)
Locked wininit.exe (752)
Locked csrss.exe (776)
Locked services.exe (824)
Locked lsass.exe (832)
Locked lsm.exe (840)
Locked winlogon.exe (928)
Locked svchost.exe (988)
Locked svchost.exe (428)
Locked svchost.exe (1004)
Locked svchost.exe (1068)
Locked svchost.exe (1104)
Locked svchost.exe (1232)
Locked SbieSvc.exe (1292)
Locked svchost.exe (1400)
Locked spoolsv.exe (1524)
Locked svchost.exe (1568)
Locked avgnt.exe (1764)
______ ?(???(????? (1868)
______ ?(???(????? (1876)
Locked IPROSetMonitor.exe (2020)
Locked nvSCPAPISvr.exe (1744)
______ ?(???(????? (1828)
Locked OSPPSVC.EXE (2888)
Locked svchost.exe (3020)
______ C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (3068)
______ ?(???(????u (1716)
______ ?(???(????u (3112)
Locked SearchIndexer.exe (3220)
Locked wmpnetwk.exe (3400)
Locked svchost.exe (3800)
______ ?(???(????u (284)
______ ?(???(????u (3496)
______ ?(???(????u (3372)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (560)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (3524)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (1860)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (3548)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (4108)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (4136)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (4348)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (4368)
______ ?(???(????u (4488)
______ ?(???(????u (4648)
Locked IAStorDataMgrSvc.exe?????(??(?(? (4448)
Locked LMS.exe (1720)
Locked mbamservice.exe (1252)
Locked UNS.exe (4832)
______ ?(???(????u (1740)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (4312)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (820)
Locked audiodg.exe (2344)
______ ?(???(????u (4248)
______ ?(???(????u (1604)
______ C:\Users\Flavio\AppData\Local\Google\Chrome\Application\chrome.exe (2676)
______ C:\Program Files\Sandboxie\32\SbieSvc.exe (2804)
______ C:\Users\Flavio\Desktop\Rooter.exe (4464)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:500000882688)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-282972661-2983822614-2556487043-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-282972661-2983822614-2556487043-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:01.40
.
C:\Rooter$\Rooter_1.txt - (28/04/2012 | 14:01.40)

Mr.Wolf · 28/04/2012

flavio-sp disse:
olá Mr. Wolf
antes de vc responder eu tinha tentado um tal de combo box que eu li na net ae e tal..mais naum resolveu nada aqui.
tem problema de ter baixado esse programa e passado aqui??

O nome é ComboFix, amigo. Rodar esta ferramenta não tem problema algum. Só que a questão é que o ComboFix não trata muito bem de infecções por rootkit.

- Baixe o catchme e salve no desktop.
- Abra o bloco de notas e cole este script dentro:

start
.Remove={284/1716}
.MBR={\Device\Harddisk0\*.sys /md5}
.MD5{0}
.Rootkit={\Device\Harddisk0\Partition1\*.sys}
.MBR={\Device\Harddisk0\Partition1\*.sys}
end

- Salve no desktop com o nome de catchmescript.txt.
- Arraste o catchmescript.txt para o executável catchme.exe. Aguarde rapidamente uma tela do DOS abrir e fechar.
- Um log será aberto automaticamente.

Poste-o aqui.

flavio-sp · 29/04/2012

ola Mr. Wolf
véio estranhamente o log naum foi feito..naum abriu nada pra mim e tb naum ta em lugar nenhum do note oO
mais de qualquer maneira depois de fazer isso os problemas que eu tava passando pararam :awesome:

shooow de bola cara..mto obrigado msm
agora to conseguindo abrir tudo dinovo e o note ta ate mais rapido pq tava lento demais

tem idéia do que pode ter acontecido com o log?? ou eu posto um outro log??

aguardando novas instruções

valeeeeu

P_I_N_G_A · 01/05/2012

Olá Mr.Wolf,

Recentemente tem acontecido algo estranho com o I-Tunes: toda vez que carrego pela 1ª vez, ao encerrar, ou seja, ao fecha-lo ele sozinho se executa. Ele só para quando reiniciar o PC. O mais estranho é que indo pelo explorer e entro na pasta do Itunes/music o Itunes abre.O que pode ser?

O AV é o Avira free sempre atualizado e nunca encontra nada.
O sistema é o Win7 64bits.

Obrigado!

Luciano Bellazzi · 01/05/2012

Firefox dando crash

OTL logfile created on: 1/5/2012 11:01:15 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Alexa\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1,75 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 39,92% Memory free
3,60 Gb Paging File | 2,59 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 298,08 Gb Total Space | 73,51 Gb Free Space | 24,66% Space Free | Partition Type: NTFS
Drive E: | 8,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ALEXA | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 10:54:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexa\Meus documentos\Downloads\OTL.exe
PRC - [2012/04/17 21:04:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2012/04/07 20:41:39 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
PRC - [2012/04/07 20:41:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/03/16 21:33:16 | 000,918,880 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/16 21:33:08 | 000,982,880 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe
PRC - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2011/10/20 19:40:23 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgtray.exe
PRC - [2011/07/20 22:08:36 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/09 16:28:24 | 001,226,608 | ---- | M] () -- C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/03 15:44:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/15 10:24:29 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
PRC - [2010/05/15 10:24:23 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgscanx.exe
PRC - [2010/05/15 10:24:23 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe
PRC - [2010/05/12 10:17:04 | 002,612,224 | ---- | M] (LightComm Tecnologia) -- C:\Arquivos de programas\TIM\GSM\TIMWEB.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2010/01/14 22:11:42 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/23 11:15:34 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/04/07 09:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/09/26 10:33:32 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgnsx.exe
PRC - [2008/09/26 10:33:32 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgrsx.exe
PRC - [2008/03/18 01:27:12 | 000,013,312 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/08/03 16:06:32 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:46 | 000,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/08/03 23:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/17 21:03:59 | 001,952,696 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\mozjs.dll
MOD - [2012/03/16 21:33:16 | 000,918,880 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/16 21:33:08 | 000,982,880 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe
MOD - [2011/08/10 08:37:32 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/12/09 16:29:16 | 000,096,112 | ---- | M] () -- C:\Arquivos de programas\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 16:28:24 | 001,226,608 | ---- | M] () -- C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/17 15:29:17 | 000,355,688 | ---- | M] () -- C:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/08/16 17:06:04 | 000,141,312 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll
MOD - [2009/02/27 19:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2012/04/17 21:03:59 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/07 20:41:39 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/07 20:41:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/16 21:33:16 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/11/10 10:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de programas\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/02 13:02:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/15 10:24:23 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/04/07 09:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/18 01:27:12 | 000,013,312 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/03/12 13:49:46 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/01 09:20:51 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2012/05/01 09:20:51 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2012/04/07 20:41:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/07 20:41:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2010/06/23 20:57:56 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/06/23 20:57:42 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/06/23 20:57:42 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/06/17 15:29:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:29:08 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009/04/07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/12/17 16:00:50 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/26 10:33:47 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/09/26 10:33:43 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/09/26 10:33:42 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/08/06 06:12:00 | 004,755,968 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/21 01:13:00 | 001,203,776 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/11/02 07:47:38 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdm.sys -- (s916mdm)
DRV - [2007/11/02 07:47:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mgmt.sys -- (s916mgmt) Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM)
DRV - [2007/11/02 07:47:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916obex.sys -- (s916obex)
DRV - [2007/11/02 07:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)
DRV - [2007/11/02 07:47:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdfl.sys -- (s916mdfl)
DRV - [2007/10/09 14:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/03 05:31:44 | 000,018,688 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/08/03 05:10:14 | 000,321,536 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/05/17 04:00:00 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101437&mntrId=444243230000000000000026226fe214
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14782&src=crm&q={searchTerms}&locale=pt_BR&apn_ptnrs=VY&apn_dtid=YYYYYYYYBR&apn_uid=B1BF0B3A-D039-4684-AFF6-62302D702F90&apn_sauid=0A94C0D8-60C5-4395-9FEC-18F660CF6B14
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.br/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_pt-BRBR461
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={36795D77-0443-4A2A-B7A9-E3A5B062C1EE}&mid=fb8f6575142e8d798a33545f990f7036-37f1e45a89a883453f104ecbc342bcce55b1021e&lang=pt-br&ds=AVG&pr=pa&d=2011-12-04 09:07:39&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1957994488-688789844-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.7.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=444243230000000000000026226fe214&tlver=1.4.35.10&affID=101437&babsrc=SP_FFUP"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Arquivos de programas\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/20 22:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search\10.2.0.3\ [2012/03/16 21:33:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/04/17 21:04:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/07/20 22:09:59 | 000,000,000 | ---D | M]

[2010/05/16 08:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Extensions
[2012/04/06 12:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Firefox\Profiles\aozl8ub3.default\extensions
[2011/03/09 18:47:11 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Firefox\Profiles\aozl8ub3.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/01/27 07:31:17 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Firefox\Profiles\aozl8ub3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2011/11/16 22:29:53 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Firefox\Profiles\aozl8ub3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2011/09/28 20:19:44 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Firefox\Profiles\aozl8ub3.default\extensions\ffxtlbr@babylon.com
[2011/08/14 09:33:04 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Firefox\Profiles\aozl8ub3.default\searchplugins\askcom.xml
[2011/05/08 17:53:26 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Alexa\Dados de aplicativos\Mozilla\Firefox\Profiles\aozl8ub3.default\searchplugins\bing.xml
[2012/04/06 11:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2012/04/17 21:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\distribution\extensions
[2010/05/19 19:44:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALEXA\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\AOZL8UB3.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALEXA\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\AOZL8UB3.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/04/17 21:04:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2010/05/19 19:44:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/16 21:32:58 | 000,003,769 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/28 20:16:18 | 000,002,288 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\babylon.xml
[2012/04/04 05:21:23 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2012/04/04 05:21:23 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2012/04/04 05:21:23 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2012/04/04 05:21:23 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/04/04 05:21:23 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Alexa\Dados de aplicativos\Complitly\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BFD16BFB-E9C0-4444-B24E-938C42AB8D6C} - No CLSID value found.
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Arquivos de programas\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Arquivos de programas\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Winupdate] c:\windows\system32\winupdate\lsass.exe /startup File not found
O4 - HKU\S-1-5-21-1957994488-688789844-682003330-1003..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1957994488-688789844-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: infoseg.gov.br ([www2] https in Sites confiáveis)
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: itau.com.br ([bankline] https in Sites confiáveis)
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: itau.com.br ([guardiao] https in Sites confiáveis)
O15 - HKU\S-1-5-21-1957994488-688789844-682003330-1003\..Trusted Domains: itau.com.br ([www] http in Sites confiáveis)
O16 - DPF: {00000162-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/62.14/uploader2.cab (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://static4.orkut.com/activex/10036/photouploader.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab (GbPluginObj Class)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} https://www5.infoseg.gov.br/Install/GbPluginIsg.cab (GbPluginObj Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F2BA55F-4CBB-42E2-8596-4CCD4322DD27}: NameServer = 189.40.226.80 189.40.224.80
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginIsg: DllName - (C:\ARQUIV~1\GbPlugin\gbiehIsg.dll) - C:\Arquivos de programas\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\ARQUIV~1\GbPlugin\gbiehUni.dll) - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alexa\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alexa\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Arquivos de programas\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/26 07:00:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/20 14:28:14 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/06 10:41:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{490fe054-5181-11df-ac03-0026226fe214}\Shell - "" = AutoRun
O33 - MountPoints2\{490fe054-5181-11df-ac03-0026226fe214}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{4b77d8f6-5b4f-11df-ac14-0026226fe214}\Shell - "" = AutoRun
O33 - MountPoints2\{4b77d8f6-5b4f-11df-ac14-0026226fe214}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4b77d8fa-5b4f-11df-ac14-0026226fe214}\Shell - "" = AutoRun
O33 - MountPoints2\{4b77d8fa-5b4f-11df-ac14-0026226fe214}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/03/20 14:28:14 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9fb42070-6f16-11df-ac4c-0026226fe214}\Shell - "" = AutoRun
O33 - MountPoints2\{9fb42070-6f16-11df-ac4c-0026226fe214}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/03/20 14:28:14 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 14:15:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012/04/06 11:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla
[2012/04/06 11:02:35 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Maintenance Service
[2012/04/04 22:27:23 | 000,028,880 | ---- | C] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
[2011/03/09 18:46:40 | 003,056,008 | ---- | C] (Ask) -- C:\Arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/01 10:46:00 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/01 10:38:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2012/05/01 10:31:00 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2012/05/01 09:54:41 | 063,497,073 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/05/01 09:20:52 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/01 09:20:51 | 000,028,880 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
[2012/05/01 09:20:48 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-688789844-682003330-1003.job
[2012/05/01 09:20:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 20:47:00 | 000,000,696 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_BR0CGFD0C505HY.job
[2012/04/30 19:14:01 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/26 22:30:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-688789844-682003330-1003.job
[2012/04/25 22:30:12 | 000,629,193 | ---- | M] () -- C:\Documents and Settings\Alexa\Desktop\GRAER.pdf
[2012/04/21 15:13:26 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Alexa\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 15:13:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/08 10:00:51 | 000,489,942 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012/04/08 10:00:51 | 000,454,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/08 10:00:51 | 000,085,464 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012/04/08 10:00:51 | 000,073,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/07 20:41:40 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/04/07 20:41:40 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/04/06 11:13:13 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/04/06 11:02:45 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\GbpKm.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/25 22:29:33 | 000,629,193 | ---- | C] () -- C:\Documents and Settings\Alexa\Desktop\GRAER.pdf
[2012/04/06 11:13:13 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/04/06 11:02:45 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/06 11:02:44 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
[2012/03/03 19:11:24 | 000,000,176 | ---- | C] () -- C:\WINDOWS\REC-NET.INI
[2011/03/09 20:26:57 | 000,185,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2011/03/08 21:19:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2011/03/08 21:09:20 | 000,128,000 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.EXE
[2011/03/08 21:09:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\DesinstRecnet.exe
[2011/03/08 21:09:20 | 000,005,361 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.ini
[2010/09/09 08:05:12 | 000,000,134 | ---- | C] () -- C:\WINDOWS\System32\drwtsn32.dll
[2010/07/20 14:17:07 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/07/20 14:00:11 | 104,137,857 | ---- | C] () -- C:\Arquivos de programas\eclipse-java-helios-win32.zip
[2010/06/30 16:36:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/06/30 16:36:29 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/06/30 16:36:12 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Alexa\Dados de aplicativos\$_hpcst$.hpc
[2010/05/16 08:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2011/12/10 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\AVG Secure Search
[2011/09/28 20:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\Babylon
[2011/09/28 20:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\BabylonToolbar
[2011/03/09 18:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\Complitly
[2011/05/13 22:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\DBDesigner4
[2010/05/07 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\Free YouTube to MP3 WMA Converter
[2010/07/31 09:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\mp3ripper
[2012/04/06 09:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\MSDLL
[2011/03/05 11:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\Notepad++
[2011/05/23 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\Nullsoft
[2010/06/30 16:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\PC Suite
[2011/09/21 20:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\postgresql
[2010/06/30 16:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\Samsung
[2011/12/04 15:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\SWIPrologEditor
[2010/05/16 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\TIM
[2010/04/26 13:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexa\Dados de aplicativos\Vso
[2012/03/16 21:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search
[2011/04/22 18:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar
[2011/09/28 20:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
[2011/12/04 08:07:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2011/11/05 06:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas
[2012/04/14 17:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2010/05/16 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\lightcomm
[2010/06/30 16:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite
[2010/05/16 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TIM
[2011/01/16 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\VistaCodecs
[2010/08/26 21:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom
[2012/05/01 10:31:00 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2012/05/01 10:38:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 412 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:12373E5A_Uni.gbp
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:12373E5A_Isg.gbp
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:12373E5A_Bb.gbp

< End of report >

Lodur · 03/05/2012

Uma ajudinha *-* '

Olá mr wolf, tem como dar uma checada para mim por gentileza ?

Fiz no Otl:

OTL Extras logfile created on: 5/3/2012 8:44:42 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Felipe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 4.66 Gb Available Physical Memory | 58.35% Memory free
15.96 Gb Paging File | 11.15 Gb Available in Paging File | 69.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.98 Gb Total Space | 1231.82 Gb Free Space | 89.01% Space Free | Partition Type: NTFS
Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007E7E7D-827E-459B-A9E4-2072709E5556}" = rport=139 | protocol=6 | dir=out | app=system |
"{26882790-6C90-42C1-8A0A-E016602098CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33AB87D8-65B3-4D23-BC31-6612F64D6253}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{440EFBF5-4FF3-4429-892F-0EA1287FEAF4}" = rport=137 | protocol=17 | dir=out | app=system |
"{456EE1C4-FA4B-44E7-A3DB-59EFEE1CEFF7}" = lport=139 | protocol=6 | dir=in | app=system |
"{56CCC8CB-3C26-47DC-B628-5D7754DAEEFB}" = rport=138 | protocol=17 | dir=out | app=system |
"{65E5EAA5-27D9-4B5D-A80A-85DA6A74B8E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A0B0F845-00D7-4A56-8EF8-9C42A0741B1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD7F2CBC-B285-43C3-9C5E-7AF734E5E413}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9926935-94B8-41E7-BBA2-E655AB5E9607}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BC8C1B8E-95BA-4A92-9F66-1F82E9742708}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF1AD410-DF66-47B0-A147-CCB2CE60E521}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF481A55-D122-40A6-8EE9-7A3244E68BDB}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD39050F-6477-4C8C-9269-3BB37158A2EF}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DA0501-4D5D-4CB0-8A69-36A956A4362C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0A878A9F-5611-4675-BD89-10BB8A384D69}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgame.exe |
"{0EE39C87-AA80-466D-92F5-0926D30E779C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{18AF27BD-0905-4587-BD55-65670B1303D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1B2B8961-1D2E-4B19-848B-372F39AD35EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B993CB3-54EA-46B7-8940-8DF8CBE814E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C3BE3B7-5CE5-495E-AA6A-55CB53B0E447}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{1FCD0EDD-DF64-4F9E-A774-AE382EA55D85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{23CDA66D-157D-484F-B89D-0A16113F1E19}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{248BA7EC-E341-4A6F-84B0-9FC9F5F3B224}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{249018E9-F3AA-4B92-8E08-0E1957990AA1}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{30AE1614-DAF5-424E-BEF7-795224B07274}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3462DF35-013B-4702-AC9F-C3EFC361EC0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34873A48-72A4-459F-BE38-E6104A5FE068}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{38255517-0CA5-4A85-8536-4FAA38A4E289}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3900F172-A409-415C-A97D-A1205D72EDB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3A9C33CE-3E34-4993-AD8C-A554488D247B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3B38F60A-2BAA-400F-9D84-F4D2028098EB}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{3C16E684-5954-4D16-BA44-6FD94E3D6061}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{3C59C1F3-9EAB-4DCD-BE62-6EEC31FCDC60}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{3CC4ED94-D158-4507-8575-4ECFF398111C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3DFB716F-865E-4565-8821-FF8A061A559B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{4088AF15-DDB9-4F91-8FB1-B2E572B30C34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{4231AF17-5CEF-4247-94EF-21E04171FE8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{439CDA95-CFD4-4835-894F-E5C789A7B56D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4958DDFF-DFBA-4388-A97C-B9A3441FE22E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4AECC3CC-4314-4462-9DAF-1C79EA5D84B1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4CDB1077-9A2E-4265-9A79-C74CB22F6D69}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{4D543B3F-E91C-4832-8414-A476892940A1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{51ADFF86-C69C-4D81-8A33-8B4C3AF5515B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5FF9CA9F-E2E0-4626-92C9-99262A856314}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{654BFF3D-B940-4B5D-902F-9FC2CD26A78B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{676DE3EC-6CD6-4564-A417-320FA97A7C89}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{68E2C46D-1600-4599-A6D3-FA6CC01B1DC8}" = protocol=17 | dir=in | app=c:\aeriagames\repulse\repulse.exe |
"{699FF9F4-6ED6-49DE-B49F-56B7FA4CCA65}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6C0CEABB-3112-43D0-BAF8-C3044E47DBC5}" = protocol=6 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |
"{7006337F-5E13-44F2-8EF2-BF0E1EFD728B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{73B3138E-6A6D-48D2-8CE0-1F2F23B45950}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7403CF6C-84D3-4511-913D-A70D6C10383C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{78381C41-2517-4BFC-9F14-EE1126DAD6BB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7C9B339F-00D9-4550-AA3F-23E256FEAF62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{81F69B17-3DF8-4AC4-B24E-AB49ED3196E0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{8335A258-018F-4F36-9720-A8BFF619C857}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{8431B449-F3D4-461D-813E-8E7D4182A313}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{862C32D8-B91C-4F01-83A8-341EC8444A18}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{88733FFB-43E3-4715-8050-2FF68349C8BE}" = protocol=6 | dir=in | app=c:\aeriagames\repulse\repulse.exe |
"{890B5486-78BE-446D-B321-7D2348DACF55}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{8D0BB320-60AC-4CFC-9EEC-3CAE94550DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{9166AD6B-7E18-4258-BD52-D7212AFCCABD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{983F0170-2DF5-4213-99CB-99E24A5746EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{9B443FFD-09D5-4F17-AB8B-226D1414450C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9CBDE9D6-BC1C-44DD-94FE-97687461B909}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{9D34DE23-9547-4E58-B4B6-768F4087A888}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{A7EE0216-A68A-451F-8210-D60B63EF58F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{AC8E3DF3-7E0B-4E04-9A4D-824E4E59E970}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{AD665467-DB39-4A2F-BFD6-ADFC619352AF}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{B2784EA6-21FA-4EB7-929F-7D5FA8751F7A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{B72B8B71-6CDE-4DF5-9E8D-316530383E79}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgame.exe |
"{BB91A087-759C-4523-B8FD-6D4F70E66007}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{C1D0460F-92E8-48C3-B718-ED9D74294CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{CA74E1DB-8DEF-429B-83B3-61ABB7249439}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{CF860BF4-A18B-40A2-97A8-D5A27AD381EC}" = protocol=17 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |
"{D38D497D-B77A-44D0-B333-708EF9CC1914}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E343168A-8812-46F7-B5D8-4FBDD1B90DED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E8633877-4074-4B89-BBA7-7F4A90F9027B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{EB4EB55E-ADF2-4145-A66B-8E5B94C8BB34}" = protocol=17 | dir=in | app=c:\aeriagames\repulse\gameconsole.bin |
"{ED5B6CCE-FA75-48C7-ABC1-E83939EA97D3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{EE15F385-7B43-420E-8A2A-572E68F3D37F}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgamelauncher.exe |
"{EF06F547-0B9A-4E58-9615-9BEADDC71C30}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{F01FC9C3-6292-4B53-B945-267C39D64AE8}" = protocol=6 | dir=in | app=c:\aeriagames\repulse\gameconsole.bin |
"{F061309B-7741-431B-8441-54D1E735A8D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1C3130F-BCF1-4BA5-A25E-31846DB75A31}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F27C413B-C20B-48C9-9971-E63A0EC1C62C}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F2BA0C6B-F5F3-41BC-B53F-E1DCF35AF03D}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{F540BFF3-DB01-4F81-B880-79A056264832}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F825EEB0-DCB8-4938-AB6C-FAB51ABF3F43}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgamelauncher.exe |
"{FD6C5FAD-809C-44E2-9523-B453AE556AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"TCP Query User{DC62AAA8-988D-4C3C-B36D-1136D48B718C}C:\users\felipe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A77E3973-62E3-4653-B010-E595829AF98D}C:\users\felipe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64
"{46CCB0D4-A98F-4009-B5A5-DE38A667D068}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{e0e56e21-55de-4f77-a109-1baa72348744}" = Python 3.0 (64-bit)
"{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish
"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D106581-6726-4D1B-ABEC-0CA02410F24F}" = Adobe Photoshop CS6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek
"{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean
"{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech
"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58AA0670-2352-424B-BE5F-CF59EDD07EA0}" = Razer Anansi
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese
"{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B6C9B6-CDF1-516E-EDBD-F3F8EBF7A0C7}" = Adobe Support Advisor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{848B970B-DFF4-467B-B062-17E790260BAF}" = RagnarokOnline
"{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0416-0000-0000000FF1CE}" = Visualizador do Microsoft PowerPoint
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF58B132-4C67-4E0A-BE3D-8DADB1E32258}" = Vegas Movie Studio 9.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Support Advisor
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"Diablo II" = Diablo II
"Diablo III Beta" = Diablo III Beta
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Fraps" = Fraps
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.6.221
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"leveluptb" = LevelUp Toolbar
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Repulse" = Repulse
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 9900" = Star Trek Online
"Translate Client" = Client for Google Translate
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3707684848-4117957566-1642259195-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2012 2:14:23 PM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/12/2012 6:39:39 PM | Computer Name = Felipe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Faulting module name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Exception code: 0xc0000005 Fault offset: 0x000a88ea Faulting process
id: 0x98c Faulting application start time: 0x01cd18d7f9645f39 Faulting application
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Faulting module
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Report Id: 62e53cb9-84f0-11e1-b228-180373d2c3a8

Error - 4/13/2012 12:22:11 PM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/13/2012 12:57:30 PM | Computer Name = Felipe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/13/2012 9:51:40 PM | Computer Name = Felipe-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/13/2012 9:55:24 PM | Computer Name = Felipe-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/14/2012 11:15:30 AM | Computer Name = Felipe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/14/2012 8:20:59 PM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/14/2012 9:00:28 PM | Computer Name = Felipe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/15/2012 9:15:49 AM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/1/2012 10:12:05 AM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 5/1/2012 12:07:46 PM | Computer Name = Felipe-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\LevelUp! Games\RagnarokOnline\GameGu has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/1/2012 12:07:51 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7000
Description = The NPPTNT2 service failed to start due to the following error: %%2

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\LevelUp! Games\RagnarokOnline\npkcus has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7000
Description = The npkcusb service failed to start due to the following error: %%1275

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\LevelUp! Games\RagnarokOnline\npkcus has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7000
Description = The npkcusb service failed to start due to the following error: %%1275

Error - 5/1/2012 9:00:57 PM | Computer Name = Felipe-PC | Source = DCOM | ID = 10010
Description =

Error - 5/2/2012 5:31:12 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 5/2/2012 10:00:49 PM | Computer Name = Felipe-PC | Source = DCOM | ID = 10010
Description =

< End of report >~
_________

Extras.txt:

OTL Extras logfile created on: 5/3/2012 8:44:42 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Felipe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 4.66 Gb Available Physical Memory | 58.35% Memory free
15.96 Gb Paging File | 11.15 Gb Available in Paging File | 69.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.98 Gb Total Space | 1231.82 Gb Free Space | 89.01% Space Free | Partition Type: NTFS
Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007E7E7D-827E-459B-A9E4-2072709E5556}" = rport=139 | protocol=6 | dir=out | app=system |
"{26882790-6C90-42C1-8A0A-E016602098CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33AB87D8-65B3-4D23-BC31-6612F64D6253}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{440EFBF5-4FF3-4429-892F-0EA1287FEAF4}" = rport=137 | protocol=17 | dir=out | app=system |
"{456EE1C4-FA4B-44E7-A3DB-59EFEE1CEFF7}" = lport=139 | protocol=6 | dir=in | app=system |
"{56CCC8CB-3C26-47DC-B628-5D7754DAEEFB}" = rport=138 | protocol=17 | dir=out | app=system |
"{65E5EAA5-27D9-4B5D-A80A-85DA6A74B8E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A0B0F845-00D7-4A56-8EF8-9C42A0741B1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD7F2CBC-B285-43C3-9C5E-7AF734E5E413}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9926935-94B8-41E7-BBA2-E655AB5E9607}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BC8C1B8E-95BA-4A92-9F66-1F82E9742708}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF1AD410-DF66-47B0-A147-CCB2CE60E521}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF481A55-D122-40A6-8EE9-7A3244E68BDB}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD39050F-6477-4C8C-9269-3BB37158A2EF}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DA0501-4D5D-4CB0-8A69-36A956A4362C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0A878A9F-5611-4675-BD89-10BB8A384D69}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgame.exe |
"{0EE39C87-AA80-466D-92F5-0926D30E779C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{18AF27BD-0905-4587-BD55-65670B1303D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1B2B8961-1D2E-4B19-848B-372F39AD35EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B993CB3-54EA-46B7-8940-8DF8CBE814E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C3BE3B7-5CE5-495E-AA6A-55CB53B0E447}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{1FCD0EDD-DF64-4F9E-A774-AE382EA55D85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{23CDA66D-157D-484F-B89D-0A16113F1E19}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{248BA7EC-E341-4A6F-84B0-9FC9F5F3B224}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{249018E9-F3AA-4B92-8E08-0E1957990AA1}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{30AE1614-DAF5-424E-BEF7-795224B07274}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3462DF35-013B-4702-AC9F-C3EFC361EC0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34873A48-72A4-459F-BE38-E6104A5FE068}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{38255517-0CA5-4A85-8536-4FAA38A4E289}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3900F172-A409-415C-A97D-A1205D72EDB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3A9C33CE-3E34-4993-AD8C-A554488D247B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3B38F60A-2BAA-400F-9D84-F4D2028098EB}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{3C16E684-5954-4D16-BA44-6FD94E3D6061}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{3C59C1F3-9EAB-4DCD-BE62-6EEC31FCDC60}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{3CC4ED94-D158-4507-8575-4ECFF398111C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3DFB716F-865E-4565-8821-FF8A061A559B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{4088AF15-DDB9-4F91-8FB1-B2E572B30C34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{4231AF17-5CEF-4247-94EF-21E04171FE8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{439CDA95-CFD4-4835-894F-E5C789A7B56D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4958DDFF-DFBA-4388-A97C-B9A3441FE22E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4AECC3CC-4314-4462-9DAF-1C79EA5D84B1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4CDB1077-9A2E-4265-9A79-C74CB22F6D69}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{4D543B3F-E91C-4832-8414-A476892940A1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{51ADFF86-C69C-4D81-8A33-8B4C3AF5515B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5FF9CA9F-E2E0-4626-92C9-99262A856314}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{654BFF3D-B940-4B5D-902F-9FC2CD26A78B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{676DE3EC-6CD6-4564-A417-320FA97A7C89}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{68E2C46D-1600-4599-A6D3-FA6CC01B1DC8}" = protocol=17 | dir=in | app=c:\aeriagames\repulse\repulse.exe |
"{699FF9F4-6ED6-49DE-B49F-56B7FA4CCA65}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6C0CEABB-3112-43D0-BAF8-C3044E47DBC5}" = protocol=6 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |
"{7006337F-5E13-44F2-8EF2-BF0E1EFD728B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{73B3138E-6A6D-48D2-8CE0-1F2F23B45950}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7403CF6C-84D3-4511-913D-A70D6C10383C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{78381C41-2517-4BFC-9F14-EE1126DAD6BB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7C9B339F-00D9-4550-AA3F-23E256FEAF62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{81F69B17-3DF8-4AC4-B24E-AB49ED3196E0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{8335A258-018F-4F36-9720-A8BFF619C857}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{8431B449-F3D4-461D-813E-8E7D4182A313}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{862C32D8-B91C-4F01-83A8-341EC8444A18}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{88733FFB-43E3-4715-8050-2FF68349C8BE}" = protocol=6 | dir=in | app=c:\aeriagames\repulse\repulse.exe |
"{890B5486-78BE-446D-B321-7D2348DACF55}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{8D0BB320-60AC-4CFC-9EEC-3CAE94550DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{9166AD6B-7E18-4258-BD52-D7212AFCCABD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{983F0170-2DF5-4213-99CB-99E24A5746EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{9B443FFD-09D5-4F17-AB8B-226D1414450C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9CBDE9D6-BC1C-44DD-94FE-97687461B909}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{9D34DE23-9547-4E58-B4B6-768F4087A888}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{A7EE0216-A68A-451F-8210-D60B63EF58F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{AC8E3DF3-7E0B-4E04-9A4D-824E4E59E970}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{AD665467-DB39-4A2F-BFD6-ADFC619352AF}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{B2784EA6-21FA-4EB7-929F-7D5FA8751F7A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{B72B8B71-6CDE-4DF5-9E8D-316530383E79}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgame.exe |
"{BB91A087-759C-4523-B8FD-6D4F70E66007}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{C1D0460F-92E8-48C3-B718-ED9D74294CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{CA74E1DB-8DEF-429B-83B3-61ABB7249439}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{CF860BF4-A18B-40A2-97A8-D5A27AD381EC}" = protocol=17 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |
"{D38D497D-B77A-44D0-B333-708EF9CC1914}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E343168A-8812-46F7-B5D8-4FBDD1B90DED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E8633877-4074-4B89-BBA7-7F4A90F9027B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{EB4EB55E-ADF2-4145-A66B-8E5B94C8BB34}" = protocol=17 | dir=in | app=c:\aeriagames\repulse\gameconsole.bin |
"{ED5B6CCE-FA75-48C7-ABC1-E83939EA97D3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{EE15F385-7B43-420E-8A2A-572E68F3D37F}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgamelauncher.exe |
"{EF06F547-0B9A-4E58-9615-9BEADDC71C30}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{F01FC9C3-6292-4B53-B945-267C39D64AE8}" = protocol=6 | dir=in | app=c:\aeriagames\repulse\gameconsole.bin |
"{F061309B-7741-431B-8441-54D1E735A8D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1C3130F-BCF1-4BA5-A25E-31846DB75A31}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F27C413B-C20B-48C9-9971-E63A0EC1C62C}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F2BA0C6B-F5F3-41BC-B53F-E1DCF35AF03D}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{F540BFF3-DB01-4F81-B880-79A056264832}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F825EEB0-DCB8-4938-AB6C-FAB51ABF3F43}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\tron evolution\binaries\win32live\gridgamelauncher.exe |
"{FD6C5FAD-809C-44E2-9523-B453AE556AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"TCP Query User{DC62AAA8-988D-4C3C-B36D-1136D48B718C}C:\users\felipe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A77E3973-62E3-4653-B010-E595829AF98D}C:\users\felipe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\felipe\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64
"{46CCB0D4-A98F-4009-B5A5-DE38A667D068}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{e0e56e21-55de-4f77-a109-1baa72348744}" = Python 3.0 (64-bit)
"{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish
"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D106581-6726-4D1B-ABEC-0CA02410F24F}" = Adobe Photoshop CS6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek
"{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean
"{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech
"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58AA0670-2352-424B-BE5F-CF59EDD07EA0}" = Razer Anansi
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese
"{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B6C9B6-CDF1-516E-EDBD-F3F8EBF7A0C7}" = Adobe Support Advisor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{848B970B-DFF4-467B-B062-17E790260BAF}" = RagnarokOnline
"{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0416-0000-0000000FF1CE}" = Visualizador do Microsoft PowerPoint
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF58B132-4C67-4E0A-BE3D-8DADB1E32258}" = Vegas Movie Studio 9.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Support Advisor
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"Diablo II" = Diablo II
"Diablo III Beta" = Diablo III Beta
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Fraps" = Fraps
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.6.221
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"leveluptb" = LevelUp Toolbar
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Repulse" = Repulse
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 9900" = Star Trek Online
"Translate Client" = Client for Google Translate
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3707684848-4117957566-1642259195-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2012 2:14:23 PM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/12/2012 6:39:39 PM | Computer Name = Felipe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Faulting module name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Exception code: 0xc0000005 Fault offset: 0x000a88ea Faulting process
id: 0x98c Faulting application start time: 0x01cd18d7f9645f39 Faulting application
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Faulting module
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Report Id: 62e53cb9-84f0-11e1-b228-180373d2c3a8

Error - 4/13/2012 12:22:11 PM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/13/2012 12:57:30 PM | Computer Name = Felipe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/13/2012 9:51:40 PM | Computer Name = Felipe-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/13/2012 9:55:24 PM | Computer Name = Felipe-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/14/2012 11:15:30 AM | Computer Name = Felipe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/14/2012 8:20:59 PM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/14/2012 9:00:28 PM | Computer Name = Felipe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/15/2012 9:15:49 AM | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/1/2012 10:12:05 AM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 5/1/2012 12:07:46 PM | Computer Name = Felipe-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\LevelUp! Games\RagnarokOnline\GameGu has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/1/2012 12:07:51 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7000
Description = The NPPTNT2 service failed to start due to the following error: %%2

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\LevelUp! Games\RagnarokOnline\npkcus has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7000
Description = The npkcusb service failed to start due to the following error: %%1275

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\LevelUp! Games\RagnarokOnline\npkcus has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 5/1/2012 12:08:01 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7000
Description = The npkcusb service failed to start due to the following error: %%1275

Error - 5/1/2012 9:00:57 PM | Computer Name = Felipe-PC | Source = DCOM | ID = 10010
Description =

Error - 5/2/2012 5:31:12 PM | Computer Name = Felipe-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 5/2/2012 10:00:49 PM | Computer Name = Felipe-PC | Source = DCOM | ID = 10010
Description =

< End of report >

__

Valeu ai pelo apoio meu caro (x
Tem como me passar algum link para aprender a analisar o que esta escrito a cima ? T.T

Obrigado mais uma vez

Safsprin · 04/05/2012

@Luciano: por favor, use o botão SPOILER pra postar!

OTL.txt:

OTL logfile created on: 4/5/2012 09:47:01 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\NET NEWS\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

495,48 Mb Total Physical Memory | 62,25 Mb Available Physical Memory | 12,56% Memory free
1,13 Gb Paging File | 0,66 Gb Available in Paging File | 58,73% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 19,53 Gb Total Space | 9,55 Gb Free Space | 48,89% Space Free | Partition Type: NTFS
Drive D: | 17,73 Gb Total Space | 14,65 Gb Free Space | 82,63% Space Free | Partition Type: NTFS
Drive M: | 74,49 Gb Total Space | 60,71 Gb Free Space | 81,50% Space Free | Partition Type: NTFS

Computer Name: POJUCA-03 | User Name: NET NEWS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/04 09:44:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NET NEWS\Meus documentos\Downloads\OTL.exe
PRC - [2012/04/27 23:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011/11/17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Arquivos de programas\Ask.com\Updater\Updater.exe
PRC - [2011/09/27 04:11:00 | 004,871,264 | ---- | M] (MEDIA FOG LTD) -- C:\Arquivos de programas\Carambis\Driver Updater\dupdater.exe
PRC - [2008/04/14 06:00:00 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/14 06:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/04 03:57:10 | 001,771,520 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\12050400\algo.dll
MOD - [2012/04/27 23:07:01 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 23:06:59 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 23:05:34 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 23:05:33 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 23:05:32 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/27 22:09:18 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2011/09/27 04:11:00 | 000,066,048 | ---- | M] () -- C:\Arquivos de programas\Carambis\Driver Updater\CrashRpt.dll
MOD - [2009/02/27 17:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

========== Win32 Services (SafeList) ==========

SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/10/26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\NETNEW~1\CONFIG~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 19:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/22 11:19:22 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/13 08:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/12/29 14:48:06 | 004,026,112 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
IE - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sobre a Ask.com Brasil
IE - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\..\SearchScopes\{B1E709BF-71EC-4B6A-917E-996825FEE928}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=pt_BR&apn_ptnrs=NY&apn_dtid=YYYYYYYYBR&apn_uid=D9DBD257-FB4A-48D9-8A69-F112703D801E&apn_sauid=FB3333A6-F557-4361-A067-924FE57658A7&
IE - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\NET NEWS\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\NET NEWS\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\NET NEWS\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Ask Toolbar = C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aaaapkoadeoehimjeflihaofcfpbngen\7.13.2.0_0\
CHR - Extension: YouTube = C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Arquivos de programas\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Protecao SGDA Plus - Terminal] X:\ADVSIM\AGUARDIAN\QEB_HWT.EXE /REMOTE File not found
O4 - HKU\S-1-5-21-1202660629-583907252-1417001333-1003..\Run: [Driver Updater] C:\Arquivos de programas\Carambis\Driver Updater\dupdater.exe (MEDIA FOG LTD)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28C5FB4E-253D-46CD-9978-97CE84447215}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NET NEWS\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/17 17:52:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{04492492-3bff-11d8-bbe1-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{04492492-3bff-11d8-bbe1-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{39a4e1be-4392-11e1-8362-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{39a4e1be-4392-11e1-8362-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3eb2ddf8-3c04-11d8-bbdc-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{3eb2ddf8-3c04-11d8-bbdc-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3eb2ddfb-3c04-11d8-bbdc-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{3eb2ddfb-3c04-11d8-bbdc-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9720f0d2-5a56-11e1-8374-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{9720f0d2-5a56-11e1-8374-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9720f0d3-5a56-11e1-8374-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{9720f0d3-5a56-11e1-8374-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b443f89d-499b-11e1-8368-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{b443f89d-499b-11e1-8368-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ca2fca06-492c-11e1-8366-000fea9b14b5}\Shell - "" = AutoRun
O33 - MountPoints2\{ca2fca06-492c-11e1-8366-000fea9b14b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 09:30:37 | 004,026,112 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2012/05/04 09:30:28 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2012/05/04 09:30:25 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2012/05/04 09:30:19 | 018,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2012/05/04 09:26:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Realtek AC97
[2012/05/04 09:25:56 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2012/05/04 09:25:55 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2012/05/04 08:12:50 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2012/05/04 08:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NET NEWS\Desktop\CPU-Z
[2012/04/13 10:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\MDY Exercícios
[2012/04/13 10:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\MDY A Escola do Novo Milênio
[2012/04/13 10:18:05 | 005,816,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2012/04/13 10:18:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2012/04/13 09:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\FinalWire
[2012/04/13 09:47:55 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\FinalWire
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 09:41:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/04 09:33:30 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 09:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/04 09:33:12 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 09:29:12 | 000,001,180 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-1417001333-1003UA.job
[2012/05/04 09:28:16 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 08:42:43 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\NET NEWS\Desktop\Google Chrome.lnk
[2012/05/04 08:34:40 | 000,344,380 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012/05/04 08:34:40 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/04 08:34:40 | 000,048,628 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012/05/04 08:34:40 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/04 08:26:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/04 08:12:50 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2012/04/13 14:50:29 | 005,816,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2012/04/13 14:50:27 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2012/04/13 12:47:38 | 000,000,303 | ---- | M] () -- C:\WINDOWS\ST6UNST.000
[2012/04/13 11:23:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/04/13 11:23:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 09:30:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/05/04 09:30:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/05/04 09:30:25 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2012/04/13 12:47:38 | 000,000,303 | ---- | C] () -- C:\WINDOWS\ST6UNST.000
[2012/04/01 13:12:14 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/04/01 11:42:21 | 000,004,998 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\mtbjfghn.xbe
[2011/05/19 09:41:50 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2011/01/17 21:20:11 | 000,000,032 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.zreglib
[2011/01/17 17:55:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/17 17:52:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/17 17:48:33 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/17 15:40:10 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/17 15:38:55 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2003/12/31 23:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software
[2012/01/20 15:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\OI
[2012/04/01 11:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NET NEWS\Dados de aplicativos\Carambis
[2003/12/31 23:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NET NEWS\Dados de aplicativos\InterTrust
[2004/01/01 00:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NET NEWS\Dados de aplicativos\TeamViewer
[2012/05/04 09:41:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 4/5/2012 09:47:02 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\NET NEWS\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

495,48 Mb Total Physical Memory | 62,25 Mb Available Physical Memory | 12,56% Memory free
1,13 Gb Paging File | 0,66 Gb Available in Paging File | 58,73% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 19,53 Gb Total Space | 9,55 Gb Free Space | 48,89% Space Free | Partition Type: NTFS
Drive D: | 17,73 Gb Total Space | 14,65 Gb Free Space | 82,63% Space Free | Partition Type: NTFS
Drive M: | 74,49 Gb Total Space | 60,71 Gb Free Space | 81,50% Space Free | Partition Type: NTFS

Computer Name: POJUCA-03 | User Name: NET NEWS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1202660629-583907252-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\Advance\SIMULADOR\ADVSIM\AGUARDIAN\Qeb_hwt.exe" = \\Advance\SIMULADOR\ADVSIM\AGUARDIAN\Qeb_hwt.exe:*:Enabled:Qeb_hwt.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{901C0416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveX e Flash Player_is1" = ActiveX e Flash Player
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.30
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Claro" = Claro
"Digicerto Master_is1" = Digicerto Master 2.3.2
"Driver Updater" = Carambis Driver Updater
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Standard
"oigsm_is1" = Discador Oi
"QuickTime" = QuickTime
"ST6UNST #1" = Curso de Windows
"ST6UNST #2" = Curso de Excel XP
"ST6UNST #3" = Curso de Windows Kids
"ST6UNST #4" = Curso de CorelDraw
"ST6UNST #5" = Curso de PowerPoint Kids
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2004 03:18:25 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:03:41 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:03:41 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:03:48 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:10:43 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:10:43 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:10:49 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:11:00 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 22:11:01 | Computer Name = POJUCA-03 | Source = crypt32 | ID = 131083
Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização
automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no seu período de validade ao ser
verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo
assinado.

Error - 31/12/2003 23:18:11 | Computer Name = POJUCA-03 | Source = Application Hang | ID = 1002
Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]
Error - 22/7/2011 08:32:08 | Computer Name = PC-14 | Source = W32Time | ID = 39452701
Description = O provedor de tempo NtpClient foi configurado para obter tempo de
uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

Não será feita nenhuma tentativa de contatar uma fonte durante 60 minutos. O NtpClient
não tem uma fonte de tempo preciso.

Error - 22/7/2011 09:22:37 | Computer Name = PC-14 | Source = Service Control Manager | ID = 7011
Description = Tempo limite (30000 milissegundos) esperando por uma resposta do serviço
Netman.

Error - 22/7/2011 09:22:39 | Computer Name = PC-14 | Source = W32Time | ID = 39452689
Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível
de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma
nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host
inacessível. (0x80072751)

Error - 22/7/2011 09:22:39 | Computer Name = PC-14 | Source = W32Time | ID = 39452701
Description = O provedor de tempo NtpClient foi configurado para obter tempo de
uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient
não tem uma fonte de tempo preciso.

Error - 22/7/2011 09:22:40 | Computer Name = PC-14 | Source = W32Time | ID = 39452689
Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível
de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma
nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host
inacessível. (0x80072751)

Error - 22/7/2011 09:22:40 | Computer Name = PC-14 | Source = W32Time | ID = 39452701
Description = O provedor de tempo NtpClient foi configurado para obter tempo de
uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient
não tem uma fonte de tempo preciso.

Error - 22/7/2011 09:24:09 | Computer Name = PC-14 | Source = W32Time | ID = 39452689
Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível
de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma
nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host
inacessível. (0x80072751)

Error - 22/7/2011 09:24:09 | Computer Name = PC-14 | Source = W32Time | ID = 39452701
Description = O provedor de tempo NtpClient foi configurado para obter tempo de
uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient
não tem uma fonte de tempo preciso.

Error - 22/7/2011 09:39:09 | Computer Name = PC-14 | Source = W32Time | ID = 39452689
Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível
de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma
nova tentativa em 30 minutos. Erro: Uma operação de soquete foi tentada em um host
inacessível. (0x80072751)

Error - 22/7/2011 09:39:09 | Computer Name = PC-14 | Source = W32Time | ID = 39452701
Description = O provedor de tempo NtpClient foi configurado para obter tempo de
uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

Não será feita nenhuma tentativa de contatar uma fonte durante 30 minutos. O NtpClient
não tem uma fonte de tempo preciso.

< End of report >

------------
Máquina em uma escola de cursos, driver de áudio não desinstala nem instala outro por cima, e outros problemas. Usam Avast, e não pode ser formatada por enquanto.

Obrigado adiantado!

leonardovit · 05/05/2012

Mr. Wolf, pode dar uma olhada nesses relatórios? Não é meu notebook mas tô precisando descobrir se tem algo. Ele dá umas travadas fortes, e as vezes até desliga. Quanto a desligar creio que seja algo relacionado a bateria.

OTL.txt

OTL logfile created on: 01/05/2012 21:21:16 - Run 1OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,68 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 46,39% Memory free
7,36 Gb Paging File | 5,08 Gb Available in Paging File | 69,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 233,30 Gb Free Space | 81,58% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 21:16:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/04/27 12:16:41 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2011/08/05 11:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) -- C:\Program Files (x86)\Scpad\scpVista.exe
PRC - [2011/06/28 09:32:31 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 09:41:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/08 20:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 20:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/04 00:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 00:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 10:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 10:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 10:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/28 12:33:02 | 008,743,584 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\USERDA~1\NPAPIF~1\gcswf32.dll
MOD - [2012/04/28 12:33:02 | 008,743,584 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/04/27 12:16:40 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/12 04:37:34 | 000,444,400 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/12 04:37:33 | 003,915,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 04:36:18 | 000,544,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dll
MOD - [2012/04/12 04:36:17 | 000,117,744 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dll
MOD - [2012/04/12 04:36:08 | 000,122,880 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 04:36:06 | 000,220,672 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 04:36:05 | 001,747,456 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2011/03/02 10:11:33 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/03/02 10:11:22 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2011/03/02 10:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detoured.dll
MOD - [2010/08/17 09:30:15 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/08/17 09:30:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/05/06 09:26:18 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2552d50492d66f19cfc3bf526df9d515\IAStorUtil.ni.dll
MOD - [2010/03/08 21:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/07/14 01:56:03 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/14 01:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/14 01:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 01:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 01:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/14 01:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 01:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 01:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 01:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009/05/20 03:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/27 12:16:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/14 13:27:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2011/08/05 11:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) [Auto | Running] -- C:\Program Files (x86)\Scpad\scpVista.exe -- (scpVista)
SRV - [2011/06/28 09:32:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 09:41:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/12 15:03:22 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/04/23 10:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/22 14:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 20:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 00:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/03 10:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 09:32:32 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 09:32:32 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/04/06 23:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/31 04:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/17 11:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 05:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 19:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Áudio do vídeo Intel(R)
DRV:64bit: - [2009/12/21 22:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/17 09:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 10:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/05 05:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 05:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google [binary data]
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Busca
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com.br/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_pt-BR
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703
IE - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/18 11:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 12:16:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/18 11:42:48 | 000,000,000 | ---D | M]

[2011/11/09 22:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012/04/27 12:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rt5c2mwz.default\extensions
[2012/01/08 09:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/27 12:16:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/05 00:44:23 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2011/11/05 00:44:23 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/11/05 00:27:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/11/05 00:44:23 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/11/05 00:44:23 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/23 09:46:35 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll (Sicredi)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Arquivos de Programas\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [msm] "C:\Program Files (x86)\MSM\msm.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000..\Run: [Global Registration] "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-1748311710-1647988739-2188548718-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} https://cpne.bradesco.com.br/certifexp.cab (ValidaUsuario Class)
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} https://cpne.bradesco.com.br/CA.cab (GeraCert Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://si-plg.sicredi.com.br/Cab/GbpDist.cab (GbpDistObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B869C1C-A1EE-4ED3-A0E3-C708BB0D150F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B80C7471-B419-4944-999A-930D7A8BF6E0}: DhcpNameServer = 201.33.224.2 201.33.232.7
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginScd: DllName - (C:\Program Files (x86)\GbPlugin\gbiehScd.dll) - C:\Program Files (x86)\GbPlugin\gbiehScd.dll (Sicredi)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll (Sicredi)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 21:16:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/04/27 12:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/27 12:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/12 12:15:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\HP Photosmart Projects
[2012/04/12 09:27:10 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 09:01:46 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/10 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\AutoCAD Sheet Sets
[2012/04/02 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\FACULDADE

========== Files - Modified Within 30 Days ==========

[2012/05/01 21:23:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/01 21:16:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/05/01 21:11:53 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 21:11:53 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 20:53:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/01 20:41:27 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000UA.job
[2012/05/01 20:41:22 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000UA.job
[2012/05/01 13:26:47 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/01 12:53:16 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000Core.job
[2012/04/30 23:38:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000Core.job
[2012/04/24 16:19:32 | 001,634,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/24 16:19:32 | 000,705,984 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/04/24 16:19:32 | 000,654,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/24 16:19:32 | 000,146,710 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/04/24 16:19:32 | 000,121,424 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/15 12:48:17 | 000,002,362 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/04/14 13:27:16 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 13:27:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 13:27:09 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 14:06:23 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\gbpkm.sys

========== Files Created - No Company Name ==========

[2012/04/12 09:01:46 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/09/28 14:45:19 | 001,644,546 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 21:22:54 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 15:59:08 | 000,040,020 | ---- | C] () -- C:\Program Files (x86)\fundomsn.jpg
[2011/08/01 15:59:08 | 000,021,516 | ---- | C] () -- C:\Program Files (x86)\fundolog.jpg
[2011/08/01 15:59:08 | 000,010,942 | ---- | C] () -- C:\Program Files (x86)\fundobar.jpg
[2011/08/01 15:59:08 | 000,010,858 | ---- | C] () -- C:\Program Files (x86)\fundocor.jpg
[2011/08/01 15:59:08 | 000,006,796 | ---- | C] () -- C:\Program Files (x86)\picUser.gif
[2011/08/01 15:59:08 | 000,000,052 | ---- | C] () -- C:\Program Files (x86)\espaco.gif
[2011/07/18 11:37:37 | 000,210,857 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/07/18 11:37:37 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/04/12 19:00:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/06 10:11:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/06 10:11:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/06 10:11:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/06 10:11:41 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/05/06 10:11:40 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/05/06 09:41:18 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2011/10/09 22:10:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2012/05/01 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Liteon
[2012/04/30 23:38:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000Core.job
[2012/05/01 20:41:27 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000UA.job
[2012/03/09 20:28:13 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 259 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

< End of report >

Extras.txt

OTL Extras logfile created on: 01/05/2012 21:21:16 - Run 1OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,68 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 46,39% Memory free
7,36 Gb Paging File | 5,08 Gb Available in Paging File | 69,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 233,30 Gb Free Space | 81,58% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1748311710-1647988739-2188548718-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{575A987D-565B-4A16-8DE8-20D1235ADAD9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0371717-1693-45DB-B17D-6A4DC71659E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C05577DA-1381-4F9B-9BB8-23A0C0A6D160}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C060CF-BD40-462F-A6C4-438FDA3A5F46}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{19CC1277-CC90-43C1-B7C7-651F7851DE6C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1EA8E249-B723-45C0-9BB7-BBEEB8742332}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2A70E54D-29C0-4EE5-ACED-B63A96890029}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3B98B9B4-F1C2-4376-BA83-873EB1BA8851}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{41A97507-5565-4E52-9E8A-8B7821289A94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{504111D0-6059-412E-8F88-20F66BF6B569}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{55227BC1-AF99-46DD-A276-D14E1B9338FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{5AA865B4-3A73-4A7C-9A4E-D7451AFF4022}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{6845B46F-C118-4606-B564-C493B16D85B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{69316ED3-8863-4A24-A880-0A8AB2899A02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{77EB126A-172E-4170-9E73-1197C6D2A41D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{78361CEF-6384-4C90-8DA9-5ADEFF15B34F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{788631F1-204B-4CFC-81D3-57C6AA5E2B7D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{79024C51-D0BA-487D-8B6B-F8E147145A31}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7C3FD900-10AF-4DE9-9BC2-EDDD7F9D5858}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8195BB90-2FC3-47BA-8F0D-6B6066D20EE5}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8B83A23B-419F-4B3F-8675-88CF222F7925}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{94B51314-6398-4FDB-9F37-F02B9E3686AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9A09CF44-A0A6-4C43-91A6-F390733693DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A543F26-16C4-4266-B4B6-33E1FE51B2B5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{9AA7BA81-B67D-42C3-9736-8A0CEAE0F299}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A27F624D-48BA-458B-ACE7-76F5B0544D00}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{A28633B9-02AF-4DA2-8A7E-23C876CCEB98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{A8DF9DFE-5E9B-4A6B-A87C-7E46EDBECA1F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{A8F154D7-9B72-4081-AD1D-D5D3697C4E23}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AD16DF35-2110-4915-8097-4640AB5557AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C14AA8B1-95C3-46E0-A37F-1775B896EE3D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D5C0C995-940B-40A5-84C8-A47C4A3CFEDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E1059C7A-0D4E-4524-BA15-1B9939C4B33F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{E423A683-B8FE-4457-A026-61C7A82A76E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E63AA17A-85B3-4363-ACFE-23C5418F8D7D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{F483F5B7-AC06-4252-9EA5-FCF2F688C5C9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F97B6B2E-5FCC-4744-B349-E858CDAAA357}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"TCP Query User{21B9CF7B-FB87-4E37-B471-8CA7B6D27C71}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F814973D-5546-4843-AC6D-843B77A55974}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-7001-0409-0102-0060B0CE6BBA}" = AutoCAD 2009 - English
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{498B4BF1-AD73-4AA8-99EB-18D400E42482}" = Novo Dicionário Aurélio
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4A54DD-C9E2-4647-B872-2E83C188584B}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Identity Card" = Identity Card
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"L&H Power Translator Pro 7.0" = L&H Power Translator Pro 7.0
"LManager" = Launch Manager
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 12.0 (x86 pt-BR)" = Mozilla Firefox 12.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1748311710-1647988739-2188548718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/12/2011 13:54:08 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: iexplore.exe, versão: 9.0.8112.16421,
carimbo de hora: 0x4d76255d Nome do módulo de falhas: GerOf.dll, versão: 1.0.0.20,
carimbo de hora: 0x4ca48014 Código de exceção: 0xc0000005 Deslocamento com falha:
0x00001065 Identificação do processo com falha: 0x101c Hora de início do aplicativo
com falha: 0x01ccc0085af2940b Caminho do aplicativo com falha: C:\Program Files
(x86)\Internet Explorer\iexplore.exe FCaminho do módulo de falhas: C:\Windows\SysWow64\GerOf.dll
Identificação
do Relatório: c79b20ad-2bfc-11e1-9b0e-c80aa93ad9a8

Error - 22/12/2011 21:52:00 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = O programa iexplore.exe versão 9.0.8112.16421 parou de interagir com
o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: 1594 Hora de Início: 01ccc114fa5ed89b Hora de Término: 12 Caminho do
Aplicativo: C:\Program Files (x86)\Internet Explorer\iexplore.exe Id do Relatório:

Error - 24/12/2011 16:58:42 | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
diretiva c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
na linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
do atributo version no elemento assemblyIdentity é inválido.

Error - 24/12/2011 16:59:20 | Computer Name = User-PC | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe". Erro no arquivo de manifesto ou de diretiva
c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL", na linha 8. Identidade
do componente localizado no manifesto não corresponde à identidade do componente
solicitado. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
A
definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 26/12/2011 11:03:39 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: iexplore.exe, versão: 9.0.8112.16421,
carimbo de hora: 0x4d76255d Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bdb3b Código de exceção: 0xc0000374 Deslocamento com falha:
0x000cdcbb Identificação do processo com falha: 0x1048 Hora de início do aplicativo
com falha: 0x01ccc3bf62ec8a27 Caminho do aplicativo com falha: C:\Program Files
(x86)\Internet Explorer\iexplore.exe FCaminho do módulo de falhas: C:\Windows\SysWOW64\ntdll.dll
Identificação
do Relatório: caaa8467-2fd2-11e1-9d10-c80aa93ad9a8

Error - 27/12/2011 13:05:28 | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
diretiva c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
na linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
do atributo version no elemento assemblyIdentity é inválido.

Error - 27/12/2011 13:06:06 | Computer Name = User-PC | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe". Erro no arquivo de manifesto ou de diretiva
c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL", na linha 8. Identidade
do componente localizado no manifesto não corresponde à identidade do componente
solicitado. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
A
definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 31/12/2011 08:39:46 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: iexplore.exe, versão: 9.0.8112.16421,
carimbo de hora: 0x4d76255d Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bdb3b Código de exceção: 0xc0000374 Deslocamento com falha:
0x000cdcbb Identificação do processo com falha: 0x10f4 Hora de início do aplicativo
com falha: 0x01ccc6ebbe244552 Caminho do aplicativo com falha: C:\Program Files
(x86)\Internet Explorer\iexplore.exe FCaminho do módulo de falhas: C:\Windows\SysWOW64\ntdll.dll
Identificação
do Relatório: 850d3e70-33ac-11e1-adce-c80aa93ad9a8

Error - 06/01/2012 15:39:51 | Computer Name = User-PC | Source = Google Update | ID = 20
Description =

Error - 06/01/2012 18:02:24 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: msnmsgr.exe, versão: 14.0.8117.416,
carimbo de hora: 0x4bc935af Nome do módulo de falhas: LiveTransport.dll, versão:
14.0.8117.416, carimbo de hora: 0x4bc9353e Código de exceção: 0xc0000005 Deslocamento
com falha: 0x0004bfe7 Identificação do processo com falha: 0x12e0 Hora de início
do aplicativo com falha: 0x01ccccb67ddbe1c0 Caminho do aplicativo com falha: C:\Program
Files (x86)\Windows Live\Messenger\msnmsgr.exe FCaminho do módulo de falhas: C:\Program
Files (x86)\Windows Live\Messenger\LiveTransport.dll Identificação do Relatório:
1c6e7e7e-38b2-11e1-98bd-c80aa93ad9a8

[ Media Center Events ]
Error - 30/08/2011 08:34:13 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 09:34:10 - Erro ao estabelecer conexão com a Internet. 09:34:10 -
Não foi possível contatar o servidor..

Error - 30/08/2011 09:34:44 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 10:34:44 - Erro ao estabelecer conexão com a Internet. 10:34:44 -
Não foi possível contatar o servidor..

Error - 30/08/2011 09:35:14 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 10:35:13 - Erro ao estabelecer conexão com a Internet. 10:35:13 -
Não foi possível contatar o servidor..

Error - 24/12/2011 09:24:16 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 11:24:16 - Falha ao recuperar MCESpotlight (Erro: A conexão subjacente
estava fechada: Não foi possível estabelecer relação de confiança para o canal
seguro de SSL/TLS.)

Error - 24/12/2011 09:24:36 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 11:24:29 - Falha ao recuperar MCEClientUX (Erro: A conexão subjacente
estava fechada: Não foi possível estabelecer relação de confiança para o canal
seguro de SSL/TLS.)

Error - 24/12/2011 09:24:46 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 11:24:43 - Falha ao recuperar Broadband (Erro: A conexão subjacente
estava fechada: Não foi possível estabelecer relação de confiança para o canal
seguro de SSL/TLS.)

Error - 09/01/2012 10:30:16 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 12:30:15 - Erro ao estabelecer conexão com a Internet. 12:30:16 -
Não foi possível contatar o servidor..

Error - 09/01/2012 10:30:55 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 12:30:52 - Erro ao estabelecer conexão com a Internet. 12:30:52 -
Não foi possível contatar o servidor..

Error - 12/04/2012 22:22:43 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 23:22:43 - Erro ao estabelecer conexão com a Internet. 23:22:43 -
Não foi possível contatar o servidor..

Error - 12/04/2012 22:22:51 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 23:22:48 - Erro ao estabelecer conexão com a Internet. 23:22:48 -
Não foi possível contatar o servidor..

[ System Events ]
Error - 26/10/2011 07:15:13 | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha na inicialização do Módulo de Extensibilidade de WLAN. Caminho
do Módulo: C:\Windows\system32\athExt.dll Código de Erro: 126

Error - 27/10/2011 07:17:21 | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha na inicialização do Módulo de Extensibilidade de WLAN. Caminho
do Módulo: C:\Windows\system32\athExt.dll Código de Erro: 126

Error - 27/10/2011 07:17:46 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: cdrom

Error - 28/10/2011 07:19:13 | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha na inicialização do Módulo de Extensibilidade de WLAN. Caminho
do Módulo: C:\Windows\system32\athExt.dll Código de Erro: 126

Error - 28/10/2011 07:19:37 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: cdrom

Error - 29/10/2011 08:36:01 | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha na inicialização do Módulo de Extensibilidade de WLAN. Caminho
do Módulo: C:\Windows\system32\athExt.dll Código de Erro: 126

< End of report >

Valeu!

manotroll · 06/05/2012

pode ser relatório do combofix ?

fcentelles · 07/05/2012

Boa noite, segue log para analise:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:05:22, on 07/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Avast\AvastUI.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\DeathAdder\vdDaemon.exe
C:\Program Files\Zoiper\Zoiper.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DunhA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DunhA\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://201.77.195.245/wpad.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\DunhA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: Banco Santander Brasil | Pessoa Jurdica | Atendimento empresarial, empresas
O15 - Trusted Zone: Banco Santander Brasil | Pessoa Jurdica | Atendimento empresarial, empresas
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O15 - Trusted Zone: www.secureweb.com.br
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com.tw/common/asusTek_sys_ctrl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8568 bytes

Valeu... no aguardo... Parabéns pela iniciativa

Abraços!!!

Mr.Wolf · 09/05/2012

Pessoal,

Vou responder a todos neste mesmo post, ok. Embora alguns aqui certamente não necessitarão mais de auxílio, responderei de qualquer maneira.

flavio-sp, poste um log do OTL (explicado no primeiro post).

P_I_N_G_A, acredito que dificilmente este problema esteja ou estava ocorrendo em virtude de uma infecção. Se fosse, pessoalmente, acho que não afetaria apenas o iTunes.
No entanto, por incrível que pareça, um problema semelhante ao seu estava acontecendo no computador da minha sobrinha, e a solução foi desmarcar a opção "Open iTunes when this iPhone is connected". Porém, como não estou próximo ao PC dela, nem uso o iTunes, não me recordo de como chegar até tal opção.

Luciano Bellazi, cadê o Extras.txt?

Lodur, os dois logs apresentados são repetidamente o Extras.txt. Poste o OTL.txt, por favor.

Safsprin, com exceção de alguns adwares, não há ocorrências de mais infecções. Sobretudo, provavelmente não são os adwares que estão causando este empecilho.
Já formataram a máquina?

leonardovit, tem um keylogger em seu log. Foi você quem o instalou? Em caso negativo, baixe o ComboFix e rode-o conforme este tutorial. Ao término poste o log C:\ComboFix.txt.

manotroll, pode.

fcentelles, log limpo.

manotroll · 09/05/2012

ta aqui agora ele fica voltando e passando as paginas e o explorer.exe para de aceitar comando ai so dando
ctrl+alt+del pra voltar e depois para dinovo tava usando o "poderoso" avg que morreu e agra ta o Norton Internet Security no lugar mais como ele ja ta aqui dentro

não ta dando pra postar o log então botei os 3 no 4shared ok
http://www.4shared.com/archive/nY6b07iO/logs.html

Lodur · 09/05/2012

OTL logfile created on: 5/3/2012 8:44:42 PM - Run 1OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Felipe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 4.66 Gb Available Physical Memory | 58.35% Memory free
15.96 Gb Paging File | 11.15 Gb Available in Paging File | 69.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.98 Gb Total Space | 1231.82 Gb Free Space | 89.01% Space Free | Partition Type: NTFS
Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 20:41:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Felipe\Desktop\OTL.exe
PRC - [2012/03/25 16:45:57 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Felipe\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/06 21:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 21:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/31 20:48:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/17 08:58:56 | 000,939,416 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/08 12:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/07/08 12:11:44 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/08 12:10:34 | 004,257,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/07/08 12:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/04/12 14:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/17 12:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/29 16:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/10 18:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/27 23:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 23:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 23:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 23:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 23:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/27 22:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2012/04/11 20:14:25 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll
MOD - [2012/04/11 18:21:01 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
MOD - [2012/04/11 18:20:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 18:20:49 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/11 18:20:46 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/15 19:50:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/15 18:29:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 18:28:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 18:28:26 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 18:28:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 18:28:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 18:28:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/29 13:04:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/12/29 10:18:28 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/08 12:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 12:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/17 12:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 21:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/12/06 16:25:40 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/12/06 16:16:02 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/12/06 16:15:46 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/19 22:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/17 18:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2011/03/08 19:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/27 20:17:35 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/27 15:09:34 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/31 20:48:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/12 13:32:36 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/08 12:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/03/02 01:35:00 | 003,955,056 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 18:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/10 16:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/06 21:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 21:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 21:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 21:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 21:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 21:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/15 11:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 11:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 11:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 11:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 11:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 11:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 11:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 11:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/12 15:08:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/12 15:08:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/11 17:36:12 | 000,166,400 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/19 22:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/19 21:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/15 22:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/22 00:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/14 09:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/08 09:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/05/20 20:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 12:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/09/06 23:29:16 | 000,037,009 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LevelUp! Games\RagnarokOnline\npkcusb.sys -- (npkcusb)
DRV - [2005/01/03 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell MSN.com
IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Busca
IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..\SearchScopes,DefaultScope = {CFE97C97-097E-4FBB-B665-C8FFC1810BAF}
IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/results.php?pr=pando&id=pandoleveluptb&v=1_0&gen=ms&ent=ch&q={searchTerms}
IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..\SearchScopes\{CFE97C97-097E-4FBB-B665-C8FFC1810BAF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Felipe\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Felipe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Felipe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/10/12 13:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/12 13:40:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/12 13:40:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/29 10:13:26 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Felipe\AppData\LocalLow\raidcall\plugins\webplugin_en.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.4_0\
CHR - Extension: Pesquisa do Google = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SOE Web Installer = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\
CHR - Extension: TecMundo = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekbjahkgjllnmbpacnloahdmeodllbcp\0.0.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.4.2_0\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20111228153328.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111228153328.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LevelUp Toolbar) - {949A7FED-30B4-433e-9718-23EC99A126B0} - C:\Program Files (x86)\leveluptb\levelupdx.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LevelUp Toolbar) - {949A7FED-30B4-433e-9718-23EC99A126B0} - C:\Program Files (x86)\leveluptb\levelupdx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Razer Anansi Driver] C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3707684848-4117957566-1642259195-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.162.196.29 200.162.194.244 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91DDCEF9-F200-466F-A0A0-46B78BAD2F7B}: DhcpNameServer = 200.162.196.29 200.162.194.244 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/03 18:08:27 | 000,148,800 | R--- | M] (Take-Two Interactive Software, Inc.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 14:03:48 | 000,000,054 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{b19eea48-f4fd-11e0-92c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b19eea48-f4fd-11e0-92c4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008/12/03 18:08:27 | 000,148,800 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 20:41:53 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Felipe\Desktop\OTL.exe
[2012/05/03 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/03 15:35:20 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{5648CB91-849E-41D6-8458-968742F94EE6}
[2012/05/03 15:34:57 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{0B6632DF-C599-4E72-92FB-765514A228A0}
[2012/05/02 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{032253DB-3151-4199-9A31-E2CC14081C03}
[2012/05/02 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{FDE0B95E-F1E8-456C-8BC8-C2ED1B23DC88}
[2012/05/01 11:07:39 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{10BDCB61-F500-4BB7-95FE-B32105DB1E63}
[2012/05/01 11:07:13 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{0A067625-4379-47E5-BD48-CF643CAD3299}
[2012/04/30 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Auslogics
[2012/04/30 12:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/04/30 12:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012/04/30 12:49:16 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{68CB10E7-357F-4D41-87BB-9B4467F24508}
[2012/04/30 12:48:46 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{253539D4-4880-4B98-A06A-91E8279F728D}
[2012/04/29 11:47:26 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{C3A22645-71A5-446E-B09A-DCBC8E30A948}
[2012/04/29 11:46:56 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9FC41E76-FF46-4339-9F7C-4F61A02E78B0}
[2012/04/29 11:43:55 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{2E48BBB8-AC00-4767-9D72-1D4DBDFD4B26}
[2012/04/29 11:43:16 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{1C4833AA-FA7E-4551-967A-8B7601B57403}
[2012/04/28 13:46:33 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{08BF79DF-6AB5-41D7-AB3E-3C5C2E5584EA}
[2012/04/28 13:46:21 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{51F1D0B1-B2FB-47E5-9AB4-22298F733BF4}
[2012/04/27 14:09:43 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{68962B32-6D74-4346-BA37-F8B6C74BB054}
[2012/04/27 14:09:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{09105085-A12E-4F58-90C2-E8A37A0A69BA}
[2012/04/26 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{E5CBB87C-47DC-435D-941B-C0DE1E295FD0}
[2012/04/26 21:02:36 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{B957904F-990B-4622-A263-D76DF2D29696}
[2012/04/26 13:45:27 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{2637F9A5-7B72-4798-91D4-F1BDD67F5263}
[2012/04/25 18:04:32 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{3E92869A-5509-4068-A6B2-E49CA87A0B0B}
[2012/04/25 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{D9343F45-89AD-4CD1-A59E-4E82015893DD}
[2012/04/24 18:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.0
[2012/04/24 18:34:08 | 000,000,000 | ---D | C] -- C:\Python30
[2012/04/24 18:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2012/04/24 18:08:28 | 000,000,000 | ---D | C] -- C:\Python27
[2012/04/24 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Apple Computer
[2012/04/24 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\Apple Computer
[2012/04/24 13:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/24 13:56:48 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/04/24 13:56:48 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/04/24 13:56:48 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/04/24 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/24 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/24 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/24 13:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/04/24 13:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/04/24 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\Apple
[2012/04/24 13:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/04/24 13:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/24 13:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/24 13:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/04/24 13:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/24 13:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/04/24 13:36:19 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{4CAB0C02-82A4-4731-836A-56E026561F9A}
[2012/04/24 13:36:08 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{1FA8E640-A861-44C8-AC11-150BE6795725}
[2012/04/24 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{54A49934-79E3-4EBB-9D08-9F6C42BBCF13}
[2012/04/24 13:12:49 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{D323CF07-208D-4603-BC5B-316841A3E437}
[2012/04/23 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{FDF3E95D-FE69-4A10-9DFD-5419495921CC}
[2012/04/23 18:55:57 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{E8C1F33D-9FC5-461A-9D4F-7569D817AC97}
[2012/04/22 10:39:50 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/04/22 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{094C132D-38AF-4A9A-9ABC-40ED0D9DA98B}
[2012/04/22 10:37:54 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{2E194CEE-C967-453E-A959-2295828D6EC1}
[2012/04/21 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Documents\Espanhol
[2012/04/21 18:07:53 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{04F0917E-38B6-4989-9B89-4D4A5718E972}
[2012/04/21 18:07:29 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{8ED3B696-36CB-47E3-9B86-42645185EC80}
[2012/04/20 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/20 17:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/20 17:21:36 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Documents\Diablo III
[2012/04/20 16:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012/04/20 16:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
[2012/04/20 16:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/04/20 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{23BD01A0-C036-43F0-81E3-55F5D5DE3680}
[2012/04/19 16:28:21 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{AB809DA7-939D-4FC8-8086-09C1FB9A8747}
[2012/04/19 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{B2EC0D32-9B31-49B9-82A5-73D1018F3406}
[2012/04/19 16:27:38 | 000,000,000 | ---D | C] -- C:\Windows\pt-br
[2012/04/19 16:26:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/19 16:25:42 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/04/19 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{B809076C-FF99-4D91-A3D1-A5B6BC76D10D}
[2012/04/19 16:22:43 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{45F48F13-90F1-4E43-8E2E-036661D3F519}
[2012/04/19 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{DE49A962-E94A-4607-B7C3-F8413968CFBE}
[2012/04/19 13:16:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9A3D5621-5C3D-4760-A51C-DC07F8FF9459}
[2012/04/18 17:51:36 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{5F227E1F-43E2-4F54-AEFB-9BF087B4E864}
[2012/04/18 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{DAD6397D-76BE-4C5A-BDC3-877F734A72B8}
[2012/04/17 20:30:59 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{B83CB38F-8FED-480B-8AA2-0C45D15B6298}
[2012/04/17 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{01B843BA-31C2-47B5-AF2E-A370AC56353D}
[2012/04/17 16:36:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/04/17 16:13:53 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{28652D7D-B302-4D3D-AFF9-DD5ED3B50EA6}
[2012/04/17 16:13:17 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{62231265-E759-4715-996E-80336C76F6EF}
[2012/04/15 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{16FB84CE-F001-49FD-A6F7-58490B95A9F1}
[2012/04/15 13:43:26 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{102C3A9E-C9A9-4123-91F8-12DAA5B26CE3}
[2012/04/15 10:16:16 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{09A9F12A-E35E-42B0-B742-2B7D77D8F3DD}
[2012/04/15 10:16:04 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{8E1C7F7E-1774-4A17-9925-D7C520108B52}
[2012/04/14 21:21:41 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{2F73EE18-B79F-41DF-8E01-E5A519810E45}
[2012/04/14 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9C96029D-488D-49C5-A4FB-2D3187A99462}
[2012/04/13 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{C1311D2D-4A94-419B-A25C-630632F64883}
[2012/04/12 15:15:02 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{C4C60116-65DD-40E1-A922-E23B6D24EE0D}
[2012/04/11 18:18:36 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{9BCFD951-BF79-46A3-AE78-BBB39C9510EA}
[2012/04/10 23:24:50 | 002,987,520 | ---- | C] (Python Software Foundation) -- C:\Windows\SysNative\python27.dll
[2012/04/10 22:18:20 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/10 22:18:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/10 22:18:19 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/10 22:18:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/10 22:18:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/10 22:18:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/10 22:18:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/10 22:18:18 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/10 22:18:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/10 22:18:18 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/10 22:18:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/10 22:18:10 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/10 22:18:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/10 22:18:06 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/10 22:17:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/10 22:17:56 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/10 22:17:53 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/10 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{563FCBCE-C4BC-432D-8A30-08E50A547471}
[2012/04/09 20:14:26 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{CED48964-2BE9-482C-8EAB-B9EE9C2AFF4D}
[2012/04/08 18:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/04/08 17:47:46 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{0A3981D4-E1A7-4BA6-80E3-1EEF62E225D8}
[2012/04/05 10:53:40 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Skype
[2012/04/05 09:48:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{E816AB95-93AA-496B-A8C7-3C9B1874CA15}
[2012/04/04 18:09:09 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Local\{07A2C31A-FAC3-4C88-883B-EAF000049669}
[2012/03/05 14:04:50 | 002,213,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Set-up.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/03 20:41:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Felipe\Desktop\OTL.exe
[2012/05/03 20:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 19:51:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3707684848-4117957566-1642259195-1000UA.job
[2012/05/03 17:36:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/03 16:51:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3707684848-4117957566-1642259195-1000Core.job
[2012/05/03 15:59:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/03 15:42:14 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 15:42:14 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 15:38:36 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/05/03 15:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/03 15:33:49 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 12:59:44 | 000,001,252 | ---- | M] () -- C:\Users\Felipe\Desktop\Auslogics Disk Defrag.lnk
[2012/04/28 13:44:41 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/22 10:39:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/20 16:11:50 | 000,001,265 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012/04/11 18:26:35 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/11 18:26:35 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/11 18:26:35 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/10 23:24:50 | 002,987,520 | ---- | M] (Python Software Foundation) -- C:\Windows\SysNative\python27.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 12:59:44 | 000,001,252 | ---- | C] () -- C:\Users\Felipe\Desktop\Auslogics Disk Defrag.lnk
[2012/04/24 13:55:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/20 17:31:41 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 17:31:41 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/20 16:11:44 | 000,001,265 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012/04/17 16:36:32 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/17 16:36:29 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/18 16:08:23 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/31 20:49:06 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/31 20:48:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/12 14:59:06 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/10/12 13:48:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/12 13:32:57 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/10/12 13:32:57 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/10/12 13:32:57 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/10/12 13:32:56 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/10/12 13:32:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/20 00:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/10 13:10:51 | 000,765,256 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/04/30 12:59:47 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Auslogics
[2012/03/22 20:39:25 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\DVDVideoSoft
[2011/12/18 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Fingertapps
[2011/12/18 19:06:02 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Leadertech
[2012/01/15 14:05:05 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Need for Speed World
[2011/12/28 15:02:07 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\PCDr
[2012/03/22 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\PDAppFlex
[2012/03/22 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Publish Providers
[2012/01/31 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\PunkBuster
[2012/04/21 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\SoftGrid Client
[2012/03/22 20:54:11 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\Sony
[2012/02/21 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\SystemRequirementsLab
[2012/02/27 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\TP
[2012/03/28 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\translateclient
[2012/03/27 20:52:44 | 000,000,000 | ---D | M] -- C:\Users\Felipe\AppData\Roaming\TS3Client
[2012/04/28 13:44:41 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/19 13:15:48 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/03 15:59:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

Obrigado T.T

P_I_N_G_A · 10/05/2012

Mr.Wolf disse:
Pessoal,

Vou responder a todos neste mesmo post, ok. Embora alguns aqui certamente não necessitarão mais de auxílio, responderei de qualquer maneira.

flavio-sp, poste um log do OTL (explicado no primeiro post).

P_I_N_G_A, acredito que dificilmente este problema esteja ou estava ocorrendo em virtude de uma infecção. Se fosse, pessoalmente, acho que não afetaria apenas o iTunes.
No entanto, por incrível que pareça, um problema semelhante ao seu estava acontecendo no computador da minha sobrinha, e a solução foi desmarcar a opção "Open iTunes when this iPhone is connected". Porém, como não estou próximo ao PC dela, nem uso o iTunes, não me recordo de como chegar até tal opção.

Luciano Bellazi, cadê o Extras.txt?

Lodur, os dois logs apresentados são repetidamente o Extras.txt. Poste o OTL.txt, por favor.

Safsprin, com exceção de alguns adwares, não há ocorrências de mais infecções. Sobretudo, provavelmente não são os adwares que estão causando este empecilho.
Já formataram a máquina?

leonardovit, tem um keylogger em seu log. Foi você quem o instalou? Em caso negativo, baixe o ComboFix e rode-o conforme este tutorial. Ao término poste o log C:\ComboFix.txt.

manotroll, pode.

fcentelles, log limpo.

Obrigado Wolf pela resposta. Mas mesmo marcando na opção acima o Itunes insiste em abrir após ser executado e encerrado. Para prevenir vou rodar o combo fix e postar os log´s.

abraços

Mr.Wolf · 10/05/2012

manotroll, não estou conseguindo acessar o link do 4shared. Para facilitar para nós dois, poste os três logs no PasteBin e gere um link com ele. Poste aqui o link para os logs.

Lodur, não há infecções perigosas nos logs, somente alguns adwares fáceis de remover. Baixe o AdwCleaner, execute-o como administrador e clique em Delete.
Poste aqui o log que será gerado.

manotroll · 10/05/2012

Mr.Wolf disse:
manotroll, não estou conseguindo acessar o link do 4shared. Para facilitar para nós dois, poste os três logs no PasteBin e gere um link com ele. Poste aqui o link para os logs.

Lodur, não há infecções perigosas nos logs, somente alguns adwares fáceis de remover. Baixe o AdwCleaner, execute-o como administrador e clique em Delete.
Poste aqui o log que será gerado.

seria assim o link ?
log - Pastebin.com
tenta no 4shared dinovo

Mr.Wolf · 11/05/2012

manotroll, os arquivos que o ComboFix removeu não são infecções legítimas, mas sim ficheiros inválidos e de programas desinstalados, além de um adware nada perigoso.

Nos logs não há ocorrências de contaminações.

O PC apresenta problemas?

manotroll · 11/05/2012

Mr.Wolf disse:
manotroll, os arquivos que o ComboFix removeu não são infecções legítimas, mas sim ficheiros inválidos e de programas desinstalados, além de um adware nada perigoso.

Nos logs não há ocorrências de contaminações.

O PC apresenta problemas?

as paginas ficam passando e voltando além de parar de responder o explorer
não to conseguindo remover este troço
os arquivos do java tava infectado

Gallamoth · 15/05/2012

Bom dia Mr.Wolf.

Poderia me tirar uma duvida rapida?

Recentemente uma de minhas 3 contas do hotmail anda enviando e-mails automaticamente para si mesma e as outras duas que tenho, o ultimo enviado foi da Carolina Dieckmann Nua.

Qual a causa disto e o que deveria ser feito para que isso parasse?

Eu nao sou noob mas as vezes parentes meus utilizam meu PC para algo e acredito que a causa disso seja por culpa deles.

Grato pela ajuda.

AhooMau · 16/05/2012

Boa noite Mr.Wolf.
Poderia ver esse log abaixo , acho qui pode ser um tal de lsass o comodo firewall indicou tentatica de comunicação estou desconfiado.

O Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:24:26, on 16/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Mixer.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cavernicola\Desktop\Documentos do MAU\HiJackThis.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.100.239.167:3128
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Registro do produto.lnk = C:\Arquivos de programas\Arquivos comuns\LogiShrd\eReg\SetPoint\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Registro do produto.lnk = C:\Arquivos de programas\Arquivos comuns\LogiShrd\eReg\SetPoint\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Registro do produto.lnk = C:\Arquivos de programas\Arquivos comuns\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Arquivos de programas\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Arquivos de programas\LSI SoftModem\agrsmsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 8863 bytes

Desde ja fico agradecido pela ajuda.

rqmp · 23/05/2012

Boa tarde Mr. Wolf, gostaria que você analisasse meu log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:54, on 23/05/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Fraps\fraps.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Analog Devices\SoundMAX

\SoundMAX.exe
C:\Program Files (x86)\Spybot - Search & Destroy

\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqtra08.exe
C:\Program Files (x86)\Analog Devices\Core

\smax4pnp.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\HP\HP Software Update

\hpwuSchd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqgpc01.exe
C:\Program Files (x86)\Valve\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger

\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts

\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Users\BraiN\AppData\Local\Google\Chrome

\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis

\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer

\Main,Search Bar = Plus! Network - Plusnetwork

sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer

\Main,Search Page = Plus! Network - Plusnetwork

sp=addr&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL =

MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL =

Bing
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Search Page = Search Microsoft.com

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer

\Main,Start Page = Search Microsoft.com

LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer

\Search,Default_Search_URL =

http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer

\Search,SearchAssistant =

http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer

\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion

\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-

BF09-768834316C61} - C:\Program Files (x86)\HP\Digital

Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-

D9439253D926} - C:\Program Files (x86)\PriceGong

\2.5.4\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596

-FA578C2EBDC3} - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-

08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine

\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-

2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper -

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program

Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-

8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89

-08A030DA4402} - C:\Program Files (x86)\pdfforge

Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-

21a3-4fd1-b178-3b8537e75c92} - C:\Program Files

(x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-

03dc2f38c34f} - "C:\Program Files (x86)\Microsoft

\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-

A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: uTorrentBar_PT Toolbar - {e0301295-ab3e-

4af3-979f-3d453c5f9f48} - C:\Program Files

(x86)\uTorrentBar_PT\tbuTor.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-

FCDD2B1E416D} - C:\Program Files (x86)\pdfforge

Toolbar\SearchSettings.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-

BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-

AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge

Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-

ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files

(x86)\uTorrentBar_PT\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-

820B-08FBA6BD249D} - C:\Program Files

(x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-

99D7-DC866BE87DBC} - C:\Program Files

(x86)\BabylonToolbar\BabylonToolbar

\1.4.35.10\BabylonToolbarTlbr.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-

8fa844297b3f} - "C:\Program Files (x86)\Microsoft

\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-

0333ea26e113} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files

(x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS

\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files

(x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files

(x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program

Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files

(x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files

(x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files

(x86)\Common Files\Apple\Mobile Device Support

\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files

(x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files

(x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:

\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files

(x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows

Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\BraiN

\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk =

C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqtra08.exe
O8 - Extra context menu item: Download Link Using Mega

Manager... - C:\Program Files (x86)\Megaupload\Mega

Manager\mm_file.htm
O8 - Extra context menu item: E&xportar para o

Microsoft Excel - res://C:

\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows

Live\Companion\companionlang.dll,-600 - {0000036B-

C524-4050-81A0-243669A86B9F} - C:\Program Files

(x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows

Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files

(x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files

(x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-

E7FF-479B-8935-AEC46303B9E5} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-

B9BE-3C9C571A8263} - C:

\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web

Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-

A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

- C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files

(x86)\common files\microsoft shared\windows live

\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files

(x86)\common files\microsoft shared\windows live

\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS]

Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/f

lash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FD3C511-

4BCE-4D0E-8EE9-4DFCE69FCD69}: NameServer =

200.175.5.139,200.175.89.139
O18 - Protocol: skype-ie-addon-data - {91774881-D725-

4E58-B298-07617B9B86A8} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype

\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-

83F89B8E6324} - C:\Program Files (x86)\Windows Live

\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems

Incorporated - C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service

(AEADIFilters) - Unknown owner - C:\Windows

\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112

(ALG) - Unknown owner - C:\Windows\System32\alg.exe

(file missing)
O23 - Service: AMD External Events Utility - Unknown

owner - C:\Windows\system32\atiesrxx.exe (file

missing)
O23 - Service: Avira Scheduler

(AntiVirSchedulerService) - Avira Operations GmbH &

Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop

\sched.exe
O23 - Service: Avira Realtime Protection

(AntiVirService) - Avira Operations GmbH & Co. KG -

C:\Program Files (x86)\Avira\AntiVir Desktop

\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:

\Program Files (x86)\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Apple Inc. - (no

file)
O23 - Service: ASUS System Control Service

(AsSysCtrlService) - Unknown owner - C:\Program Files

(x86)\ASUS\AsSysCtrlService

\1.00.00\AsSysCtrlService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) -

Apple Inc. - C:\Program Files\Bonjour

\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100

(EFS) - Unknown owner - C:\Windows\System32\lsass.exe

(file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118

(Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe

(file missing)
O23 - Service: Google Updater Service (gusvc) - Google

- C:\Program Files (x86)\Google\Common\Google Updater

\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT)

- Macrovision Corporation - C:\Program Files

(x86)\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown

owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling

Service (LightScribeService) - Hewlett-Packard Company

- C:\Program Files (x86)\Common Files\LightScribe

\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown

owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG -

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp

4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-

102 (Netlogon) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) -

Unknown owner - C:\Windows\system32\nvvsvc.exe (file

missing)
O23 - Service: NVIDIA Update Service Daemon

(nvUpdatusService) - NVIDIA Corporation - C:\Program

Files (x86)\NVIDIA Corporation\NVIDIA Update Core

\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2

(RpcLocator) - Unknown owner - C:\Windows

\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1

(SamSs) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service

(SBSDWSCService) - Safer Networking Ltd. - C:\Program

Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype

Technologies - C:\Program Files (x86)\Skype\Updater

\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3

(SNMPTRAP) - Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1

(Spooler) - Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101

(sppsvc) - Unknown owner - C:\Windows

\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve

Corporation - C:\Program Files (x86)\Common Files

\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service

(Stereo Service) - NVIDIA Corporation - C:\Program

Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
O23 - Service: Tenable Nessus - Tenable Network

Security, Inc - C:\Program Files (x86)\Tenable\Nessus

\nessus-service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-

101 (UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-

1003 (VaultSvc) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100

(vds) - Unknown owner - C:\Windows\System32\vds.exe

(file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102

(VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

(file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-

104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem

\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:

\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no

file)

--
End of file - 16720 bytes

Desde já agradeço a disposição, abraço!

leonardovit · 26/05/2012

Mr. Wolf,

Como você pediu, rodei o ComboFix e agora vai o relatório do notebook.

ComboFix 12-05-25.03 - User 25/05/2012 23:32:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3767.2479 [GMT -3:00]
Executando de: c:\users\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\ntuser.dat
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\TempUser.htm
c:\windows\IsUn0416.exe
c:\windows\SysWow64\Logof.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-26 to 2012-05-26 ))))))))))))))))))))))))))))
.
.
2012-05-26 02:39 . 2012-05-26 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 15:16 . 2012-04-27 15:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-27 15:16 . 2012-04-27 15:16 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 15:16 . 2012-04-27 15:16 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:02 . 2012-05-22 11:48 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0A73EF8-4DFD-4F5F-BD0D-138F27C461DD}\mpengine.dll
2012-05-06 15:54 . 2012-04-12 12:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 15:54 . 2011-08-08 12:01 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 15:54 . 2012-04-12 12:27 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 03:23 . 2011-04-18 15:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-04-05 12:34 . 2011-10-03 11:12 46408 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "c:\program files (x86)\GbPlugin\gbiehscd.dll" [2012-02-15 695864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-09 12:01 1313864 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]
2012-02-15 13:06 695864 ----a-w- c:\program files (x86)\GbPlugin\gbiehscd.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-27 129976]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-05-09 214088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 scpVista;scpVista;c:\program files (x86)\Scpad\scpVista.exe [2011-08-05 368544]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Áudio do vídeo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:54]
.
2012-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 02:33]
.
2012-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 02:33]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 03:42]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748311710-1647988739-2188548718-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-11 03:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-22 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-22 2040352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0416&m=aspire_4745&r=27360311v201l0427z145t4631m268
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://cpne.bradesco.com.br/CA.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rt5c2mwz.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Global Registration - c:\program files (x86)\Acer\Registration\GREG.exe
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-L&H Power Translator Pro 7.0 - c:\windows\ISUN0416.EXE
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-05-25 23:46:16 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-05-26 02:46
.
Pré-execução: 250.713.251.840 bytes disponíveis
Pós execução: 253.741.105.152 bytes disponíveis
.
- - End Of File - - 0775B45FFC826B817B5704A445A08C66

Muito obrigado, desculpe pelo transtorno.

Abraços!

tfarina · 26/05/2012

Olá Mr Wolf.... fazia tempo que nao vinha te incomodar...rsss

Normalmente faço compra online pelo computador do trabalho, na única vez que fiz direto de casa, clonaram meu cartao de credito....
Como posso saber se tem alguma coisa aqui no meu PC?

Tenho alguns programinhas de diagnostico que vc me passou uma vez, mas devem estar desatualizados.... me ajuda?Rsss

Abs

Falc0n · 26/05/2012

Poderia analisar pra mim por favor ?

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:41:33 PM, on 26/05/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Nofx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nofx\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Steam\Steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nofx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Users\Nofx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nofx\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Programas\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6102 bytes

delagio · 04/06/2012

Ola MrWolf, preciso da sua ajuda.

O computador de meu pai pegou uns vírus semana passada e consegui tirar alguns, mas esse TROJAN.BANCOS não sai nem com reza... o Malwarebytes acusa ele e não consegue remove-lo... Usamos o avira e já fiz vários scans, mas o mesmo não consegue identifica-lo.

Segue log do hijack:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:53, on 5/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Cobian Backup 10\cbVSCService.exe
C:\Arquivos de programas\Cobian Backup 10\cbService.exe
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\Arquivos de programas\Dyn Updater\DynUpSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Documents and Settings\Paulo\Dados de aplicativos\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Paulo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Arquivos de programas\Family Toolbar\tbhelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Arquivos de programas\Family Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C21DB80B-5EC5-4A58-9D82-6124A50B0DDB}9D82-6124A50B0DDB} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Arquivos de programas\Family Toolbar\mhxpcomi.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Arquivos de programas\Family Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Arquivos de programas\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Paulo\Dados de aplicativos\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: Banco Itaú - Feito Para Você
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: Banco Santander Brasil | Pessoa Jurdica | Atendimento empresarial, empresas
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF0EC5C4-64DD-47A3-BDA1-6E3CC25B7856}: NameServer = 8.8.8.8,192.168.254.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Arquivos de programas\Family Toolbar\mhxpcomi.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AviraUpgradeService) - Avira GmbH - (no file)
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Arquivos de programas\Cobian Backup 10\cbVSCService.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Arquivos de programas\Cobian Backup 10\cbService.exe
O23 - Service: Dyn Updater - Dyn, Inc. - C:\Arquivos de programas\Dyn Updater\DynUpSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe" -s (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: uvnc_service - Unknown owner - C:\Arquivos de programas\UltraVNC\WinVNC.exe" -service (file missing)

Remoção de vírus

New Member

Malware Removal

New Member

know-it-all Member

New Member

New Member

Não use dorgas

know-it-all Member

know-it-all Member

New Member

Malware Removal

know-it-all Member

New Member

know-it-all Member

Malware Removal

know-it-all Member

Malware Removal

know-it-all Member

Floating Catacombs

New Member

r a m a d

know-it-all Member

Driver

Banido

know-it-all Member

Users who are viewing this thread