Remoção de vírus

[Antyon]

É verdade, o Mr. Wolf ta há 2 meses sem acessar o fórum. Eu queria q ele me ajudasse a fazer uma limpeza no meu PC, pra melhorar o desempenho.

Bom, espero q não tenha acontecido nada com ele né.

 

[lucasplacido]

OTL logfile created on: 13/08/2011 20:22:33 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Placido\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 48,30% Memory free
8,00 Gb Paging File | 5,52 Gb Available in Paging File | 69,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 98,70 Gb Free Space | 21,20% Space Free | Partition Type: NTFS
Drive D: | 6,45 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PLACIDO-PC | User Name: Placido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 20:21:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Placido\Downloads\OTL.exe
PRC - [2011/06/29 15:59:30 | 000,432,848 | ---- | M] (Sony Ericsson) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/06/27 09:23:56 | 000,161,336 | ---- | M] (Google) -- C:\Users\Placido\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/06/07 18:55:38 | 001,017,344 | ---- | M] (Badoo) -- C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/22 18:14:32 | 000,048,648 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
PRC - [2011/05/08 08:54:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/10 17:57:55 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/26 11:11:05 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010/10/16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/01 06:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2007/04/06 10:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
PRC - [2006/08/18 15:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 20:21:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Placido\Downloads\OTL.exe
MOD - [2010/08/21 02:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/06 20:37:45 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/10/16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/22 12:44:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011/06/22 12:44:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/05/22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/03/11 03:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/25 12:42:35 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/22 05:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/22 05:01:06 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2009/10/22 05:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/10/22 05:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/22 05:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 17:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/12/13 09:22:48 | 001,491,712 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZS211.sys -- (ZSMC30x)
DRV:64bit: - [2007/12/10 17:15:48 | 000,308,224 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vvftav211.sys -- (vvftav211)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/10/12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.minilua.com/
IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/
IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=208262
IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minilua.com/
IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 0B 3E FF EB A3 CB 01 [binary data]
IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Placido\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Placido\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Placido\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Placido\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/26 11:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/10 17:58:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/08 08:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/18 20:46:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/26 11:05:48 | 000,000,000 | ---D | M]

[2011/01/07 11:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Placido\AppData\Roaming\mozilla\Extensions
[2011/05/24 22:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Placido\AppData\Roaming\mozilla\Firefox\Profiles\de52cfft.default\extensions
[2011/01/07 11:38:53 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Placido\AppData\Roaming\mozilla\Firefox\Profiles\de52cfft.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2011/02/19 21:23:29 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Placido\AppData\Roaming\mozilla\Firefox\Profiles\de52cfft.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/08/06 11:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/03/16 18:40:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/06 11:17:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/10 17:58:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\PLACIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DE52CFFT.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011/05/08 08:54:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001\..\Toolbar\WebBrowser: (uTorrentBar_PT Toolbar) - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - C:\Program Files (x86)\uTorrentBar_PT\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe (Badoo)
O4 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3047595135-2247752764-3637869313-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/17 01:32:32 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/08/17 01:32:32 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{4793a2fd-102e-11e0-b677-002618e9a507}\Shell - "" = AutoRun
O33 - MountPoints2\{4793a2fd-102e-11e0-b677-002618e9a507}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{81d438d6-08db-11d4-ac05-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{81d438d6-08db-11d4-ac05-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2010/08/17 01:32:32 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{b74449dd-1040-11e0-9b00-002618e9a507}\Shell - "" = AutoRun
O33 - MountPoints2\{b74449dd-1040-11e0-9b00-002618e9a507}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{b74449dd-1040-11e0-9b00-002618e9a507}\Shell\dinstall\command - "" = F:\DirectX9\DXSETUP.exe
O33 - MountPoints2\{b7444e6c-1040-11e0-9b00-002618e9a507}\Shell - "" = AutoRun
O33 - MountPoints2\{b7444e6c-1040-11e0-9b00-002618e9a507}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 14:15:16 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{A4412892-A47B-480F-A213-10920BC6013A}
[2011/08/13 14:15:01 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{AFE27F0F-A216-4A95-8A95-E386C2567366}
[2011/08/12 21:45:23 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{C7C903A5-5980-489C-AF38-59682651186A}
[2011/08/12 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Roaming\Opera
[2011/08/12 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\Opera
[2011/08/12 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\Chromium
[2011/08/12 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\Bromium
[2011/08/12 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{BBF4CD9F-757E-4784-887A-C6A946B42EAB}
[2011/08/12 09:44:43 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{4A09789C-DF17-4CE5-856D-7A020AB6354A}
[2011/08/11 20:43:34 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{AF890AAE-13B9-4194-8DB2-DBD0FBF985ED}
[2011/08/11 20:43:23 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{30F4F250-A8D0-49BD-8E9A-A714C74896A0}
[2011/08/10 22:33:15 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 22:33:15 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 22:33:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 22:33:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 22:33:13 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/10 22:33:13 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/08/10 22:33:13 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/10 22:33:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/10 22:33:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 22:33:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 20:57:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 20:57:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 20:57:51 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 20:57:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 20:57:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 20:57:51 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 20:57:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 20:57:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 20:57:51 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 20:57:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 20:57:35 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 20:57:34 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 20:57:34 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 20:57:34 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 20:57:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 20:57:34 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 20:57:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 20:57:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 20:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 20:57:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 20:57:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 20:57:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 20:57:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 20:57:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 20:57:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 20:57:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 20:57:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 20:57:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 20:57:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 20:57:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 20:57:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 20:57:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 20:57:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 20:57:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 20:57:11 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 20:57:10 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 20:57:09 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{57B8D940-C323-4B8B-B3A0-558CBF20A44C}
[2011/08/10 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{EB4B373E-9EA8-480E-BB41-868FCFFDBCAB}
[2011/08/09 23:41:11 | 000,000,000 | ---D | C] -- C:\86a8e4a091bd52295400ee3520b4b7
[2011/08/09 21:40:44 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{F741C869-8082-485A-97DF-7D096CB0983E}
[2011/08/09 21:40:30 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{994CAA35-D902-427E-95D1-E8AC3750E51E}
[2011/08/09 15:57:15 | 000,000,000 | ---D | C] -- C:\9818a7fcd33c0db83f
[2011/08/09 09:39:56 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{9BDD350B-9B45-456D-9307-E959F9F9855B}
[2011/08/09 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{E828EBA6-86B0-4AB4-A4D3-FB7BF4095591}
[2011/08/08 22:53:41 | 000,000,000 | ---D | C] -- C:\acdb7067426cbf628474af680c
[2011/08/08 21:00:18 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{4F512C5A-81BE-48E2-B595-C66D9B68DB2C}
[2011/08/08 21:00:06 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{28AB00E6-2BFC-44E6-A2E7-411CF169ADB7}
[2011/08/08 08:59:39 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{BD6E2966-ECE7-40B8-96C2-A492E68EBDAF}
[2011/08/08 08:59:27 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{6F0CC7CE-CDF3-41A3-9AF0-41C66A230082}
[2011/08/07 20:58:59 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{CEBE6A2A-A4B2-4574-A5CD-76021AD6F25E}
[2011/08/07 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{5E0F3926-4B3A-4948-B566-95B1748E0850}
[2011/08/07 08:55:28 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{5C377211-54FA-4FCF-A094-69C4E8D6DCCB}
[2011/08/07 08:55:16 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{BA29E57E-5D3D-4762-9BC7-8FC75A639E0D}
[2011/08/07 00:23:46 | 000,000,000 | ---D | C] -- C:\338f7e9f52d7cf9538c6d84b
[2011/08/06 20:54:49 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{54948D16-CCDF-4431-A3F9-467829EF9841}
[2011/08/06 20:54:36 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{802C073B-8E5E-42B6-8323-C2252223A192}
[2011/08/06 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{8D38DC06-5461-4A91-AD5B-1711C3B7496E}
[2011/08/06 20:38:11 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{471766DB-179E-42D2-A4B8-90CA2A50EFE6}
[2011/08/06 11:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/06 11:17:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/06 11:17:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/06 11:17:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/06 08:21:14 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{16648287-3FBE-4A52-BE57-CFFA01699A5B}
[2011/08/06 08:20:57 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{D3D5B39D-3B5B-48AE-84B1-E84E2C87E073}
[2011/08/05 08:32:11 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{A6FB9663-633F-420F-81B9-342472C0D9EF}
[2011/08/04 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{F26D91AE-EB90-4224-9E76-16EB585CFD09}
[2011/08/04 22:04:25 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{7745D028-3810-451E-9E6F-37259066AA66}
[2011/08/04 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{927A75EF-E8BE-4009-9CE2-AC2BEF8955A6}
[2011/08/03 22:03:35 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{75A83FB5-4C3F-440E-B6B9-5F61264EA8D5}
[2011/08/03 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{42AB4C85-D1E6-42D8-A87E-D1164BF693AC}
[2011/08/02 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{81BE43B4-DC57-49D3-89E7-9017EBB643A8}
[2011/08/01 20:44:04 | 000,000,000 | ---D | C] -- C:\c22edde07f1482149a7f6d
[2011/08/01 13:32:49 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{2B768322-D746-496A-8DAE-708104A4CEE1}
[2011/07/31 22:04:20 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{17BE2E72-C7A5-43B3-AF0E-91B8F8E7CC9D}
[2011/07/31 21:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/31 21:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/31 10:03:54 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{91519C77-FC0C-4952-ADF3-B2E5E785D0CC}
[2011/07/30 22:22:21 | 000,000,000 | ---D | C] -- C:\3fdcb7de5521b5e8c9880ac42c7ad0d9
[2011/07/30 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USBWebcam
[2011/07/30 22:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USBWebcam
[2011/07/30 19:57:17 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{11F150E0-7777-4F57-9206-B855FE7AA67D}
[2011/07/30 11:43:30 | 000,000,000 | ---D | C] -- C:\Users\Placido\Desktop\2011-07-30.11.40.45
[2011/07/30 11:11:51 | 000,000,000 | ---D | C] -- C:\c61dc7f96dbcbc7a4c2e3e70b306c9
[2011/07/30 07:34:13 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{7285F993-18D8-43AD-AEF9-2CEA1F9920E4}
[2011/07/29 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{63F03923-ADF2-4F9C-963B-6AD215E4018B}
[2011/07/28 22:03:08 | 000,000,000 | ---D | C] -- C:\5e8993b862890ee0d6e5ccbe993c5b
[2011/07/28 21:08:15 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{83B1E90C-1E78-42AE-A2BB-E72CF6E7A33D}
[2011/07/28 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{F4CE3709-0A90-4949-9A37-022630620603}
[2011/07/27 22:41:12 | 000,000,000 | ---D | C] -- C:\4e0982164597069011e53e0e58ce3c
[2011/07/27 10:53:38 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{665FBD5E-12C5-451B-A8FC-A352161FACB8}
[2011/07/26 21:34:19 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{946B9CC1-BC8C-4698-B833-905D8F528DAE}
[2011/07/26 09:33:53 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{7B85B9D5-0CFC-4C9F-A9D3-32FD17758ECE}
[2011/07/25 21:33:38 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Roaming\go
[2011/07/25 21:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/07/25 17:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drum Controller Standard Tuning Kit
[2011/07/25 17:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2011/07/25 17:23:55 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/07/25 17:23:55 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/07/25 17:23:55 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/07/25 17:23:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/07/25 17:23:53 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/07/25 17:23:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/07/25 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{01E28716-9549-46FC-8A43-F9523FFA8EE5}
[2011/07/24 20:06:46 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{563C3924-D2A2-4927-9C5E-ED5BC6A82C75}
[2011/07/24 08:06:20 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{53452F78-F619-4F86-B76D-F224685E62D7}
[2011/07/23 22:40:44 | 000,000,000 | ---D | C] -- C:\823ae0354172d191b1c78e
[2011/07/23 12:38:58 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{F328FBCD-678A-4A23-8964-B9BECB42B4D5}
[2011/07/22 23:18:18 | 000,000,000 | ---D | C] -- C:\a1c953104d862ac2c5f3
[2011/07/22 19:32:30 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{DA699717-1D89-4E57-BE5E-7050843A824D}
[2011/07/21 20:28:15 | 000,000,000 | ---D | C] -- C:\7b4fe820d37004772f83d90c
[2011/07/21 16:37:49 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{313BC1D9-DC1E-4B1C-9813-51BD39FF4A19}
[2011/07/20 22:49:50 | 000,000,000 | ---D | C] -- C:\Users\Placido\Documents\Aspyr
[2011/07/20 22:49:50 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\Aspyr
[2011/07/20 22:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aspyr
[2011/07/20 20:36:42 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{6D65928C-2DEF-4B94-80DB-16B7D9A0ECB1}
[2011/07/20 08:36:16 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{0E1C5E94-058A-4562-919D-8A567120E26E}
[2011/07/19 22:23:25 | 000,000,000 | ---D | C] -- C:\1b0436ce47c7a4ee760b12b5
[2011/07/19 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{EB9D8E2F-4D7B-4AAE-B47F-B3D6DF28421D}
[2011/07/18 21:43:10 | 000,000,000 | ---D | C] -- C:\7fd53fa06db13f699515ce5b92be5460
[2011/07/18 10:37:05 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{DA3934FA-6E20-4A0F-B878-FCE939C2CE11}
[2011/07/17 23:09:47 | 000,000,000 | ---D | C] -- C:\fcb569f5022dbec5bdfaa39f3a
[2011/07/17 11:14:50 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{5931A992-CA1F-4E2C-B961-DBE57A7BDDF5}
[2011/07/16 23:14:24 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{4BA29C4D-68D0-49EC-A3FF-186DEAADE042}
[2011/07/15 22:32:25 | 000,000,000 | ---D | C] -- C:\cfb50421f2e6f7656a7f5983c3a424e3
[2011/07/15 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\Blizzard Entertainment
[2011/07/15 20:00:44 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{2393EF26-FB39-4882-8C1B-C481DB95DFDE}
[2011/07/15 18:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/07/15 08:00:19 | 000,000,000 | ---D | C] -- C:\Users\Placido\AppData\Local\{792FBB43-AAEA-4382-8D03-9B0F86B23BA0}
[2011/07/14 22:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011/07/14 22:00:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Placido\Desktop\*.tmp files -> C:\Users\Placido\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/13 20:17:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/13 19:48:04 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3047595135-2247752764-3637869313-1001UA.job
[2011/08/13 15:47:49 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/13 15:47:49 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/13 15:41:33 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/13 15:40:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/13 15:40:06 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 23:36:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011/08/12 20:48:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3047595135-2247752764-3637869313-1001Core.job
[2011/08/10 11:05:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/09 21:48:54 | 000,002,413 | ---- | M] () -- C:\Users\Placido\Desktop\Google Chrome.lnk
[2011/08/02 19:24:48 | 000,001,657 | ---- | M] () -- C:\Users\Placido\Desktop\Novo1.pas
[2011/07/31 21:28:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/25 21:33:38 | 000,001,656 | ---- | M] () -- C:\Users\Placido\Desktop\Jogar (EasyBits GO).lnk
[2011/07/25 17:34:39 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Drum Controller Standard Tuning Kit.lnk
[2011/07/25 17:32:57 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Play Guitar Hero World Tour.lnk
[2011/07/22 02:42:23 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/07/22 02:35:31 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/07/22 02:33:41 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/07/22 02:32:49 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/07/22 02:30:55 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/07/21 23:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/07/21 23:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/07/21 23:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/07/21 23:44:42 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/07/21 23:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/07/19 20:15:03 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/07/17 22:55:36 | 000,739,218 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/07/17 22:55:36 | 000,686,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/17 22:55:36 | 000,173,996 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/07/17 22:55:36 | 000,147,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/17 22:55:36 | 000,006,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/16 02:26:54 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/16 02:26:53 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/16 02:26:53 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/16 02:26:18 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/16 02:24:09 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/16 02:21:32 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/16 02:21:32 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/16 02:17:46 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/16 02:04:54 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/16 02:04:54 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 02:04:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/16 02:04:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 02:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 02:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 02:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 02:04:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 02:04:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/16 01:36:09 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/16 01:31:50 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/16 01:30:29 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/16 01:19:58 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 01:19:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 01:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 01:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 01:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 01:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 01:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 01:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/15 23:26:12 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/15 23:26:11 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/15 23:21:47 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/15 23:21:47 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/15 23:21:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/15 23:21:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/15 20:34:00 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Placido\Desktop\*.tmp files -> C:\Users\Placido\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 21:28:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/29 14:12:43 | 000,001,657 | ---- | C] () -- C:\Users\Placido\Desktop\Novo1.pas
[2011/07/25 21:33:38 | 000,001,686 | ---- | C] () -- C:\Users\Placido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jogar (EasyBits GO).lnk
[2011/07/25 21:33:38 | 000,001,656 | ---- | C] () -- C:\Users\Placido\Desktop\Jogar (EasyBits GO).lnk
[2011/07/25 17:34:39 | 000,002,306 | ---- | C] () -- C:\Users\Public\Desktop\Drum Controller Standard Tuning Kit.lnk
[2011/07/25 17:32:57 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Play Guitar Hero World Tour.lnk
[2011/07/15 18:48:03 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/07/09 17:18:00 | 000,003,584 | ---- | C] () -- C:\Users\Placido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/27 00:27:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/01/15 18:04:59 | 000,887,296 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/15 18:04:59 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/01/15 18:04:58 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/01/05 20:44:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/26 11:00:34 | 000,170,191 | ---- | C] () -- C:\Windows\hpoins33.dat
[2010/12/26 11:00:34 | 000,000,820 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2010/12/25 13:38:02 | 000,000,095 | ---- | C] () -- C:\Users\Placido\AppData\Local\fusioncache.dat
[2010/12/25 13:34:49 | 001,618,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/25 13:32:18 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/25 11:04:02 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2009/07/14 02:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 21:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/18 19:46:39 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\2K Sports
[2011/07/31 21:30:36 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\DAEMON Tools Lite
[2011/06/29 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\Day 1 Studios
[2011/07/15 18:43:19 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\DisneyInteractiveStudios
[2011/07/25 21:33:38 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\go
[2011/01/07 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\Hex-Rays
[2011/03/18 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\ManyCam
[2011/08/12 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\Opera
[2011/02/02 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\PFStaticIP
[2011/03/19 19:42:00 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\PhotoScape
[2011/04/07 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\PunkBuster
[2011/03/02 15:15:21 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\Tunngle
[2011/01/21 15:44:34 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\Ubisoft
[2011/08/13 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\uTorrent
[2010/12/27 12:48:01 | 000,000,000 | ---D | M] -- C:\Users\Placido\AppData\Roaming\Windows Live Writer
[2011/07/13 19:51:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[semeador21]

estou com um porreiro. Utilizo o combofix e consertou beleza, porém qdo abro o msn, ressuscita o maledito. Eu entro no site do bradesco e abre um clone dele cque no final é /ibanking

Já teste o adawre e ada feito. Utilizo atualizado o eset e pelo jeito não me ajudou. REcorro a ajuda dos profissionais que estão dispostos a ajudar. Agradeço desde já.

Segue os relatorios:

OTL logfile created on: 19/08/2011 20:17:36 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Andre Voorhees\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 53,33% Memory free
11,37 Gb Paging File | 9,80 Gb Available in Paging File | 86,21% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4990 4990 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 26,16 Gb Free Space | 53,57% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 176,03 Gb Free Space | 95,64% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 418,05 Gb Free Space | 44,88% Space Free | Partition Type: NTFS

Computer Name: ANDREVOORHEES | User Name: Andre Voorhees | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/19 20:15:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Andre Voorhees\Desktop\OTL.exe
PRC - [2011/08/19 00:18:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Arquivos de Programas\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/19 00:18:45 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Arquivos de Programas\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/17 19:44:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 08:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 08:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/03 08:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/11 18:48:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\Arquivos de Programas\Winamp\winamp.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 06:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de Programas\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 09:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe
PRC - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Arquivos de Programas\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/06/25 09:26:46 | 001,686,128 | R--- | M] (VIA) -- C:\Arquivos de Programas\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2010/04/16 22:12:18 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2011/08/19 20:13:45 | 000,206,336 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\winamp.lng
MOD - [2011/08/19 20:13:45 | 000,149,504 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\vis_milk2.lng
MOD - [2011/08/19 20:13:45 | 000,085,504 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\vis_avs.lng
MOD - [2011/08/19 20:13:45 | 000,007,680 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\vis_nsfs.lng
MOD - [2011/08/19 20:13:45 | 000,004,096 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\winampa.lng
MOD - [2011/08/19 20:13:44 | 000,062,976 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\burnlib.lng
MOD - [2011/08/19 20:13:44 | 000,053,248 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_local.lng
MOD - [2011/08/19 20:13:44 | 000,044,032 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_pmp.lng
MOD - [2011/08/19 20:13:44 | 000,043,008 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_disc.lng
MOD - [2011/08/19 20:13:44 | 000,042,496 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\pmp_wifi.lng
MOD - [2011/08/19 20:13:44 | 000,037,376 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_jumpex.lng
MOD - [2011/08/19 20:13:44 | 000,036,864 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\pmp_ipod.lng
MOD - [2011/08/19 20:13:44 | 000,036,352 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ombrowser.lng
MOD - [2011/08/19 20:13:44 | 000,022,016 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_mp3.lng
MOD - [2011/08/19 20:13:44 | 000,021,504 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_ff.lng
MOD - [2011/08/19 20:13:44 | 000,020,992 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_ml.lng
MOD - [2011/08/19 20:13:44 | 000,019,968 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_midi.lng
MOD - [2011/08/19 20:13:44 | 000,019,456 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\pmp_android.lng
MOD - [2011/08/19 20:13:44 | 000,018,432 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_mod.lng
MOD - [2011/08/19 20:13:44 | 000,016,384 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\out_ds.lng
MOD - [2011/08/19 20:13:44 | 000,014,336 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_wm.lng
MOD - [2011/08/19 20:13:44 | 000,013,824 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\pmp_usb.lng
MOD - [2011/08/19 20:13:44 | 000,013,824 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_wire.lng
MOD - [2011/08/19 20:13:44 | 000,013,824 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_online.lng
MOD - [2011/08/19 20:13:44 | 000,013,824 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\dsp_sps.lng
MOD - [2011/08/19 20:13:44 | 000,012,800 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_playlists.lng
MOD - [2011/08/19 20:13:44 | 000,012,800 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_cdda.lng
MOD - [2011/08/19 20:13:44 | 000,012,288 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_plg.lng
MOD - [2011/08/19 20:13:44 | 000,011,264 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_vorbis.lng
MOD - [2011/08/19 20:13:44 | 000,011,264 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_nsv.lng
MOD - [2011/08/19 20:13:44 | 000,010,752 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_skinmanager.lng
MOD - [2011/08/19 20:13:44 | 000,010,752 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\auth.lng
MOD - [2011/08/19 20:13:44 | 000,010,240 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_undo.lng
MOD - [2011/08/19 20:13:44 | 000,010,240 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_hotkeys.lng
MOD - [2011/08/19 20:13:44 | 000,010,240 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_classicart.lng
MOD - [2011/08/19 20:13:44 | 000,009,728 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\enc_aacplus.lng
MOD - [2011/08/19 20:13:44 | 000,009,216 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_timerestore.lng
MOD - [2011/08/19 20:13:44 | 000,009,216 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_nopro.lng
MOD - [2011/08/19 20:13:44 | 000,008,704 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_history.lng
MOD - [2011/08/19 20:13:44 | 000,008,704 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_downloads.lng
MOD - [2011/08/19 20:13:44 | 000,008,704 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_devices.lng
MOD - [2011/08/19 20:13:44 | 000,007,680 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_transcode.lng
MOD - [2011/08/19 20:13:44 | 000,007,680 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_tray.lng
MOD - [2011/08/19 20:13:44 | 000,007,168 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\out_wave.lng
MOD - [2011/08/19 20:13:44 | 000,007,168 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_dshow.lng
MOD - [2011/08/19 20:13:44 | 000,007,168 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_orgler.lng
MOD - [2011/08/19 20:13:44 | 000,007,168 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_crasher.lng
MOD - [2011/08/19 20:13:44 | 000,006,656 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_autotag.lng
MOD - [2011/08/19 20:13:44 | 000,006,656 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_wav.lng
MOD - [2011/08/19 20:13:44 | 000,006,656 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\enc_fhgaac.lng
MOD - [2011/08/19 20:13:44 | 000,006,144 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\tagz.lng
MOD - [2011/08/19 20:13:44 | 000,006,144 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\out_disk.lng
MOD - [2011/08/19 20:13:44 | 000,006,144 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_flac.lng
MOD - [2011/08/19 20:13:44 | 000,006,144 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\enc_wma.lng
MOD - [2011/08/19 20:13:44 | 000,005,632 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_wave.lng
MOD - [2011/08/19 20:13:44 | 000,005,632 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\enc_lame.lng
MOD - [2011/08/19 20:13:44 | 000,005,120 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_rg.lng
MOD - [2011/08/19 20:13:44 | 000,005,120 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_impex.lng
MOD - [2011/08/19 20:13:44 | 000,005,120 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_bookmarks.lng
MOD - [2011/08/19 20:13:44 | 000,005,120 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_avi.lng
MOD - [2011/08/19 20:13:44 | 000,004,608 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\pmp_activesync.lng
MOD - [2011/08/19 20:13:44 | 000,004,608 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_enqplay.lng
MOD - [2011/08/19 20:13:44 | 000,004,608 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_mp4.lng
MOD - [2011/08/19 20:13:44 | 000,004,608 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_mkv.lng
MOD - [2011/08/19 20:13:44 | 000,004,096 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\pmp_p4s.lng
MOD - [2011/08/19 20:13:44 | 000,004,096 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_wv.lng
MOD - [2011/08/19 20:13:44 | 000,004,096 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\gen_find_on_disk.lng
MOD - [2011/08/19 20:13:44 | 000,004,096 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\enc_wav.lng
MOD - [2011/08/19 20:13:44 | 000,004,096 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\enc_vorbis.lng
MOD - [2011/08/19 20:13:44 | 000,004,096 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\enc_flac.lng
MOD - [2011/08/19 20:13:44 | 000,003,584 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\pmp_njb.lng
MOD - [2011/08/19 20:13:44 | 000,003,584 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\playlist.lng
MOD - [2011/08/19 20:13:44 | 000,003,584 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_nowplaying.lng
MOD - [2011/08/19 20:13:44 | 000,003,584 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\ml_addons.lng
MOD - [2011/08/19 20:13:44 | 000,003,584 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_swf.lng
MOD - [2011/08/19 20:13:44 | 000,003,584 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_linein.lng
MOD - [2011/08/19 20:13:44 | 000,003,584 | ---- | M] () -- C:\Users\ANDREV~1\AppData\Local\Temp\WLZ5792.tmp\in_flv.lng
MOD - [2011/08/17 19:44:48 | 001,846,232 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll
MOD - [2011/08/12 19:13:00 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/10 19:49:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/10 19:48:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/10 19:48:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/07/21 19:30:22 | 000,623,616 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\jnetlib.w5s
MOD - [2011/07/21 19:30:22 | 000,154,624 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\jpeg.w5s
MOD - [2011/07/21 19:30:22 | 000,103,936 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\png.w5s
MOD - [2011/07/21 19:30:22 | 000,090,112 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\xml.w5s
MOD - [2011/07/21 19:30:22 | 000,084,480 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\playlist.w5s
MOD - [2011/07/21 19:30:22 | 000,083,968 | ---- | M] () -- C:\Arquivos de Programas\Winamp\tataki.dll
MOD - [2011/07/21 19:30:22 | 000,052,224 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\out_ds.dll
MOD - [2011/07/21 19:30:22 | 000,047,616 | ---- | M] () -- C:\Arquivos de Programas\Winamp\zlib.dll
MOD - [2011/07/21 19:30:22 | 000,035,328 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\timer.w5s
MOD - [2011/07/21 19:30:22 | 000,023,040 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\albumart.w5s
MOD - [2011/07/21 19:30:22 | 000,022,528 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\out_disk.dll
MOD - [2011/07/21 19:30:22 | 000,021,504 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\tagz.w5s
MOD - [2011/07/21 19:30:22 | 000,019,456 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\gif.w5s
MOD - [2011/07/21 19:30:22 | 000,019,456 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\bmp.w5s
MOD - [2011/07/21 19:30:22 | 000,018,432 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\out_wave.dll
MOD - [2011/07/21 19:30:22 | 000,016,896 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\dlmgr.w5s
MOD - [2011/07/21 19:30:22 | 000,016,384 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\gracenote.w5s
MOD - [2011/07/21 19:30:22 | 000,014,336 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\filereader.w5s
MOD - [2011/07/21 19:30:22 | 000,013,824 | ---- | M] () -- C:\Arquivos de Programas\Winamp\System\primo.w5s
MOD - [2011/07/21 19:30:21 | 000,313,344 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_wm.dll
MOD - [2011/07/21 19:30:21 | 000,285,696 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_mp3.dll
MOD - [2011/07/21 19:30:21 | 000,252,416 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_vorbis.dll
MOD - [2011/07/21 19:30:21 | 000,165,376 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_mod.dll
MOD - [2011/07/21 19:30:21 | 000,109,568 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_midi.dll
MOD - [2011/07/21 19:30:21 | 000,102,400 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_cdda.dll
MOD - [2011/07/21 19:30:21 | 000,060,928 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_flac.dll
MOD - [2011/07/21 19:30:21 | 000,050,688 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_mp4.dll
MOD - [2011/07/21 19:30:21 | 000,016,896 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_wave.dll
MOD - [2011/07/21 19:30:21 | 000,007,168 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\in_linein.dll
MOD - [2011/07/21 19:30:20 | 000,183,808 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\gen_jumpex.dll
MOD - [2011/07/21 19:30:20 | 000,045,056 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\gen_msn.dll
MOD - [2011/07/21 19:30:20 | 000,027,648 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011/07/21 19:30:20 | 000,025,600 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\gen_tray.dll
MOD - [2011/07/21 19:30:19 | 001,737,728 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\gen_ff.dll
MOD - [2011/07/21 19:30:19 | 000,340,992 | ---- | M] () -- C:\Arquivos de Programas\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2011/07/21 19:30:18 | 000,410,624 | ---- | M] () -- C:\Arquivos de Programas\Winamp\nsutil.dll
MOD - [2011/07/21 19:30:18 | 000,253,440 | ---- | M] () -- C:\Arquivos de Programas\Winamp\libsndfile.dll
MOD - [2011/07/21 19:30:18 | 000,078,848 | ---- | M] () -- C:\Arquivos de Programas\Winamp\nde.dll
MOD - [2011/03/21 06:32:08 | 000,498,760 | ---- | M] () -- C:\Arquivos de Programas\ManyCam\Bin\cximagecrt.dll
MOD - [2010/06/25 09:26:52 | 000,100,976 | R--- | M] () -- C:\Arquivos de Programas\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2010/06/25 09:26:42 | 064,663,664 | R--- | M] () -- C:\Arquivos de Programas\VIA\VIAudioi\VDeck\skin.dll
MOD - [2010/06/25 09:26:40 | 000,113,264 | R--- | M] () -- C:\Arquivos de Programas\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2010/06/25 09:26:40 | 000,080,496 | R--- | M] () -- C:\Arquivos de Programas\VIA\VIAudioi\VDeck\QsApoApi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/19 00:18:45 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/03 08:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/07 20:21:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/19 00:19:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/19 00:19:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/03 08:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/24 20:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/10 06:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/03/31 23:08:09 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 09:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 09:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 09:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 06:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 06:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/03 06:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/07/29 12:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/07/29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 12:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/07/29 12:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/05/15 08:11:42 | 001,150,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/16 00:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/11/19 01:29:38 | 010,192,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = F:\
IE - HKU\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com.br/
IE - HKU\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 50 E1 FC 92 2E CC 01 [binary data]
IE - HKU\S-1-5-21-432924015-704257289-2575384188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-432924015-704257289-2575384188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://otr.iexplorerset.com:8083/connect.dat


========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.g1.com.br"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 19:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/19 00:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/03/31 00:41:17 | 000,000,000 | ---D | M]

[2011/03/31 00:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre Voorhees\AppData\Roaming\mozilla\Extensions
[2011/08/17 19:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre Voorhees\AppData\Roaming\mozilla\Firefox\Profiles\04ksm0xu.default\extensions
[2011/07/16 23:12:41 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Andre Voorhees\AppData\Roaming\mozilla\Firefox\Profiles\04ksm0xu.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/05/19 21:40:02 | 000,000,000 | ---D | M] (Orkut Manager) -- C:\Users\Andre Voorhees\AppData\Roaming\mozilla\Firefox\Profiles\04ksm0xu.default\extensions\om.brunolm@gmail.com
[2011/07/10 12:01:28 | 000,002,155 | ---- | M] () -- C:\Users\Andre Voorhees\AppData\Roaming\Mozilla\Firefox\Profiles\04ksm0xu.default\searchplugins\google-brasil.xml
[2011/03/31 20:58:15 | 000,002,067 | ---- | M] () -- C:\Users\Andre Voorhees\AppData\Roaming\Mozilla\Firefox\Profiles\04ksm0xu.default\searchplugins\pesquisa-de-vdeos-do-youtube.xml
[2011/08/19 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2011/03/31 00:48:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/19 00:49:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\ANDRE VOORHEES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\04KSM0XU.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/08/17 19:44:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/19 00:49:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 18:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011/08/19 19:16:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKU\S-1-5-21-432924015-704257289-2575384188-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-432924015-704257289-2575384188-1000..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-432924015-704257289-2575384188-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-432924015-704257289-2575384188-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-432924015-704257289-2575384188-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de Programas\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 20:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2011/08/19 20:15:18 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Andre Voorhees\Desktop\OTL.exe
[2011/08/19 20:09:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/19 20:08:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/19 19:43:25 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2011/08/19 19:18:16 | 000,000,000 | ---D | C] -- C:\Users\Andre Voorhees\AppData\Local\temp
[2011/08/19 19:09:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/19 19:09:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/19 19:09:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/19 19:09:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/19 19:07:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/19 19:07:19 | 004,178,757 | R--- | C] (Swearware) -- C:\Users\Andre Voorhees\Desktop\ComboFix.exe
[2011/08/19 00:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/19 00:49:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/19 00:49:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/19 00:49:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/19 00:19:35 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/08/19 00:19:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/19 00:19:33 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/19 00:11:13 | 000,000,000 | ---D | C] -- C:\Users\Andre Voorhees\AppData\Local\Sunbelt Software
[2011/08/19 00:08:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/08/19 00:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/08/19 00:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/19 00:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/08/18 23:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/18 23:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/18 23:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/15 21:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/08/15 21:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/08/15 21:16:49 | 003,730,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011/08/15 21:16:49 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2011/08/15 21:16:49 | 002,558,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011/08/15 21:16:49 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011/08/15 21:16:49 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2011/08/15 21:16:46 | 000,600,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll
[2011/08/15 21:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/08/15 21:12:45 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011/08/15 21:12:45 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011/08/15 21:12:45 | 012,636,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011/08/15 21:12:45 | 010,304,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011/08/15 21:12:45 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011/08/15 21:12:45 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011/08/15 21:12:45 | 002,412,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011/08/15 21:12:45 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011/08/15 21:12:45 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011/08/15 21:12:45 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2011/08/15 21:12:45 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco322040.dll
[2011/08/15 21:12:45 | 000,139,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2011/08/15 21:12:45 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/08/15 21:12:45 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2011/08/12 21:32:08 | 000,000,000 | ---D | C] -- C:\Traduz Games
[2011/08/12 20:42:32 | 000,000,000 | ---D | C] -- C:\Users\Andre Voorhees\AppData\Local\2K Games
[2011/08/11 21:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/09 20:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/08/09 20:30:47 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011/08/09 20:30:47 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2011/08/09 20:30:47 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011/08/09 19:03:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/09 19:03:12 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/09 19:03:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/09 19:03:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/09 19:03:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/09 18:58:11 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/09 18:58:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/09 18:58:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/09 18:58:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/09 18:58:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/09 18:58:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/09 18:58:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/09 18:58:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/09 18:58:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/09 18:58:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/09 18:58:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/09 18:58:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/09 18:58:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/09 18:58:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/09 18:58:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/09 18:58:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/09 18:58:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/09 18:58:08 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/09 18:58:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/09 18:58:08 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/09 18:58:08 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/09 18:58:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/09 18:58:03 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/09 18:58:02 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/07 21:33:00 | 000,000,000 | ---D | C] -- C:\Users\Andre Voorhees\AppData\Roaming\Origin
[2011/08/07 14:57:43 | 000,875,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2011/07/31 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Segnas
[2011/07/22 23:56:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/21 19:30:15 | 000,000,000 | ---D | C] -- C:\Users\Andre Voorhees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detectar Aplicação
[2011/07/21 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/07/21 19:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/03/31 20:28:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Andre Voorhees\AppData\Roaming\pcouffin.sys
[2005/11/23 20:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[4 C:\Users\Andre Voorhees\AppData\Local\*.tmp files -> C:\Users\Andre Voorhees\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/19 20:15:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Andre Voorhees\Desktop\OTL.exe
[2011/08/19 19:55:05 | 000,000,156 | ---- | M] () -- C:\Users\Andre Voorhees\Documents\cc_20110819_195449.reg
[2011/08/19 19:26:05 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/19 19:16:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/19 19:05:50 | 004,178,757 | R--- | M] (Swearware) -- C:\Users\Andre Voorhees\Desktop\ComboFix.exe
[2011/08/19 19:02:18 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 19:02:18 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 18:58:40 | 000,666,510 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2011/08/19 18:58:40 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/19 18:58:40 | 000,128,740 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2011/08/19 18:58:40 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/19 18:54:26 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/19 18:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/19 18:53:47 | 2615,709,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/19 00:49:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/19 00:49:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/19 00:49:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/19 00:49:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/19 00:42:43 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2011/08/19 00:20:02 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/19 00:20:02 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/19 00:19:32 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/19 00:19:29 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/08/19 00:19:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/08/19 00:08:55 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/18 23:37:37 | 000,001,232 | ---- | M] () -- C:\Users\Andre Voorhees\Desktop\Spybot - Search & Destroy.lnk
[2011/08/17 23:41:01 | 000,135,680 | ---- | M] () -- C:\Users\Andre Voorhees\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/17 22:11:16 | 000,001,669 | -HS- | M] () -- C:\Users\Andre Voorhees\amsfx.vbs
[2011/08/13 07:34:58 | 002,258,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/12 21:27:38 | 000,000,728 | ---- | M] () -- C:\Users\Andre Voorhees\Desktop\Mafia II.lnk
[2011/08/12 19:13:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/11 21:18:58 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/09 20:36:31 | 000,001,034 | ---- | M] () -- C:\Users\Andre Voorhees\Desktop\MP3Gain.lnk
[2011/08/08 05:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/08 05:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011/08/07 21:32:49 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/08/03 08:50:00 | 017,193,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011/08/03 08:50:00 | 016,595,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011/08/03 08:50:00 | 012,636,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011/08/03 08:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011/08/03 08:50:00 | 006,613,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011/08/03 08:50:00 | 005,404,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011/08/03 08:50:00 | 003,730,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011/08/03 08:50:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2011/08/03 08:50:00 | 002,558,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011/08/03 08:50:00 | 002,412,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011/08/03 08:50:00 | 002,391,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011/08/03 08:50:00 | 002,090,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011/08/03 08:50:00 | 000,914,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2011/08/03 08:50:00 | 000,600,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll
[2011/08/03 08:50:00 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011/08/03 08:50:00 | 000,066,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2011/08/03 08:50:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/08/03 08:50:00 | 000,004,358 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/08/03 03:31:54 | 000,311,912 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2011/07/30 00:38:14 | 000,000,000 | ---- | M] () -- C:\Users\Andre Voorhees\AppData\Local\{C3989CDC-BF75-4966-BD0D-E06405A4A0AF}
[2011/07/23 15:57:00 | 000,875,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2011/07/21 23:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 23:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 23:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 23:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 23:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/21 20:41:35 | 000,000,947 | ---- | M] () -- C:\Users\Andre Voorhees\Desktop\André.lnk
[4 C:\Users\Andre Voorhees\AppData\Local\*.tmp files -> C:\Users\Andre Voorhees\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 19:55:03 | 000,000,156 | ---- | C] () -- C:\Users\Andre Voorhees\Documents\cc_20110819_195449.reg
[2011/08/19 19:37:29 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/08/19 19:09:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/19 19:09:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/19 19:09:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/19 19:09:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/19 19:09:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/19 00:20:02 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/19 00:20:02 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/19 00:08:55 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/18 23:37:37 | 000,001,232 | ---- | C] () -- C:\Users\Andre Voorhees\Desktop\Spybot - Search & Destroy.lnk
[2011/08/17 22:11:16 | 000,001,669 | -HS- | C] () -- C:\Users\Andre Voorhees\amsfx.vbs
[2011/08/15 21:12:45 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/08/12 21:27:38 | 000,000,728 | ---- | C] () -- C:\Users\Andre Voorhees\Desktop\Mafia II.lnk
[2011/08/12 20:46:48 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2011/08/11 21:18:58 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/09 20:30:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/09 20:30:47 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/09 20:30:47 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/09 20:30:46 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/07/30 00:37:28 | 000,000,000 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Local\{C3989CDC-BF75-4966-BD0D-E06405A4A0AF}
[2011/06/23 18:40:50 | 000,000,000 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Local\{18BBBEBC-FA9F-4CA8-A163-268CDB25D93D}
[2011/06/05 15:11:56 | 000,000,000 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Local\{F292E092-28B3-47C8-BC6F-2D87771E1566}
[2011/06/01 20:59:03 | 000,000,000 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Local\{FFC8EAB1-42C3-498E-B320-C26B0692C931}
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/02 16:22:10 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/31 20:29:08 | 000,200,285 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Roaming\vso_ts_preview.xml
[2011/03/31 20:28:26 | 000,007,887 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Roaming\pcouffin.cat
[2011/03/31 20:28:26 | 000,001,144 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Roaming\pcouffin.inf
[2011/03/31 20:07:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/31 20:06:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/31 01:14:52 | 000,135,680 | ---- | C] () -- C:\Users\Andre Voorhees\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 00:57:48 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/03/31 00:09:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/31 00:09:51 | 000,037,628 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/16 00:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 05:31:12 | 000,666,510 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 05:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 05:31:12 | 000,128,740 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 05:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 01:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 01:33:53 | 002,258,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 23:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 23:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 23:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 23:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 23:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 23:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/02 09:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/02/19 00:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
[2005/11/19 01:29:38 | 010,192,896 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2004/12/10 00:23:10 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/10 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\All Free Video Converter
[2011/08/14 11:08:16 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Audacity
[2011/05/16 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Auslogics
[2011/07/30 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/08/13 00:35:35 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\DAEMON Tools Lite
[2011/03/31 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\ESET
[2011/04/04 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\GlobalSCAPE
[2011/04/01 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\ManyCam
[2011/08/13 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Mp3tag
[2011/03/31 22:55:34 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\NCH Swift Sound
[2011/08/07 21:33:00 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Origin
[2011/06/02 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Publish Providers
[2011/07/11 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Red Alert 3
[2011/06/02 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Sony
[2011/08/13 00:35:35 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\uTorrent
[2011/06/23 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\Andre Voorhees\AppData\Roaming\Vso
[2011/08/18 19:04:59 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
=======================

OTL Extras logfile created on: 19/08/2011 20:17:36 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Andre Voorhees\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 53,33% Memory free
11,37 Gb Paging File | 9,80 Gb Available in Paging File | 86,21% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4990 4990 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 26,16 Gb Free Space | 53,57% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 176,03 Gb Free Space | 95,64% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 418,05 Gb Free Space | 44,88% Space Free | Partition Type: NTFS

Computer Name: ANDREVOORHEES | User Name: Andre Voorhees | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18C9716F-C906-441F-BA66-CABAA5CB2DCE}" = Adobe XMP Panels CS4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36A3719F-8A06-451A-935A-B4A5BAE77C87}" = ESET Smart Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6D4A54DD-C9E2-4647-B872-2E83C188584B}" = Windows Live Movie Maker
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C39D3751-2E01-442B-9B98-8037862DD58D}_is1" = JDownloader AntiRecaptcha versão 1 By RoberWii
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Atualização de Driver do Windows Mobile Device Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1489-3350-5074-6281" = JDownloader 0.9
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"All Free Video Converter_is1" = All Free Video Converter 4.1.6
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Capsule" = Capsule
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"ManyCam" = ManyCam 2.6.43 (remove only)
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Mozilla Firefox 6.0 (x86 pt-BR)" = Mozilla Firefox 6.0 (x86 pt-BR)
"Mp3tag" = Mp3tag v2.49
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Steam App 9930" = Test Drive Unlimited 2
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-432924015-704257289-2575384188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detectar Aplicação

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/08/2011 22:46:18 | Computer Name = AndreVoorhees | Source = RasClient | ID = 20227
Description =

Error - 07/08/2011 22:46:35 | Computer Name = AndreVoorhees | Source = RasClient | ID = 20227
Description =

Error - 11/08/2011 18:30:26 | Computer Name = AndreVoorhees | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: wmplayer.exe, versão: 12.0.7601.17514,
carimbo de hora: 0x4ce7a485 Nome do módulo de falhas: unknown, versão: 0.0.0.0,
carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha:
0xfb1e5cea Identificação do processo com falha: 0xc54 Hora de início do aplicativo
com falha: 0x01cc5875b28a8127 Caminho do aplicativo com falha: C:\Program Files\Windows
Media Player\wmplayer.exe FCaminho do módulo de falhas: unknown Identificação do
Relatório: 82199ac8-c469-11e0-b2a9-20cf30bb98d8

Error - 14/08/2011 10:33:03 | Computer Name = AndreVoorhees | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AUDIODG.EXE, versão: 6.1.7601.17514,
carimbo de hora: 0x4ce7a278 Nome do módulo de falhas: VIASysFx.dll, versão: 1.0.0.0,
carimbo de hora: 0x4beb78d4 Código de exceção: 0xc0000094 Deslocamento com falha:
0x0005b68c Identificação do processo com falha: 0xf24 Hora de início do aplicativo
com falha: 0x01cc5a89e73db23f Caminho do aplicativo com falha: C:\Windows\system32\AUDIODG.EXE
FCaminho
do módulo de falhas: C:\Windows\system32\VIASysFx.dll Identificação do Relatório:
51158c50-c682-11e0-b8c4-20cf30bb98d8

Error - 14/08/2011 10:33:56 | Computer Name = AndreVoorhees | Source = Application Hang | ID = 1002
Description = O programa mpc-hc.exe versão 1.5.3.3611 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações. ID de Processo:
e8c Hora de Início: 01cc5a8f282f5007 Hora de Término: 16 Caminho do Aplicativo: C:\Program
Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Id do Relatório: 6f5bddb5-c682-11e0-b8c4-20cf30bb98d8


Error - 15/08/2011 18:15:30 | Computer Name = AndreVoorhees | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AUDIODG.EXE, versão: 6.1.7601.17514,
carimbo de hora: 0x4ce7a278 Nome do módulo de falhas: VIASysFx.dll, versão: 1.0.0.0,
carimbo de hora: 0x4beb78d4 Código de exceção: 0xc0000094 Deslocamento com falha:
0x0005b68c Identificação do processo com falha: 0x430 Hora de início do aplicativo
com falha: 0x01cc5b98ce025017 Caminho do aplicativo com falha: C:\Windows\system32\AUDIODG.EXE
FCaminho
do módulo de falhas: C:\Windows\system32\VIASysFx.dll Identificação do Relatório:
159ba190-c78c-11e0-97cf-20cf30bb98d8

Error - 17/08/2011 19:21:09 | Computer Name = AndreVoorhees | Source = Application Hang | ID = 1002
Description = O programa firefox.exe versão 6.0.0.4240 parou de interagir com o
Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: 175c Hora de Início: 01cc5d34469c3589 Hora de Término: 30 Caminho do
Aplicativo: C:\Program Files\Mozilla Firefox\firefox.exe Id do Relatório: 94cabd79-c927-11e0-8260-20cf30bb98d8


Error - 18/08/2011 23:11:04 | Computer Name = AndreVoorhees | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 18/08/2011 23:42:24 | Computer Name = AndreVoorhees | Source = Application Hang | ID = 1002
Description = O programa Ad-AwareAdmin.exe versão 9.0.0.0 parou de interagir com
o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: 4ac Hora de Início: 01cc5e1ed0d00d89 Hora de Término: 13 Caminho do Aplicativo:
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Id do Relatório: 3f127731-ca15-11e0-9577-20cf30bb98d8


Error - 19/08/2011 19:10:17 | Computer Name = AndreVoorhees | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 19/08/2011 17:54:36 | Computer Name = AndreVoorhees | Source = atapi | ID = 262155
Description = O driver detectou um erro de controlador em \Device\Ide\IdePort0.

Error - 19/08/2011 18:10:34 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 18:13:36 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 18:16:05 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 18:45:20 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 18:47:35 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 18:49:48 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 19:03:41 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 19:05:54 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 19/08/2011 19:08:08 | Computer Name = AndreVoorhees | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.


< End of report >

 

[louiserolim]

Pc infecta repetidas vezes.

Olá:
Fazem 2 semanas que venho tendo problemas com meu PC, que trava muito e não abre algumas paginas da internet. Também trava quando abro algumas pastas do Windows, principalmente a de filmes e de fotos.
Tenho usado o combofix 1 vez por semana. Depois fica tudo bem ,e de repente estraga de novo.
Achei esse Fórum Adrenaline e espero que vcs possam me ajudar.
Gostaria de não precisar formatar o PC, só se for muito necessário mesmo.
Costumo usar só o Mozilla Firefox, raras vezes o Internet Explorer.
Como faço pra postar o log do OTL e do HighJackThis?:boring:

 

[leonardo242513]

fala ai galera
ontem eu fui abrir o meu hotmail e msn
dizia que ele estava bloqueado
hoje eu fui na casa do meu primo ai ele disse que na caixa de entrada de e-mails dele tinha um monte de
email meu so que eu nao mandei nenhum
o que pode ser?

 

[victoram]

Olá grande MR. Wolf!!
ja faz mais de 1 ano em que voce me ajudou com um problema serio de malware, e mantive suas dicas de segurança, porém hoje no meu notebook esta se comportando estranhamente, e como nao consegui por mim mesmo, vim aqui solicitar sua ajuda.

Eis os sintomas:
uso do CPU NUNCA abaixa de 25%(sendo os 2 nucleos físicos com media de 50% e os hypethreads 0~10%) mesmo em idle
e em idle também a RAM nao abaixa de 1GB, mas creio que seja normal.
analisando processos vi que uma vez o rundll estava consumindo minha cpu(20%), mas agora neste momento não está
consequencia que minha bateria nao dura mais nada
Notebook utiliza, i3-370m, 4gb de ram, windows 7 32 bits.

Agora vi no primeiro post seu edit, de postar um log do OTL segue abaixo!
OTL.txt

Spoiler

OTL logfile created on: 8/30/2011 1:34:10 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Users\Probook\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2.92 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 46.27% Memory free
5.84 Gb Paging File | 3.48 Gb Available in Paging File | 59.62% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 22.03 Gb Free Space | 7.85% Space Free | Partition Type: NTFS
Drive D: | 611.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.44% Space Free | Partition Type: FAT32

Computer Name: PROBOOK-HP | User Name: Probook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/30 13:20:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Probook\Downloads\OTL.exe
PRC - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/02 15:45:18 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Probook\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 08:28:52 | 003,510,160 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2011/03/30 18:00:34 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/26 02:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/25 17:38:44 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/12/31 04:34:28 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/08/23 11:40:42 | 001,691,192 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2010/08/23 11:40:40 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2010/07/21 14:33:00 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010/07/21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010/06/29 16:52:10 | 003,537,672 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2010/05/20 18:29:20 | 000,512,776 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe
PRC - [2010/05/20 18:29:18 | 000,824,584 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe
PRC - [2010/05/10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
PRC - [2010/04/09 21:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/03/17 09:48:42 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/17 09:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
PRC - [2010/03/04 01:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 01:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/01 14:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/02/01 17:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/12/11 21:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/12/04 09:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\System32\uArcCapture.exe
PRC - [2009/11/24 22:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2009/11/18 19:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/04 18:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 18:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/23 15:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
PRC - [2007/07/24 15:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 06:49:17 | 000,400,440 | ---- | M] () -- C:\Users\Probook\AppData\Local\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
MOD - [2011/08/17 06:49:15 | 004,118,072 | ---- | M] () -- C:\Users\Probook\AppData\Local\Google\Chrome\Application\13.0.782.215\pdf.dll
MOD - [2011/08/17 06:48:00 | 000,508,984 | ---- | M] () -- C:\Users\Probook\AppData\Local\Google\Chrome\Application\13.0.782.215\libglesv2.dll
MOD - [2011/08/17 06:47:59 | 000,107,576 | ---- | M] () -- C:\Users\Probook\AppData\Local\Google\Chrome\Application\13.0.782.215\libegl.dll
MOD - [2011/08/17 06:47:49 | 000,104,520 | ---- | M] () -- C:\Users\Probook\AppData\Local\Google\Chrome\Application\13.0.782.215\avutil-50.dll
MOD - [2011/08/17 06:47:48 | 000,203,848 | ---- | M] () -- C:\Users\Probook\AppData\Local\Google\Chrome\Application\13.0.782.215\avformat-52.dll
MOD - [2011/08/17 06:47:47 | 001,846,344 | ---- | M] () -- C:\Users\Probook\AppData\Local\Google\Chrome\Application\13.0.782.215\avcodec-52.dll
MOD - [2011/08/11 19:47:23 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/08/11 19:47:01 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll
MOD - [2011/08/11 19:46:59 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/08/11 19:46:48 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/08/11 19:46:31 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\5914966008346d5e9341ba1f9d6d2760\System.Core.ni.dll
MOD - [2011/08/11 19:44:58 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\7cc7d753f499e27b4bd8a45c3e81c73e\System.Management.ni.dll
MOD - [2011/08/11 19:44:47 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
MOD - [2011/08/11 19:44:43 | 011,807,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1f8e3dde1c848c4c5ee635aa0dcfcfdd\System.Web.ni.dll
MOD - [2011/08/11 19:44:37 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 19:44:36 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/08/11 19:44:34 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b6a8747fc31bd7eb902b39f884665b21\IAStorUtil.ni.dll
MOD - [2011/08/11 19:44:31 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/11 19:44:25 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/11 19:44:19 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/11 19:44:15 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/11 19:44:13 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/08/11 19:44:08 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/07/04 01:03:41 | 000,123,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/03/06 21:07:58 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/03/02 12:34:45 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2011/02/08 12:56:00 | 000,390,656 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/02/08 12:56:00 | 000,370,688 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2011/02/08 12:56:00 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detoured.dll
MOD - [2010/09/04 21:30:52 | 000,241,664 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/09/04 21:30:52 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010/09/04 21:30:52 | 000,086,016 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_pt-BR_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2010/09/04 21:30:52 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_pt-BR_b77a5c561934e089\System.Core.resources.dll
MOD - [2010/09/04 21:30:41 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/09/04 21:30:39 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/09/04 20:58:41 | 000,237,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2010/09/04 20:58:41 | 000,011,320 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Interop.HPQWMIEXLib\1.0.0.0__67b8d1b5179ba5f8\Interop.HPQWMIEXLib.dll
MOD - [2010/08/23 11:40:42 | 000,055,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
MOD - [2010/08/23 11:40:40 | 000,267,832 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
MOD - [2010/08/23 11:40:40 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
MOD - [2010/07/21 14:33:02 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2010/07/21 14:33:00 | 000,267,832 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
MOD - [2010/07/21 14:33:00 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
MOD - [2009/09/29 19:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 19:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 19:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 19:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 19:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 19:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 19:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/06/10 18:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/06 04:31:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/31 04:34:28 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/30 01:26:00 | 004,131,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/08/23 11:40:40 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2010/07/21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/06/29 16:52:10 | 003,537,672 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2010/05/20 18:29:20 | 000,512,776 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/05/20 18:29:18 | 000,824,584 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2010/05/10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/17 09:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010/03/04 01:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/01 14:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/02/01 17:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/12/14 15:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/11 21:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/12/04 09:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\System32\uArcCapture.exe -- (uArcCapture)
SRV - [2009/11/24 22:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/18 19:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/17 18:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/04 18:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 18:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/23 15:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/07/13 22:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/24 15:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2011/08/30 13:17:17 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF27DA06-4115-4A20-B10C-1B8DFF58D912}\MpKsl2abd1b45.sys -- (MpKsl2abd1b45)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/14 23:53:07 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/12/31 04:21:36 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/12/31 04:21:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/12/31 04:21:36 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/10/15 01:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Áudio do vídeo Intel(R)
DRV - [2010/06/29 15:12:02 | 000,377,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2010/06/22 14:58:08 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010/06/17 22:33:08 | 000,021,376 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmnet.sys -- (BTMNET)
DRV - [2010/05/20 17:55:32 | 000,032,896 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
DRV - [2010/04/09 21:52:48 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMMODEM)
DRV - [2010/04/09 21:52:48 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010/03/17 09:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/26 15:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/16 16:24:12 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/02/12 16:56:34 | 000,016,496 | ---- | M] (GreenVantage LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\GreenVantage LLC\CPUgenie\NBFreezer.sys -- (CPUgenieDriver)
DRV - [2010/02/01 17:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/01 17:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/02/01 17:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/02/01 17:11:22 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/04 07:48:18 | 000,029,824 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV - [2009/12/01 14:49:51 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/11 06:11:00 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/10/21 17:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/09/17 17:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 20:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 19:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/08 17:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 17:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/08/24 19:44:54 | 000,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/11/10 20:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/07 00:29:16 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\RagnarokOnline\npkcrypt.sys -- (npkcrypt)
DRV - [2005/03/03 14:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 12:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/03 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4135601794-3037352068-2172900051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4135601794-3037352068-2172900051-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Probook\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Probook\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Probook\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Probook\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/04 21:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/04 21:28:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-4135601794-3037352068-2172900051-1002..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4135601794-3037352068-2172900051-1002..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4135601794-3037352068-2172900051-1002..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Probook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4135601794-3037352068-2172900051-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\SYSTEM32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/03/09 14:17:48 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0972ae93-51c6-11e0-88ed-932f62dab5fe}\Shell - "" = AutoRun
O33 - MountPoints2\{0972ae93-51c6-11e0-88ed-932f62dab5fe}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0972ae95-51c6-11e0-88ed-932f62dab5fe}\Shell - "" = AutoRun
O33 - MountPoints2\{0972ae95-51c6-11e0-88ed-932f62dab5fe}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{246dc63b-4f1b-11e0-81d9-fcec24da31ff}\Shell - "" = AutoRun
O33 - MountPoints2\{246dc63b-4f1b-11e0-81d9-fcec24da31ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{246dc63f-4f1b-11e0-81d9-fcec24da31ff}\Shell - "" = AutoRun
O33 - MountPoints2\{246dc63f-4f1b-11e0-81d9-fcec24da31ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4cb8dfd3-4ea1-11e0-9d92-64315005b491}\Shell - "" = AutoRun
O33 - MountPoints2\{4cb8dfd3-4ea1-11e0-9d92-64315005b491}\Shell\AutoRun\command - "" = D:\Setup.exe -- [1999/03/09 14:17:50 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{5886a463-617d-11e0-a8f1-cb61ee8ecaff}\Shell - "" = AutoRun
O33 - MountPoints2\{5886a463-617d-11e0-a8f1-cb61ee8ecaff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5886a466-617d-11e0-a8f1-cb61ee8ecaff}\Shell - "" = AutoRun
O33 - MountPoints2\{5886a466-617d-11e0-a8f1-cb61ee8ecaff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8be1be1a-49cf-11e0-86e1-a9b07ae5469d}\Shell - "" = AutoRun
O33 - MountPoints2\{8be1be1a-49cf-11e0-86e1-a9b07ae5469d}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{d31b56e4-5bb4-11e0-b693-f659b9f16cfe}\Shell - "" = AutoRun
O33 - MountPoints2\{d31b56e4-5bb4-11e0-b693-f659b9f16cfe}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d31b56e6-5bb4-11e0-b693-f659b9f16cfe}\Shell - "" = AutoRun
O33 - MountPoints2\{d31b56e6-5bb4-11e0-b693-f659b9f16cfe}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 10:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament
[2011/08/30 10:42:36 | 000,000,000 | ---D | C] -- C:\UnrealTournament
[2011/08/30 10:28:17 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{34A19606-931D-445E-A40A-DD0918B3AF7D}
[2011/08/30 10:28:03 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{93D1C65A-9782-472C-9302-D100286A970F}
[2011/08/29 18:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor
[2011/08/29 18:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSI Kombustor
[2011/08/29 18:27:37 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2011/08/29 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSI Afterburner
[2011/08/29 12:03:21 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{9D8E4679-B93B-4915-98F5-D96375D805B9}
[2011/08/29 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{C3D2E2B7-CE40-43B0-A1BF-2D12244854F2}
[2011/08/29 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{46E6C1BF-37ED-45F5-BBD8-1A6B89E9CA61}
[2011/08/29 00:02:06 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{5D1E5305-BF10-4F3D-98CD-2F96241FDCB9}
[2011/08/28 12:01:34 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{75392596-3D99-4ED8-9C88-CC47B9C96E37}
[2011/08/28 12:01:09 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{0818B086-ACD2-4E3A-A0CB-7EF0829A5A96}
[2011/08/27 22:33:27 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{EE4DA62E-F64B-490E-9C01-20E72D45DF5A}
[2011/08/27 02:11:17 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{DF4328EA-5566-4F9B-9975-207EACCAF2CF}
[2011/08/27 02:11:01 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{DB0C0C2B-D146-4B69-8436-C83E7285CFFA}
[2011/08/26 12:20:29 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{7CA245A9-AA9B-4376-A350-F37EF3F447A1}
[2011/08/26 12:20:00 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{87788AB5-C084-4DA6-A523-C15BB28635C1}
[2011/08/25 22:11:49 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{9386438A-AD5A-4F78-B989-F97467507FD5}
[2011/08/25 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{8784AB50-5554-4BCD-8286-2EFF9CE4B24E}
[2011/08/25 10:10:46 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{E87111BA-87F6-4301-AAB3-F29FD4A43413}
[2011/08/25 10:10:32 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{D7D56F1B-9806-4F22-9B8F-995BB3F076D1}
[2011/08/24 23:39:27 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{824FEF42-B164-419B-A5BC-7063CCC51048}
[2011/08/24 11:38:56 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{A29DF5BC-EA02-4F8D-94D9-F35CCB6760B7}
[2011/08/24 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{CB99F763-456F-47AF-865F-89D7EB93C1B3}
[2011/08/24 01:29:06 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{30A8CA55-29C3-4B91-8212-F07D697DBF13}
[2011/08/24 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Probook\Documents\Battlefield 2
[2011/08/23 18:18:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011/08/23 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{D3D556FA-23CC-4987-A407-C5CC9EC8CDC8}
[2011/08/23 13:28:07 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{19D986CA-B1F1-4488-A2A0-7A3857342193}
[2011/08/22 18:22:23 | 000,000,000 | ---D | C] -- C:\Users\Probook\Documents\Tunngle
[2011/08/22 18:22:23 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Roaming\Tunngle
[2011/08/22 18:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011/08/22 18:22:19 | 000,027,136 | ---- | C] (Tunngle.net) -- C:\windows\System32\drivers\tap0901t.sys
[2011/08/22 18:22:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011/08/22 18:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2011/08/22 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Tunngle
[2011/08/22 17:59:52 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{771CEF46-0DEC-48AB-9D8C-5DED8C9B2B13}
[2011/08/22 17:59:37 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{C83BBA9C-02FA-4E55-B6D0-BC43E4637C85}
[2011/08/20 17:36:07 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{2B891810-14F5-4D3F-ABCE-03933001D930}
[2011/08/20 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{9AA845D4-7EAC-4242-85C7-AAD39D787C4F}
[2011/08/19 14:04:35 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{C4BFE881-F2B1-4E78-BF5F-D8BB49DE5699}
[2011/08/19 14:04:22 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{3A27DF8B-9FA6-4D1A-8E17-0D64B5447F8E}
[2011/08/18 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{51F9CC1A-C1DA-4722-AB49-949A649EF9EB}
[2011/08/18 11:31:10 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{73B57A7A-5CD8-4218-8DFF-E21B27749FB3}
[2011/08/17 14:00:00 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{0C8B743D-F022-4EE3-B98D-D48B816AC6AC}
[2011/08/17 13:59:37 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{800E9975-4EBD-414A-ADE9-7E3BFB7215A0}
[2011/08/16 22:51:56 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Roaming\Mozilla
[2011/08/16 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{750B21B1-40E1-4F8B-9B48-537490A5A62D}
[2011/08/16 12:07:25 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{98697BC1-E90A-4E82-839F-E2AFBF489FA1}
[2011/08/15 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{5052FB46-7BBA-4082-9BA4-064A2ABE1D82}
[2011/08/15 17:17:29 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{F1829066-286F-4E5C-B8E5-91EE6C69F849}
[2011/08/14 19:55:35 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{52F5F968-FEB7-434A-A66E-188965B5389B}
[2011/08/14 19:55:23 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{FE837C5A-7C31-4CE6-B546-F3BF5F391C1A}
[2011/08/14 04:27:57 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{3461E5F0-3538-45A4-B3B7-7E768EF719C1}
[2011/08/13 11:25:34 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{539E63D4-1BE6-493F-BD4C-7E87949680D7}
[2011/08/13 10:47:56 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Roaming\codeblocks
[2011/08/13 10:46:49 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2011/08/13 10:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2011/08/13 10:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\CodeBlocks
[2011/08/13 10:14:42 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{23AAD166-84A7-43E9-A7A2-2C370F9E30FB}
[2011/08/13 09:28:56 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{6AB688D6-CD24-4065-90A1-FFE55984595C}
[2011/08/13 08:41:30 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{BD877491-1567-43B1-8E01-341D1E02A155}
[2011/08/12 17:52:34 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{40A3D86E-E52B-4D72-9DD4-54C3E8687CEC}
[2011/08/12 14:21:59 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{556BF5AA-AFA4-4A9E-93A2-CCD29D4CF034}
[2011/08/11 18:18:12 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/08/11 18:16:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/08/11 18:16:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/08/11 18:16:30 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/08/11 18:16:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/08/11 18:16:30 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/08/11 18:16:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/08/11 18:16:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/08/11 18:16:30 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/08/11 18:16:30 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/08/11 18:16:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/08/11 18:16:30 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/08/11 18:16:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/08/11 18:16:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/08/11 18:16:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/08/11 18:16:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/08/11 18:16:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/08/11 18:16:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/08/11 18:16:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/08/11 18:16:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/08/11 18:16:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/08/11 18:16:30 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/08/11 18:16:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/08/11 18:16:30 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/08/11 18:16:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/08/11 18:16:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/08/11 18:16:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/08/11 18:16:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/08/11 18:16:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/08/11 18:16:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/08/11 18:16:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/08/11 18:16:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/08/11 18:16:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/08/11 18:16:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/08/11 18:16:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/08/11 18:16:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/08/11 18:16:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/08/11 18:16:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/08/11 18:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/11 18:09:32 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/08/11 18:03:10 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{F8163D30-08DD-452A-B0F9-71A247834BC1}
[2011/08/11 18:02:57 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{7186A4E2-08BE-408D-87C1-596A9502B633}
[2011/08/11 16:56:24 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{2C00F834-68D0-497C-B90B-C9F77760DA35}
[2011/08/11 16:56:06 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{246D15EB-CD86-41F5-9D9C-F00D4D7FECD5}
[2011/08/11 15:36:06 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{4D4A2609-DCF6-499D-8C9E-F0FA3DC4C31C}
[2011/08/11 15:35:43 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{AD3C27B0-7DE0-48BA-A2F7-F2CDF29CFBCF}
[2011/08/11 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{35B6614A-8DE6-43BF-A62A-4F4FE53E1878}
[2011/08/11 13:30:24 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{4D5A4750-EC7C-4C45-B120-33397E174D81}
[2011/08/11 13:06:42 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{1359CFC4-1E5E-47E9-9C1E-1BCC2AD37E0E}
[2011/08/11 13:06:18 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{FC193370-5822-44C3-BEDE-BB5846FF1E85}
[2011/08/11 12:58:51 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{60942584-F22E-4465-83A0-11E4F927856E}
[2011/08/11 12:58:08 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{CC4CCA81-B2F1-44BD-8909-A795FA60D4FE}
[2011/08/11 03:27:40 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{8A02F806-17B6-40DB-BE15-7C3F7FEAAD40}
[2011/08/11 03:27:25 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{493F715B-ECF7-41C9-B2CA-D9C643F5A075}
[2011/08/10 16:12:20 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{880F29AA-8327-4E44-A767-1CDDF62CD5CB}
[2011/08/10 16:12:07 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{300153BE-9A2F-4DF2-836A-ADD7384B195F}
[2011/08/10 14:05:14 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{D7AE590D-A0E9-49C3-B2C5-B942BC3F52FA}
[2011/08/10 14:04:07 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{47966DA5-210F-4174-83DA-641B975A6C55}
[2011/08/10 13:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/08/10 13:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2011/08/10 11:42:51 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{FB003020-A5EE-410C-BC7A-C770F809360B}
[2011/08/10 11:42:24 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{86C5CA60-15FA-4013-B6EC-E8716C1475CF}
[2011/08/10 00:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Killing Floor
[2011/08/09 21:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\DOOM 3
[2011/08/09 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\Probook\Desktop\APPz
[2011/08/09 20:48:09 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/08/09 20:48:09 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/08/09 20:47:37 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/08/09 20:47:37 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/08/09 20:47:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/09 20:47:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/09 20:47:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/09 20:47:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/09 20:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/09 20:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/09 20:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/09 20:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/09 20:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/09 20:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/09 20:47:33 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/08/09 20:47:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011/08/09 20:47:33 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/08/09 20:47:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccu32.dll
[2011/08/09 20:47:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccr32.dll
[2011/08/09 20:34:42 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{93944F0D-384A-4BCA-91DA-9CE6876A0948}
[2011/08/08 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{13D27C25-400E-45C0-85E4-8C5827A5456F}
[2011/08/08 17:50:10 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\CAPCOM
[2011/08/08 13:36:31 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{237F54F3-7634-41C2-A33A-19A073AAFCAE}
[2011/08/08 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/08 13:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/08/08 13:35:57 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{8848A19D-60C2-4ADD-BBC0-7C3D5552B19F}
[2011/08/07 23:58:13 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{46F0E6F2-34EC-4F97-9FE8-EA812F8EA521}
[2011/08/07 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{8BD16A6B-DB07-474C-889F-294D4374B7AF}
[2011/08/06 22:41:37 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{9D92C1A4-5BBD-4FAF-BC07-6AED80F64708}
[2011/08/06 22:40:49 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{43688D8E-8EA9-4AF1-92AB-ADD3A10BB377}
[2011/08/05 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{D31EF49E-9B72-4A70-B07F-20828920B7C4}
[2011/08/04 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{C19EC378-2387-4C84-9BEF-C68566BED566}
[2011/08/03 17:21:36 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{65BFCD1C-9CE0-45EF-837A-E8434C0A882E}
[2011/08/03 17:21:24 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{0B0175B9-4BB0-495C-8B26-0E8CC521674C}
[2011/08/03 16:53:25 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{5736133E-F08F-4A2A-BFFD-2603E14C68F5}
[2011/08/03 16:53:02 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{428FF654-87BF-4A1C-BDF6-10FBDE67B1B2}
[2011/08/03 14:25:03 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{89B84D63-9117-426A-940F-EF936123F58A}
[2011/08/03 14:24:40 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{71CEBA15-B5C0-453A-8C74-FEAEB9CF68D8}
[2011/08/03 14:15:20 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{08079EB4-61F3-4740-8C09-7D2A68B802FC}
[2011/08/03 14:14:01 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{BE32CA92-DCBB-46B3-A62D-1DFC4864A151}
[2011/08/02 19:48:37 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{3D7311FC-21A7-47D0-AEA1-6FCE32B1E6DA}
[2011/08/02 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{DB7B5CD6-6710-4A8B-814B-390EB222F83A}
[2011/08/02 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Roaming\Audacity
[2011/08/02 14:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/08/02 14:35:26 | 000,000,000 | ---D | C] -- C:\Users\Probook\AppData\Local\{AFA1559C-4836-4D2F-8849-7333DE3560ED}
[2011/04/11 22:19:17 | 1581,835,417 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\RagnarokOnline133.exe
[2011/04/10 11:06:46 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2010/12/31 04:39:47 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/12/31 04:39:47 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Probook\Desktop\*.tmp files -> C:\Users\Probook\Desktop\*.tmp -> ]
[1 C:\Users\Probook\AppData\Local\*.tmp files -> C:\Users\Probook\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/30 13:24:33 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 13:24:33 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 13:17:52 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 13:17:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/30 13:17:04 | 3136,741,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 13:16:37 | 000,000,000 | ---- | M] () -- C:\windows\System32\Access.dat
[2011/08/30 10:50:01 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135601794-3037352068-2172900051-1002UA.job
[2011/08/30 10:43:18 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/29 22:41:24 | 000,051,078 | ---- | M] () -- C:\Users\Probook\AppData\Roaming\room_v3.dat
[2011/08/29 18:27:38 | 000,001,048 | ---- | M] () -- C:\Users\Probook\Desktop\MSI Afterburner.lnk
[2011/08/28 15:50:00 | 000,001,034 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135601794-3037352068-2172900051-1002Core.job
[2011/08/28 11:59:34 | 000,669,346 | ---- | M] () -- C:\windows\System32\prfh0416.dat
[2011/08/28 11:59:34 | 000,621,550 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/28 11:59:34 | 000,130,476 | ---- | M] () -- C:\windows\System32\prfc0416.dat
[2011/08/28 11:59:34 | 000,108,770 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/24 01:07:07 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Play BF2 Online Now!.lnk
[2011/08/24 01:07:07 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2011/08/22 18:26:06 | 000,359,608 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/08/22 18:22:21 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/08/18 00:09:00 | 000,000,181 | ---- | M] () -- C:\Users\Probook\Desktop\DiRT 3.url
[2011/08/17 21:32:29 | 000,008,192 | ---- | M] () -- C:\Kirby Super Star (U) [!].srm
[2011/08/11 18:18:07 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/08/11 18:16:30 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/08/11 18:16:30 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/08/11 18:16:30 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/08/11 18:16:30 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/08/11 18:16:30 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/08/11 18:16:30 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/08/11 18:16:30 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/08/11 18:16:30 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/08/11 18:16:30 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/08/11 18:16:30 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/08/11 18:16:30 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/08/11 18:16:30 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/08/11 18:16:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/08/11 18:16:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/08/11 18:16:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/08/11 18:16:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/08/11 18:16:30 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/08/11 18:16:30 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/08/11 18:16:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/08/11 18:16:30 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/08/11 18:16:30 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/08/11 18:16:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/08/11 18:16:30 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/08/11 18:16:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/08/11 18:16:30 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/08/11 18:16:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/08/11 18:16:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/08/11 18:16:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/08/11 18:16:30 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/08/11 18:16:30 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/08/11 18:16:30 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/08/11 18:16:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/08/11 18:16:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/08/11 18:16:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/08/11 18:16:30 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/08/11 18:16:30 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/08/11 18:16:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/08/11 18:02:24 | 000,015,862 | ---- | M] () -- C:\windows\System32\results.xml
[2011/08/10 13:31:08 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Titan Quest.lnk
[2011/08/07 20:46:48 | 2445,932,102 | ---- | M] () -- C:\Program Files\DOOM 3 and Resurrection of Evil 1.3.1 with open coop.7z
[2011/08/04 16:13:01 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForPROBOOK-HP$.job
[2011/08/03 14:35:37 | 000,138,160 | ---- | M] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/08/03 14:35:17 | 000,271,200 | ---- | M] () -- C:\windows\System32\PnkBstrB.xtr
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Probook\Desktop\*.tmp files -> C:\Users\Probook\Desktop\*.tmp -> ]
[1 C:\Users\Probook\AppData\Local\*.tmp files -> C:\Users\Probook\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/29 18:27:38 | 000,110,592 | ---- | C] () -- C:\windows\System32\rtvcvfw32.dll
[2011/08/29 18:27:38 | 000,001,048 | ---- | C] () -- C:\Users\Probook\Desktop\MSI Afterburner.lnk
[2011/08/24 01:07:07 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Play BF2 Online Now!.lnk
[2011/08/24 01:07:07 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2011/08/22 19:10:57 | 000,000,000 | ---- | C] () -- C:\windows\System32\Access.dat
[2011/08/22 18:22:21 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/08/18 00:09:00 | 000,000,181 | ---- | C] () -- C:\Users\Probook\Desktop\DiRT 3.url
[2011/08/11 18:11:29 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/08/11 18:11:09 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/08/10 13:31:08 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Titan Quest.lnk
[2011/08/10 13:30:18 | 000,040,960 | ---- | C] () -- C:\windows\System32\psfind.dll
[2011/08/09 23:16:00 | 2445,932,102 | ---- | C] () -- C:\Program Files\DOOM 3 and Resurrection of Evil 1.3.1 with open coop.7z
[2011/08/02 14:47:39 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/06/17 00:03:49 | 000,051,078 | ---- | C] () -- C:\Users\Probook\AppData\Roaming\room_v3.dat
[2011/06/10 15:41:13 | 000,000,977 | ---- | C] () -- C:\windows\eReg.dat
[2011/06/03 19:01:30 | 000,000,000 | ---- | C] () -- C:\Users\Probook\AppData\Local\{B0D6396D-A8EE-4C75-96DD-E6FD22150FA4}
[2011/05/16 21:52:50 | 000,005,632 | ---- | C] () -- C:\Users\Probook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/10 11:43:02 | 000,105,608 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2011/04/10 11:43:00 | 000,867,020 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2011/04/10 11:18:24 | 013,356,032 | ---- | C] () -- C:\windows\System32\ig4icd32.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/04/08 08:28:58 | 000,041,872 | ---- | C] () -- C:\windows\System32\xfcodec.dll
[2011/03/28 22:28:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\0CAF7CE356.sys
[2011/03/27 23:41:44 | 000,041,974 | ---- | C] () -- C:\Users\Probook\AppData\Roaming\room.dat
[2011/03/25 16:33:58 | 000,002,672 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/08 21:42:55 | 000,138,160 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/03/08 21:42:55 | 000,022,328 | ---- | C] () -- C:\Users\Probook\AppData\Roaming\PnkBstrK.sys
[2011/03/08 21:42:33 | 000,271,200 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/03/08 21:42:28 | 000,075,136 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/03/08 21:42:27 | 000,000,319 | ---- | C] () -- C:\windows\game.ini
[2011/03/06 21:45:46 | 000,128,204 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2011/03/06 21:07:58 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2010/12/31 04:43:32 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/12/31 04:39:47 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/12/31 04:39:47 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/12/31 04:39:47 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/12/31 04:39:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/04 22:02:51 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/09/04 21:54:36 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdcbaii.sys
[2010/09/04 21:48:59 | 000,000,180 | ---- | C] () -- C:\windows\System32\HP Documentation.ini
[2010/09/04 21:31:42 | 000,669,346 | ---- | C] () -- C:\windows\System32\prfh0416.dat
[2010/09/04 21:31:42 | 000,323,154 | ---- | C] () -- C:\windows\System32\prfi0416.dat
[2010/09/04 21:31:42 | 000,130,476 | ---- | C] () -- C:\windows\System32\prfc0416.dat
[2010/09/04 21:31:42 | 000,038,536 | ---- | C] () -- C:\windows\System32\prfd0416.dat
[2010/09/04 21:27:43 | 000,000,197 | ---- | C] () -- C:\windows\System32\HPWA.ini
[2010/09/04 21:21:21 | 000,000,192 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/02/20 00:32:46 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/02/11 17:47:04 | 000,636,176 | ---- | C] () -- C:\windows\System32\SUPSDK.dll
[2010/02/11 17:46:52 | 000,050,448 | ---- | C] () -- C:\windows\System32\ExpSnapShotAPI.dll
[2010/02/01 17:11:22 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2010/01/20 18:56:24 | 007,488,032 | ---- | C] () -- C:\windows\System32\CogentData1.dat
[2010/01/20 18:56:22 | 000,002,432 | ---- | C] () -- C:\windows\System32\CogentData2.dat
[2009/12/14 19:26:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2009/11/24 17:55:38 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2009/11/24 17:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2009/11/24 17:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2009/11/17 18:39:36 | 000,329,272 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2009/09/29 19:25:16 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 01:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 01:33:53 | 000,359,608 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 23:05:48 | 000,621,550 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 23:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 23:05:48 | 000,108,770 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 23:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 23:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 23:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 21:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/13 20:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 19:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 19:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 19:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 19:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll

========== LOP Check ==========

[2011/05/12 02:42:32 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\.minecraft
[2011/08/08 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\Audacity
[2011/05/14 11:21:23 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\Canneverbe Limited
[2011/03/14 23:54:06 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\DAEMON Tools Lite
[2011/05/06 13:19:44 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\Dev-Cpp
[2011/03/04 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\DigitalPersona
[2011/08/30 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\foobar2000
[2011/04/27 16:32:39 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\HipppenSim_Viewer
[2011/08/23 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\Tunngle
[2011/08/30 13:36:24 | 000,000,000 | ---D | M] -- C:\Users\Probook\AppData\Roaming\uTorrent
[2011/07/19 09:04:21 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:302A9871
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:16C07ED2

< End of report >

Nao foi genrado o extras.txt o_o? tem algo errado?

 

[ewerton77]

eu sou novo no forum e eu estou com um problema toda vez que inicia o windows e aparece a area de trabalho meu pc trava!
esta aqui o log do OTL

OTL.txt


OTL logfile created on: 30/8/2011 15:40:59 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Particular\Meus documento\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

511,48 Mb Total Physical Memory | 104,21 Mb Available Physical Memory | 20,37% Memory free
1,22 Gb Paging File | 0,76 Gb Available in Paging File | 62,46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 48,36 Gb Free Space | 64,89% Space Free | Partition Type: NTFS

Computer Name: TC-345448F62652 | User Name: Particular | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/30 15:16:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Particular\Meus documento\Downloads\OTL.exe
PRC - [2011/08/30 08:39:53 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/30 08:39:40 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/17 06:49:18 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
PRC - [2011/07/04 08:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
PRC - [2004/08/04 00:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 07:28:21 | 001,383,936 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11090100\algo.dll
MOD - [2011/08/30 17:05:05 | 000,208,544 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11090100\aswRep.dll
MOD - [2011/08/30 08:42:29 | 000,430,568 | ---- | M] () -- C:\Arquivos de programas\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/08/30 08:42:03 | 000,589,184 | ---- | M] () -- C:\Arquivos de programas\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/08/30 08:38:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/08/28 16:51:28 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
MOD - [2011/08/19 09:36:58 | 004,425,040 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
MOD - [2011/08/19 09:36:43 | 000,316,752 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
MOD - [2011/08/19 09:36:34 | 000,263,504 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
MOD - [2011/08/19 09:36:33 | 000,394,576 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
MOD - [2011/08/19 09:36:33 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
MOD - [2011/08/19 09:36:32 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
MOD - [2011/08/19 09:36:31 | 000,349,520 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
MOD - [2011/08/19 09:36:31 | 000,300,368 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
MOD - [2011/08/19 09:36:30 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
MOD - [2011/08/19 09:36:29 | 000,443,728 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
MOD - [2011/08/19 09:36:29 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
MOD - [2011/08/19 09:36:28 | 000,193,872 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/08/19 09:36:27 | 000,292,176 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
MOD - [2011/08/19 09:36:26 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/08/19 09:36:25 | 000,963,920 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
MOD - [2011/08/19 09:36:25 | 000,202,064 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
MOD - [2011/08/18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Arquivos de programas\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/08/17 06:49:17 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.215\ppgooglenaclpluginchrome.dll
MOD - [2011/08/17 06:49:15 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.215\pdf.dll
MOD - [2011/08/17 06:48:48 | 000,329,784 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.215\Locales\pt-BR.dll
MOD - [2011/08/17 06:47:49 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.215\avutil-50.dll
MOD - [2011/08/17 06:47:48 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.215\avformat-52.dll
MOD - [2011/08/17 06:47:47 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.215\avcodec-52.dll
MOD - [2009/06/10 21:08:46 | 000,140,800 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll
MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB
MOD - [2007/11/06 20:00:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (npggsvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/30 08:39:40 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/01/15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Arquivos de programas\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/07/12 07:53:48 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\apf001.sys -- (apf001)
DRV - [2011/07/04 08:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 08:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 08:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 08:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 08:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 08:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 08:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/22 16:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2008/08/06 11:45:14 | 004,122,112 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/02 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-484763869-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.perumvp.com
IE - HKU\S-1-5-21-484763869-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/08/29 09:54:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - Reg Error: Value error. File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-484763869-287218729-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-484763869-287218729-839522115-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Particular\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Particular\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.73.116.204 201.73.116.204 201.73.116.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9802DB-6B58-4C55-9E90-8D4AFECDA6A1}: DhcpNameServer = 201.73.116.204 201.73.116.204 201.73.116.204
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/04 11:37:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/29 07:32:51 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 08:43:06 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/30 08:19:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Particular\Recent
[2011/08/30 08:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Meus documento\spore trainer
[2011/08/30 07:30:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/30 07:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Lavasoft
[2011/08/30 07:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
[2011/08/30 07:29:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Lavasoft
[2011/08/30 07:12:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Spyware detector
[2011/08/30 07:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Dados de aplicativos\GetRightToGo
[2011/08/30 06:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Arovax
[2011/08/30 06:00:10 | 006,827,974 | ---- | C] (Virus Secure Lab ) -- C:\Documents and Settings\Particular\Meus documento\VirusEffectRemover_3.2.2.26-Setup.exe
[2011/08/29 14:36:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/29 11:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Meus documento\Simply Super Software
[2011/08/29 11:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Dados de aplicativos\Simply Super Software
[2011/08/29 11:31:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/29 09:45:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/29 09:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/29 07:32:51 | 000,000,000 | R--D | C] -- C:\comment.htt
[2011/08/29 07:32:50 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/08/29 07:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Meus documento\RegRun2
[2011/08/29 07:24:59 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\UnHackMe
[2011/08/29 06:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Dados de aplicativos\Malwarebytes
[2011/08/29 06:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2011/08/29 02:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Dados de aplicativos\TuneUp Software
[2011/08/29 02:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software
[2011/08/29 02:31:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/08/29 01:54:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Cia. do Software
[2011/08/28 06:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\CCleaner
[2011/08/28 06:37:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner
[2011/08/27 22:24:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\x MsnMsgs.Msi
[2011/08/27 22:06:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\ShellNew
[2011/08/26 19:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Dados de aplicativos\PE Explorer
[2011/08/25 17:58:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\System Protect
[2011/08/23 04:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IKRCMV
[2011/08/22 14:04:37 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft
[2011/08/22 14:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Windows Live
[2011/08/20 12:15:31 | 000,000,000 | R--D | C] -- C:\AHCache
[2011/08/20 12:02:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/17 06:15:08 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2011/08/17 06:15:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011/08/11 14:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Particular\Meus documento\My DAP Downloads
[2011/08/11 09:42:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GC
[2011/08/08 19:43:34 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Client MuTron
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\*.tmp files -> C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/30 15:42:09 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/30 14:53:19 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 14:43:57 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 14:43:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/30 08:43:06 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/30 07:30:09 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/08/29 14:48:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/29 09:54:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/29 08:27:37 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/08/29 07:25:20 | 000,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/29 07:25:20 | 000,000,515 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/08/29 07:25:20 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2011/08/28 06:37:16 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/27 15:59:33 | 000,000,468 | RHS- | M] () -- C:\Documents and Settings\Particular\ntuser.pol
[2011/08/26 00:06:30 | 000,896,512 | ---- | M] () -- C:\WINDOWS\MachineCore2.dll
[2011/08/26 00:06:30 | 000,555,008 | ---- | M] () -- C:\WINDOWS\PCheatsTrainer.exe
[2011/08/26 00:06:29 | 000,931,840 | ---- | M] () -- C:\WINDOWS\MachineCore.dll
[2011/08/25 23:37:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/24 18:49:20 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Particular\Meus documento\Desktop\Google Chrome.lnk
[2011/08/24 04:54:43 | 000,000,054 | ---- | M] () -- C:\WINDOWS\refresh.scf
[2011/08/22 14:05:02 | 000,001,871 | ---- | M] () -- C:\Documents and Settings\Particular\Meus documento\Desktop\Windows Live Messenger .lnk
[2011/08/21 15:28:46 | 000,777,407 | ---- | M] () -- C:\Documents and Settings\Particular\Meus documento\galeria1_1024x768_tcm305-173993.jpg
[2011/08/21 15:28:35 | 000,564,787 | ---- | M] () -- C:\Documents and Settings\Particular\Meus documento\galeria2_1024x768_tcm305-173995.jpg
[2011/08/20 11:48:15 | 000,000,088 | ---- | M] () -- C:\pdfinfo.ini
[2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/18 07:25:37 | 001,395,200 | ---- | M] () -- C:\CoreDLL.dll
[2011/08/17 06:15:08 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2011/08/17 06:15:06 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011/08/16 17:38:34 | 000,000,141 | ---- | M] () -- C:\Documents and Settings\Particular\default.pls
[2011/08/16 17:38:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/11 14:15:13 | 000,010,752 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/08/10 17:54:32 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/08 18:46:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\*.tmp files -> C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/30 07:30:19 | 000,000,518 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/30 07:30:09 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/08/29 09:45:42 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/08/29 09:45:41 | 000,261,856 | RHS- | C] () -- C:\cmldr
[2011/08/29 07:25:20 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2011/08/28 06:37:16 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/27 15:59:33 | 000,000,468 | RHS- | C] () -- C:\Documents and Settings\Particular\ntuser.pol
[2011/08/25 23:37:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/24 04:54:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\refresh.scf
[2011/08/22 15:20:59 | 000,001,871 | ---- | C] () -- C:\Documents and Settings\Particular\Meus documento\Desktop\Windows Live Messenger .lnk
[2011/08/21 15:28:47 | 000,777,407 | ---- | C] () -- C:\Documents and Settings\Particular\Meus documento\galeria1_1024x768_tcm305-173993.jpg
[2011/08/21 15:28:42 | 000,564,787 | ---- | C] () -- C:\Documents and Settings\Particular\Meus documento\galeria2_1024x768_tcm305-173995.jpg
[2011/08/20 11:48:01 | 000,000,088 | ---- | C] () -- C:\pdfinfo.ini
[2011/08/18 06:28:47 | 001,395,200 | ---- | C] () -- C:\CoreDLL.dll
[2011/08/11 14:15:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/07/24 11:00:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\{2FE0FE1E-A85E-43CB-9811-B91DCFAC8D6E}
[2011/07/20 10:24:41 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011/07/20 10:10:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011/07/20 09:47:54 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/07/20 09:47:54 | 000,090,784 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/07/12 07:53:48 | 000,012,920 | ---- | C] () -- C:\WINDOWS\System32\apl001.sys
[2011/07/12 07:53:48 | 000,010,872 | ---- | C] () -- C:\WINDOWS\System32\apf001.sys
[2011/05/28 22:13:16 | 001,545,799 | ---- | C] () -- C:\WINDOWS\System32\CyruxCrypter.exe
[2011/03/15 18:55:37 | 000,555,008 | ---- | C] () -- C:\WINDOWS\PCheatsTrainer.exe
[2011/02/09 18:02:23 | 000,896,512 | ---- | C] () -- C:\WINDOWS\MachineCore2.dll
[2010/12/30 07:21:38 | 000,931,840 | ---- | C] () -- C:\WINDOWS\MachineCore.dll
[2010/11/14 07:50:32 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/09/18 08:36:01 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/06 15:37:12 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/09/06 08:38:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/04 12:05:14 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/09/04 12:03:27 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/04 12:03:20 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/04 12:03:20 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/04 12:03:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/09/04 12:03:18 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/04 11:56:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/09/04 11:39:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/04 11:34:03 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/04 08:24:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/04 08:23:23 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/06 20:00:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 20:00:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/06 20:00:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/06 20:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/06 20:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/06 20:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/06 20:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/06 20:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/06 20:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 00:57:52 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 00:45:34 | 000,022,040 | -H-- | C] () -- C:\Documents and Settings\Particular\Dados de aplicativos\wupdmgr.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/10/28 12:07:18 | 000,347,294 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2001/10/28 12:07:18 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/10/28 12:07:18 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2001/10/28 12:07:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/10/28 12:07:18 | 000,049,586 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2001/10/28 12:07:18 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/10/28 12:07:18 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2001/10/28 12:07:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/10/28 12:07:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/10/28 12:06:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/10/28 12:06:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/10/28 12:06:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/09/04 12:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software
[2011/08/30 06:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Arovax
[2011/08/29 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IObit
[2011/08/11 14:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit
[2011/08/29 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2011/08/29 03:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software
[2010/12/24 17:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft
[2011/08/29 02:31:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/07/15 19:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\BabylonToolbar
[2011/07/22 09:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\BITS
[2011/07/20 10:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\FlashGet
[2011/07/20 10:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\FlashGetBHO
[2011/08/30 07:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\GetRightToGo
[2011/07/19 17:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\GrabPro
[2011/03/31 09:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\Leadertech
[2010/09/19 11:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\Off Road
[2011/07/20 09:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\Orbit
[2011/08/26 19:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\PE Explorer
[2011/07/19 17:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\ProgSense
[2011/08/29 11:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\Simply Super Software
[2011/07/30 18:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\Solveig Multimedia
[2011/07/08 14:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\SPORE
[2010/12/03 07:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\TeamViewer
[2011/08/29 02:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Particular\Dados de aplicativos\TuneUp Software
[2011/08/30 15:42:09 | 000,000,518 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 786648 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:CB0AACC9
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:E115633A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6D8FA4A2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:553CA6CA

< End of report >

me ajudem por favor

 

[Carlos MEP]

Olá meu amigo Mr.Wolf, como estas?? Qto tempo em??

Lembra que me ajudou com um problemão aki em minha loja?? e dez de aquela vez eu nao tive mais nenhum problema, ate ontem. Gostaria que me ajudasse numa coisa que to enfrentando no meu pc.

Ele ta dando direto tela azul e aparecendo umas janelinhas popup de propaganda de carro e essas coisas. O windows explore ta fechando e dando crash do nada, sem contar do explorer.exe que tb ta dando erro e eu nao consigo fazer nada no pc.

Tentei usar o Otl e o Hijackthis mais nenhum deles abriu, deu um erro. Tentei entao o Combofix e tb nao rodou. To achando sinceramente que é um virus dos brabos.

Vc poderia me ajudar mais uma vez nessa meu querido?? Dar uma luz do que eu posso fazer?? porq to sem opçao e realmente nao sei do que se trata esse grande problema. O pc compartilha net com outros 2 pcs aqui da loja e to preocupado se ele espalhar pros outros 2. Por isso desconectei esse pc da rede mais ele nao pode ficar mto tempo assim porq uso pra fazer os cadastros dos clientes.

Dez de ja agradeço de coração. Um grande abraço Mr.Wolf
Carlos

 

[Mr.Wolf]

Carlos MEP

O antivirus do computador também não está executando?

Estes são alguns dos sinais clássicos de infecção do adware vundo ou do beagle - ou até de ambos. De qualquer forma, sem um log fica difícil dar um parecer conclusivo. Estou apenas presumindo!

Vou sugerir duas coisas:

Baixe o VundoFix e utilize-o conforme estas instruções.
Baixe o FxBeagle e rode-o conforme estas instruções.

Primeiro use o VundoFix em modo de segurança. Posteriormente o FxBeagle também em modo seguro. Observe se estas ferramentas identificarão e removerão algo.

Depois disso veja se consegue executar o HijackThis ou o OTL, de preferência.

 

[carolgsn]

Olá Mr. Wolf!!!

Bom te ver de volta!!!!
Estou com alguns problemas no meu note... PReciso mtu da sua ajuda..
São os seguintes problemas:
- Meu antivirus (Microsoft Security) deu um erro e não reinstala, nem desinstala, de jeito nenhum...
- O I. Banking do BB bloqueou os acessos por acusar virus
- E fui desinstalar o Office esta semana, e ele deu erro, mas não sei se tem alguma coisa a ver...

Segue os logs...

OTL.Txt

Spoiler

OTL logfile created on: 05/09/2011 15:49:51 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Carol\Desktop
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,64% Memory free
3,98 Gb Paging File | 2,38 Gb Available in Paging File | 59,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,89 Gb Total Space | 33,83 Gb Free Space | 27,53% Space Free | Partition Type: NTFS
Drive D: | 107,42 Gb Total Space | 6,19 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Drive E: | 137,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 3,73 Gb Total Space | 3,47 Gb Free Space | 92,96% Space Free | Partition Type: FAT32

Computer Name: CAROL-PC | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 15:49:19 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL.exe
PRC - [2011/07/05 22:32:12 | 013,283,456 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\Nexus.exe
PRC - [2011/06/24 01:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/16 15:21:06 | 001,500,160 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2011/06/08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/03/31 14:38:26 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/03/21 13:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/03/02 21:16:31 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 18:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\WsxService.exe
PRC - [2011/01/20 06:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/12 17:40:12 | 000,054,728 | ---- | M] ( ) -- C:\Program Files\GbPlugin\GbpSv.exe
PRC - [2010/11/20 09:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/05/20 11:53:02 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/15 18:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/15 00:14:40 | 000,180,224 | ---- | M] () -- C:\Users\Carol\Downloads\IsoPuzzle.exe
PRC - [2007/10/25 13:31:20 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 09:28:23 | 000,400,440 | ---- | M] () -- C:\Users\Carol\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
MOD - [2011/09/03 09:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Carol\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 09:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Carol\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 09:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Carol\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 09:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Carol\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 07:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Carol\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/09/03 07:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Carol\AppData\Local\Google\Chrome\APPLIC~1\130782~1.220\gcswf32.dll
MOD - [2011/04/07 16:43:24 | 008,191,488 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2011/04/07 16:43:22 | 002,296,320 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2011/03/02 11:11:33 | 000,390,656 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/03/02 11:11:22 | 000,370,688 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2011/03/02 11:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detoured.dll
MOD - [2011/02/22 20:13:22 | 000,022,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2011/02/22 20:12:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2011/02/22 17:39:06 | 000,276,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2011/02/22 17:07:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2010/03/15 10:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/01/15 00:14:40 | 000,180,224 | ---- | M] () -- C:\Users\Carol\Downloads\IsoPuzzle.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/02 21:16:31 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/02/11 18:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2011/01/25 11:39:03 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/01/20 13:18:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/12 17:40:12 | 000,054,728 | ---- | M] ( ) [Unknown | Running] -- C:\Program Files\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2010/11/11 11:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/01/28 17:29:24 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/28 16:30:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/01/12 17:41:20 | 000,046,664 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/17 21:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/10/24 20:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 20:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/07 22:14:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/08/11 19:45:48 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/08/11 19:45:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/08/11 19:45:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2008/11/12 16:57:24 | 000,103,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/15 18:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/26 20:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/15 21:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 DD 20 61 11 BF CB 01 [binary data]
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.poony.info/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carol\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carol\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carol\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/12 21:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/20 18:56:54 | 000,000,000 | ---D | M]

[2011/02/03 09:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions
[2011/02/03 09:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Firefox\Profiles\hbga0c0l.default\extensions
[2011/08/18 21:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 11:06:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/01 23:29:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/29 10:05:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/08 04:50:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011/08/16 10:59:05 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O3 - HKU\S-1-5-21-1708738930-535325222-2100394184-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1708738930-535325222-2100394184-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1708738930-535325222-2100394184-1000..\Run: [Facebook Update] C:\Users\Carol\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1708738930-535325222-2100394184-1000..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKU\S-1-5-21-1708738930-535325222-2100394184-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Baixar com Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65454232-2731-4156-A3FF-9B0001A16592}: DhcpNameServer = 189.6.0.137 189.6.0.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48841A4-52E0-41E4-8F04-4443B3D20B41}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-1708738930-535325222-2100394184-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Program Files\GbPlugin\gbiehCef.dll - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a222033c-610a-11e0-bc33-00234eb687cd}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 15:49:12 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL.exe
[2011/09/05 12:24:47 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{3579E6EF-BAE4-4A39-9A1A-C36A81A64F3C}
[2011/09/05 12:24:26 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{77B5D60B-1663-4495-8052-8328FBD14FC1}
[2011/09/04 14:28:02 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{50B35BCA-A305-4DCA-9867-2A80C3F4A3EC}
[2011/09/04 14:27:48 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{645E5A55-CD1C-466A-93FD-78CFEC5C7919}
[2011/09/04 00:18:24 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\Mipony
[2011/09/03 11:31:33 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{81303CCB-264D-470D-9EB1-5D9269BF6F16}
[2011/09/03 11:31:20 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{A6BB4452-EC44-4A80-9C85-6AE53CFAA0BB}
[2011/09/02 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{DB7F58B6-719C-4E91-8E65-57C353110D63}
[2011/09/02 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{F888D66E-CF4E-43A2-8202-E68D7A050B2A}
[2011/09/01 20:07:57 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{1A9B7440-B6C5-46A2-8B2F-14338B78C393}
[2011/09/01 20:07:44 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{CCA1E7AC-26B8-48DB-A5F1-6AC8B52C23C9}
[2011/08/31 22:39:02 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Office 2007
[2011/08/31 22:38:21 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Office 2010 x86 Pt-Br
[2011/08/31 22:38:07 | 001,526,272 | ---- | C] (Open Source Code Inc.) -- C:\Users\Carol\Desktop\Ativador W 7.exe
[2011/08/31 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\fotos
[2011/08/31 12:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite
[2011/08/31 12:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/08/31 12:21:04 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\Meus arquivos recebidos
[2011/08/31 11:30:49 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{CFF2AB04-8956-4610-8842-2146A519CDA9}
[2011/08/31 11:30:36 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{EFB4033E-09F3-4AEA-85D5-ED40B5D696E8}
[2011/08/29 11:30:10 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Site Sollum
[2011/08/29 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Tomb
[2011/08/29 10:59:54 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Musicas
[2011/08/29 08:03:52 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{1E900256-948D-4A0A-A02A-CB3D764DE1C6}
[2011/08/29 08:03:41 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{72FBBE02-CB7D-4CB0-A8D3-7CCA0E3B4606}
[2011/08/26 16:54:34 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{181B8DB1-F64C-48BA-BFDF-04723459D093}
[2011/08/26 16:54:21 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{5EC34157-B876-42A1-95C6-4A3FD88A3A35}
[2011/08/25 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{5FDE6B08-F52F-4A22-9D21-647173C964B6}
[2011/08/25 16:25:15 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{F6DD1281-5237-4C9C-B7BA-9B278EF0AFC4}
[2011/08/24 13:30:58 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{E5627224-FEF9-49BD-83C3-F4954BD328F2}
[2011/08/24 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{B3DFBA82-53A6-4426-B86D-F7CCA78191D0}
[2011/08/22 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{8A2CBD5E-F273-4350-BA7F-A2A350FDED92}
[2011/08/22 13:26:10 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{0376D2C6-44F2-44AE-AA58-5224A7B737DA}
[2011/08/20 21:12:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/08/20 17:19:53 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\Facebook
[2011/08/20 14:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/20 14:43:47 | 000,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/20 14:43:45 | 000,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/20 14:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/20 11:49:08 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{9B3B4B62-4EDB-4C87-A1DB-AEF85AC5F137}
[2011/08/20 11:48:55 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{6FBC2EB4-6AC3-4192-83DC-75E383B8F5DC}
[2011/08/19 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{3F79E1E7-38B2-45C2-A83B-A59F33542AC7}
[2011/08/19 13:19:59 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{13EED7E7-FE4C-4A09-820E-989DA91A59A3}
[2011/08/18 21:54:48 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{4D638648-9C4A-47E3-B885-EDAF0E767B3F}
[2011/08/18 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{A2B58C0A-6FF5-4138-98D3-83E3A0D3AE5B}
[2011/08/18 21:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/18 10:13:10 | 000,000,000 | ---D | C] -- C:\Users\Carol\Application Data
[2011/08/18 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{F239C80C-8D3A-4858-AAD5-798E5BE9959F}
[2011/08/18 09:54:08 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{808F3D22-D4C2-410A-850D-EE7B251410F0}
[2011/08/17 21:53:39 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{1F61B4EC-5F65-4B8E-92F2-191582BCEB31}
[2011/08/17 21:53:26 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{07FEFFED-55A0-42B3-BF2E-6F11ECB9B9F1}
[2011/08/16 22:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/08/16 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/08/16 22:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/08/16 22:05:21 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\NCH Software
[2011/08/16 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{DA79358A-9B6E-4274-BBD2-D9E8F5AE6361}
[2011/08/16 12:10:51 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{01B86878-3A75-467F-85AA-9ACE163B4087}
[2011/08/16 10:58:00 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2011/08/16 10:53:34 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/08/15 16:24:13 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{11B079C9-2F5C-440E-AD0B-87A7C35079A4}
[2011/08/15 16:24:00 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{476FB3A2-2FA6-45B2-A59D-40E63FAC50BC}
[2011/08/12 20:12:58 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/08/12 20:12:57 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/08/12 20:12:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/08/12 20:12:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/08/12 20:12:56 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/08/12 20:12:56 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/08/12 20:12:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/08/12 20:12:56 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/08/12 20:12:56 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_2.dll
[2011/08/12 20:12:55 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/08/12 20:12:55 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/08/12 20:12:54 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/08/12 20:12:54 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/08/12 20:12:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/08/12 20:12:53 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/08/12 20:12:51 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/08/12 20:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos
[2011/08/12 19:59:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GameShadow
[2011/08/12 19:58:00 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\GameShadow
[2011/08/12 19:57:04 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\Downloaded Installations
[2011/08/12 10:16:29 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{E224F3E0-DC94-472B-B792-F91009D8706B}
[2011/08/12 10:16:08 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{75DF8E0A-4E02-4495-B5A0-7BD233E0D4C1}
[2011/08/11 21:07:59 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{BC30F933-AEB0-49DC-839D-4A2EE9A7AA44}
[2011/08/11 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{8E7B7C9A-6598-4B38-8540-323E3C9E6CDC}
[2011/08/11 20:04:07 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{B8558266-F6E3-444A-9A2A-106BAF26BEE6}
[2011/08/11 20:03:54 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{3701B921-803F-4F9A-9FF6-0B43B82F119D}
[2011/08/09 20:18:04 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{EB61C61F-7945-4FEB-8B29-2E990016E55A}
[2011/08/09 19:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2011/08/09 19:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2011/08/09 19:47:08 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011/08/09 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/08/09 16:55:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/09 16:55:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/09 16:55:03 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/09 16:55:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/09 16:55:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/09 16:44:19 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/09 16:44:17 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/09 16:43:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/09 16:43:57 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/09 16:43:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/09 16:43:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/09 16:43:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/09 16:43:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/09 16:43:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/09 16:43:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/09 16:43:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/09 16:43:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/09 16:43:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/09 16:43:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/09 16:43:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/09 16:43:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/09 16:43:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/09 16:43:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/09 16:43:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/09 16:43:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/09 16:43:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/09 16:43:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/09 16:43:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/09 16:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/09 16:43:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/09 16:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/09 16:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/09 16:43:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/09 16:43:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/09 16:43:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/09 16:43:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/09 16:43:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/09 16:43:49 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/09 16:43:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/09 16:43:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/09 16:43:48 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/09 16:43:48 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/07 19:43:34 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2011/08/07 19:43:34 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2011/08/07 19:43:33 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2011/08/07 19:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/01/20 13:12:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Carol\AppData\Roaming\pcouffin.sys
[1 C:\Users\Carol\Desktop\*.tmp files -> C:\Users\Carol\Desktop\*.tmp -> ]
[1 C:\Users\Carol\AppData\Local\*.tmp files -> C:\Users\Carol\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 15:49:19 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL.exe
[2011/09/05 15:40:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/05 15:03:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000UA.job
[2011/09/05 15:02:11 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/05 14:25:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000UA.job
[2011/09/05 13:44:26 | 000,713,504 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2011/09/05 13:44:26 | 000,665,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/05 13:44:26 | 000,147,628 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2011/09/05 13:44:26 | 000,125,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/05 12:30:31 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 12:30:31 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 12:24:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/05 12:24:14 | 001,793,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/05 12:23:31 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/05 12:23:31 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011/09/05 12:23:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/05 12:22:43 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 22:51:10 | 707,733,504 | ---- | M] () -- C:\Users\Carol\Desktop\FOTOS.iso
[2011/09/04 22:51:10 | 000,043,256 | ---- | M] () -- C:\Users\Carol\Desktop\FOTOS.flg
[2011/09/04 17:25:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000Core.job
[2011/09/04 17:03:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000Core.job
[2011/08/31 13:17:59 | 000,001,721 | ---- | M] () -- C:\Users\Carol\Desktop\Tunatic.lnk
[2011/08/16 11:01:52 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/16 10:19:30 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Users\Carol\Desktop\*.tmp files -> C:\Users\Carol\Desktop\*.tmp -> ]
[1 C:\Users\Carol\AppData\Local\*.tmp files -> C:\Users\Carol\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 15:48:50 | 001,402,880 | ---- | C] () -- C:\Users\Carol\Desktop\HiJackThis.msi
[2011/09/01 21:12:10 | 707,733,504 | ---- | C] () -- C:\Users\Carol\Desktop\FOTOS.iso
[2011/09/01 21:12:10 | 000,043,256 | ---- | C] () -- C:\Users\Carol\Desktop\FOTOS.flg
[2011/08/31 22:38:08 | 002,287,061 | ---- | C] () -- C:\Users\Carol\Desktop\Ativador do Office 2010.rar
[2011/08/31 13:17:59 | 000,001,721 | ---- | C] () -- C:\Users\Carol\Desktop\Tunatic.lnk
[2011/08/20 17:20:03 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000UA.job
[2011/08/20 17:20:02 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000Core.job
[2011/08/16 22:05:27 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/08/07 19:43:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/06/14 10:24:37 | 000,000,000 | ---- | C] () -- C:\Users\Carol\AppData\Local\{2210792A-1E87-41F4-A10D-3AFE185BFB34}
[2011/04/07 09:06:57 | 000,000,320 | ---- | C] () -- C:\Users\Carol\AppData\Local\FSCache.dat
[2011/02/23 19:24:18 | 000,009,216 | ---- | C] () -- C:\Users\Carol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/27 09:41:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/25 11:39:52 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/01/20 15:03:53 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/20 14:11:28 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/20 13:33:03 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/01/20 13:12:47 | 000,001,173 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\vso_ts_preview.xml
[2011/01/20 13:12:11 | 000,087,608 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\inst.exe
[2011/01/20 13:12:11 | 000,007,887 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\pcouffin.cat
[2011/01/20 13:12:11 | 000,001,144 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\pcouffin.inf
[2011/01/20 12:51:43 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/20 12:51:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/01/20 12:51:39 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/20 12:51:39 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/20 12:51:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/23 18:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/14 05:31:12 | 000,713,504 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 05:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 05:31:12 | 000,147,628 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 05:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 01:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 01:33:53 | 001,793,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 23:05:48 | 000,665,708 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 23:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 23:05:48 | 000,125,922 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 23:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 23:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 23:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/07 08:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009/05/19 22:01:14 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== LOP Check ==========

[2011/09/03 23:25:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\DAEMON Tools Lite
[2011/01/20 12:45:29 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Foxit
[2011/01/24 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Foxit Software
[2011/05/10 20:30:01 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\IObit
[2011/09/04 19:09:24 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Mipony
[2011/03/02 21:16:48 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Netscape
[2011/06/24 08:22:45 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Nokia
[2011/06/24 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PC Suite
[2011/01/24 10:56:04 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PCDr
[2011/03/02 21:15:12 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Photodex
[2011/02/03 22:05:22 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PhotoScape
[2011/07/04 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\uTorrent
[2011/08/03 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Vso
[2011/09/05 12:23:31 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2011/09/04 17:25:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000Core.job
[2011/09/05 14:25:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1708738930-535325222-2100394184-1000UA.job
[2011/08/16 10:19:30 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/07/04 12:36:30 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/05 15:02:11 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Windows:C1CFF2BC59E4F883
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:58BF76D3_Cef.gbp
@Alternate Data Stream - 158 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >

Extras.Txt

Spoiler

OTL Extras logfile created on: 05/09/2011 15:49:52 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Carol\Desktop
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,64% Memory free
3,98 Gb Paging File | 2,38 Gb Available in Paging File | 59,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,89 Gb Total Space | 33,83 Gb Free Space | 27,53% Space Free | Partition Type: NTFS
Drive D: | 107,42 Gb Total Space | 6,19 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Drive E: | 137,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 3,73 Gb Total Space | 3,47 Gb Free Space | 92,96% Space Free | Partition Type: FAT32

Computer Name: CAROL-PC | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{498B4BF1-AD73-4AA8-99EB-18D400E42482}" = Novo Dicionário Aurélio
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7A3985-3D9B-4420-AC85-F9FF8DB2170C}" = Microsoft SQL Server Management Studio Express
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.2.137
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client PT-BR Language Pack
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Vivo 3G
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FCB2876-554D-491D-A2CD-58F8252D6C64}" = Ink
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301046}" = Nero 7 Premium
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40C0608-033D-43A7-B4D7-B0EE493F938C}" = Microsoft Antimalware Service PT-BR Language Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E29D8938-2E48-498C-832D-9663DCABD55F}" = Visual Basic for Applications (R) Core - Portuguese (Brazil)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F43867C9-68FD-46C7-B0AF-214356305B5E}" = Microsoft SQL Server Management Studio Express
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AnyDVD" = AnyDVD
"aTube Catcher" = aTube Catcher
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Support Center" = Dell Support Center
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Foxit Reader" = Foxit Reader
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mep Aricanduva_mp1" = Mep Installer versão 2.1.3
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Ferramentas do Visual Studio 2005 para Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiPony" = MiPony 1.4.0
"Mozilla Firefox 5.0.1 (x86 pt-BR)" = Mozilla Firefox 5.0.1 (x86 pt-BR)
"MV RegClean 6.0_is1" = MV RegClean 6.0
"nLite_is1" = nLite 1.4.9.1
"Nokia PC Suite" = Nokia PC Suite
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"ProShow Producer" = ProShow Producer
"Switch" = Switch Sound File Converter
"Tunatic" = Tunatic
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"Winstep Xtreme_is1" = Nexus 11.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708738930-535325222-2100394184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f00321fcc1112b93" = Humanizar
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Desde já Agradeço a ajuda!!!!

 

[Carlos MEP]

Carlos MEP

O antivirus do computador também não está executando?

Estes são alguns dos sinais clássicos de infecção do adware vundo ou do beagle - ou até de ambos. De qualquer forma, sem um log fica difícil dar um parecer conclusivo. Estou apenas presumindo!

Vou sugerir duas coisas:

Baixe o VundoFix e utilize-o conforme estas instruções.
Baixe o FxBeagle e rode-o conforme estas instruções.

Primeiro use o VundoFix em modo de segurança. Posteriormente o FxBeagle também em modo seguro. Observe se estas ferramentas identificarão e removerão algo.

Depois disso veja se consegue executar o HijackThis ou o OTL, de preferência.

Olá Mr.Wolf boa tarde meu amigo

Como sempre impecavel em seus posts. O FxBeagle nao identificou nada e deu um erro na hora de fechar. O VundoFix deu erro na primeira tentativa depois na segunda foi normal e pegou um monte de arquivos aki, são virus?? Eu cliquei em Fix como dizia la nas instruções que vossa pessoa me passou e o pc reiniciou.

Depois que terminou de reiniciar o micro ja melhorou bastante e consegui aki rodar o Hijackthis finalmente. Segue o relatorio do programa na integra.

Qto a sua pergunta sobre o Anti-virus ele ta normal, executando normalmente. Eu fiz o escan com ele mais ele nao pegou nada. Por isso resolvi tentar o Hijackthis, Otl e Combofix. Nos usamos o Panda Security 2010 em todos os pcs aki da loja. Vc acha que devemos trocar por outro??

Mto obrigado Mr.Wolf.

Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27:14, on 05/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\ARQUIVOS DE PROGRAMAS\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\laeuidj.exe
C:\WINDOWS\system32\laeuida.exe
C:\WINDOWS\system32\laeuidv.exe
C:\WINDOWS\system32\laeuid4.exe
C:\WINDOWS\system32\laeuid6.exe
C:\WINDOWS\system32\laeuid8.exe
C:\WINDOWS\system32\laeuid9.exe
C:\WINDOWS\system32\xacdsred.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\Freecorder\FLVSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PAVJOBS.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Iface.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PAVJOBS.EXE
C:\Documents and Settings\Loja PC 1\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de programas\Hyperionics DB Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Arquivos de programas\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Loja PC 1\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Kjamnsdf] C:\WINDOWS\system32\rjfhdktugshtkgurht.dll,
O4 - HKCU\..\Run: [KJEHGDSE] C:\WINDOWS\system32\kerfdojrsfiut.dll,
O4 - HKCU\..\Run: [55555555555555] C:\WINDOWS\system32\tdkgj.dll,
O4 - HKCU\..\Run: [hjsg] C:\WINDOWS\system32\898+.dll,
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://cmt.caixa.gov.br
O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{447632FE-7BE2-4413-9087-14EEA5370972}: NameServer = 192.168.1.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: PskSvcRetailInst - Panda Security, S.L. - C:\DOCUME~1\LOJAP~1\CONFIG~1\Temp\ISSCAN\PskSvc.e xe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe

--
End of file - 11137 bytes

 

[COMBO]

Carlos MEP com trocentos virus no PC

de cara

C:\WINDOWS\system32\laeuidj.exe
C:\WINDOWS\system32\laeuida.exe
C:\WINDOWS\system32\laeuidv.exe
C:\WINDOWS\system32\laeuid4.exe
C:\WINDOWS\system32\laeuid6.exe
C:\WINDOWS\system32\laeuid8.exe
C:\WINDOWS\system32\laeuid9.exe
C:\WINDOWS\system32\xacdsred.exe

 

[Mr.Wolf]

Carol, com exceção de alguns aplicativos piratas, não há nada nos logs. Se quiser, você pode fazer um scan com o Removal Tool da Kaspersky.

Carlos, é o vundo mesmo. Instale e efetue um scan com o MBAM em modo de segurança. O programa identificará várias infecções, pois o vundo consegue replicar suas variantes. No término do scan, remova todas as contaminações encontradas clicando no botão Remover Tudo. O computador irá reiniciar.

Após a reinicialização, rode o VundoFix novamente e veja se ele encontrará algo.

Depois destes procedimentos, poste um novo log do Hijack.

 

[Carlos MEP]

Olá meu Grande amigo Mr.Wolf boa tarde!

Fiz tudo nos conformes como vc pediu. Poxa o micro ja deu uma embalada legal. Nao trava mais, as propagandas sumiram e a tela azul tb sumiu. O Mbam encontrou um monte de coisas msm e eu meti bala neles hehehehe. Ja o Vundo fix nao encontrou nada.

É necessario postar o log do Mbam ou do vundo fix Mr.Wolf??

Segue o novo log do Hijackthis.

Mto obrigado meu querido, obrigado msm. Por favor pro que precisar de mim estou aqui.

Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:33, on 06/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PAVJOBS.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Iface.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PAVJOBS.EXE
C:\Documents and Settings\Loja PC 1\Desktop\HijackThis.exe
C:\WINDOWS\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de programas\Hyperionics DB Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Arquivos de programas\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Loja PC 1\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://cmt.caixa.gov.br
O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{447632FE-7BE2-4413-9087-14EEA5370972}: NameServer = 192.168.1.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: PskSvcRetailInst - Panda Security, S.L. - C:\DOCUME~1\LOJAP~1\CONFIG~1\Temp\ISSCAN\PskSvc.e xe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe

--
End of file - 10311 bytes

 

[carolgsn]

Olá Mr. Wolf...

Que notícia mais boa!!! Achei que estaria lotado de vírus...
Vou passar o Kaspersky para garantir...
E com relação ao antivirus, há um programa que consigo reinstalá-lo, vc pode me indicar, por favor? Já tentei até pelo modo de segurança e não consegui...

Muitooooo obrigada mais uma vez Mr. Wolf!!!!
Parabéns pelo seu trabalho!!!!

Abraço!

 

[P_I_N_G_A]

Olá Wolf,

Recentemente o Avira free q uso no win 7 64bits, realizou uma atualização com uma novidade chamado webguard. Como uso esse anti vírus a muitos anos, estranhei o ícone na barra de tarefas (o guardachuva) se encontra fechado. Mas o interessante q quando passo o mouse no ícone ele informa o Guard como ativo mas o web guard desconhecido. Tentei diversas vezes atival-lo mas sem sucesso.

Minha dúvida é se o Avira está funcionando corretamente?
caso não qual outro anti vírus free vc sugere?
obrigado.

 

[orakulo]

Eu to tendo um monte de problemas com Avira (que uso a cerca de 3 anos), agora tudo que é crack (inclusive os que já usava) ele deu tratar como ameaça!

 

[luisednardo]

Olá Grande Wolf,
Fico feliz que não abandonou esse tópico mesmo com suas obrigações. E aí, como está a vida? Tá nos USA ainda? Espero que esteja tudo bem com você. Estou começando uma nova jornada na minha vida profissional Mr Wolf e agora vou fazer outra faculdade (Sistemas de Informações) e estou atualmente aprendendo Java, HTML e SQL, gostaria muito que me indicasse algum site com tutoriais ou livros ou algum material seu que usou nos tempos de estudante, sei la. Aquele material que vc me mandou de lógica de programaçao eu uso até hj. Cara, muito Obrigado por tudo mesmo.
Abraços e Boa sorte!

P.S.: Carlos MEP vc por aqui? Nunca vou me esquecer do vírus que esse cara pegou, um que infectava todas as mp3 do pc. Bons tempos!!!! hehehehe

 

[Mr.Wolf]

Olá meu Grande amigo Mr.Wolf boa tarde!

Fiz tudo nos conformes como vc pediu. Poxa o micro ja deu uma embalada legal. Nao trava mais, as propagandas sumiram e a tela azul tb sumiu. O Mbam encontrou um monte de coisas msm e eu meti bala neles hehehehe. Ja o Vundo fix nao encontrou nada.

É necessario postar o log do Mbam ou do vundo fix Mr.Wolf??

Segue o novo log do Hijackthis.

Mto obrigado meu querido, obrigado msm. Por favor pro que precisar de mim estou aqui.

Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:33, on 06/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PAVJOBS.EXE
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Iface.exe
C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PAVJOBS.EXE
C:\Documents and Settings\Loja PC 1\Desktop\HijackThis.exe
C:\WINDOWS\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de programas\Hyperionics DB Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Arquivos de programas\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Loja PC 1\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://cmt.caixa.gov.br
O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{447632FE-7BE2-4413-9087-14EEA5370972}: NameServer = 192.168.1.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: PskSvcRetailInst - Panda Security, S.L. - C:\DOCUME~1\LOJAP~1\CONFIG~1\Temp\ISSCAN\PskSvc.e xe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe

--
End of file - 10311 bytes

Carlos, aparentemente, tudo ok. Alguma inconveniência na máquina ainda? Recomendaria que você fizesse uma verificação online só para "matar" quaisquer suspeitas. Sugiro o ESET Online Scanner pois é prático, excelente e oferece a opção de remover, caso seja identificada alguma ameaça. Após o scan, se quiser pode postar o log aqui.

Olá Mr. Wolf...

Que notícia mais boa!!! Achei que estaria lotado de vírus...
Vou passar o Kaspersky para garantir...
E com relação ao antivirus, há um programa que consigo reinstalá-lo, vc pode me indicar, por favor? Já tentei até pelo modo de segurança e não consegui...

Muitooooo obrigada mais uma vez Mr. Wolf!!!!
Parabéns pelo seu trabalho!!!!

Abraço!

Carol, sinceramente, é estranho isso! O MSE está funcionando corretamente? Você tentou desinstalá-lo da maneira "brute-force" (na marra, digamos assim)? Não lembro se este antivirus oferece a opção de reparar. Tente desinstalá-lo com o AppRemover ou o AV Uninstall Tools Pack. Depois você tenta instalá-lo novamente.

Olá Wolf,

Recentemente o Avira free q uso no win 7 64bits, realizou uma atualização com uma novidade chamado webguard. Como uso esse anti vírus a muitos anos, estranhei o ícone na barra de tarefas (o guardachuva) se encontra fechado. Mas o interessante q quando passo o mouse no ícone ele informa o Guard como ativo mas o web guard desconhecido. Tentei diversas vezes atival-lo mas sem sucesso.

Minha dúvida é se o Avira está funcionando corretamente?
caso não qual outro anti vírus free vc sugere?
obrigado.

Opa P_I_N_G_A, muitos usuários do Avira estão reclamando disso nos fóruns internacionais. A sua versão do Avira é paga ou free? Porque, pelo que eu saiba, quando o WebGuard é instalado, uma toolbar chamada Ask.com (adware) é instalada em conjunto, na versão free do Avira - o que é um absurdo ao meu ver pois trata-se de um componente perigoso.
O que acontece é que há alguns meses atrás a AntiVir introduziu a instalação do Ask.com (aplicativo nada confiáveis) na versão free de seu produto.

Na verdade, a sua proteção está funcionando normalmente sim, mesmo com o guarda-chuvas fechado. Porém, somente o WebGuard está inativo. Acesse o Painel de Controle > Desinstalar um programa e verifique se consta algo como "Avira Search Free WebGuard" na lista.

Olá Grande Wolf,
Fico feliz que não abandonou esse tópico mesmo com suas obrigações. E aí, como está a vida? Tá nos USA ainda? Espero que esteja tudo bem com você. Estou começando uma nova jornada na minha vida profissional Mr Wolf e agora vou fazer outra faculdade (Sistemas de Informações) e estou atualmente aprendendo Java, HTML e SQL, gostaria muito que me indicasse algum site com tutoriais ou livros ou algum material seu que usou nos tempos de estudante, sei la. Aquele material que vc me mandou de lógica de programaçao eu uso até hj. Cara, muito Obrigado por tudo mesmo.
Abraços e Boa sorte!

E aí luisednardo, estou nos EUA sim, e ficarei aqui por um bom tempo ainda, rs. Poxa, legal essa sua nova jornada na área da programação, desde já lhe desejo muita sorte e sucesso. Bem, os materiais que eu utilizei para iniciar na programação foram os comumente encontrados na net mesmo. Meu ponta-pé inicial foi com PHP, ASP e Javascript - nada casuais -, além de lógica, claro, que aliás são as linguagens que eu mais gosto de trabalhar hoje em dia. Na época de iniciante sempre recorri ao site Apostilando, luisednardo, além de vasculhar aulas práticas no Youtube. Depois que eu entrei na faculdade me foquei mais nos materiais que recebi lá.

Qual dessas linguagens que você citou mais lhe chama atenção? Pois, assim ficará mais fácil indicar um material específico. Aconselho você a não ficar estudando inúmeras linguagens de uma só vez para evitar que elas "misturem-se" e confundam você mais pra frente, porque isso acontece bastante! Pegue uma delas e leia com muita atenção, entenda, releia, tente interpretar, faça na prática... e assim por diante. Outro detalhe importante: inicialmente dê preferência para linguagens mais básicas e leves, como HTML mesmo que você citou.

Uma outra dica é já ir se familiarizando um pouco com a plataforma Linux, pois em Sistema de Informação você mexe bastante com este SO. Entretanto, é o sistema preferido dos programadores, isso inclui a minha pessoa, e o porquê disso você entenderá após estar cursando a faculdade.

Qualquer dúvida estamos aí!

Abraços

 

[Carlos MEP]

Olá grande amigo Wolf

Mais nenhuma incoveiencia meu grande amigo. Realizarei o escan com Eset Online como vc me orientou e com certeza amanha eu ja posto o relatorio para que vc me deixe tranquilo, pode ser??

Mto obrigado meu amigo nem sei como agradecer a vc, sao tantas as ajudas que eu nem tenho palavras mais. Vlw

PS: Ola Luis Ednardo poutz é verdade, foi um dia cruel para mim hein?? aquele virus eu nunca peguei mais graças ao querido Mr.Wolf.

ABRAÇÃO MEU AMIGO
bom fds a todos

 

[guilhermeX]

Fala Mr.Wolf, blz?

Deixa eu te perguntar brother, existe uma maneira de mandar um exe maior do que 20 mb pro Virustotal? O limite é de 20 mas eu as vezes baixo uns arquivos com tamanho maior e sempre gosto de verifica-los antecipadamente, por garantia.

Mas não me contento de verificar somente com o meu AV. Dei uma googlada aqui e não encontrei uma solução plausivel

[]'s
Guilherme

 

[Mr.Wolf]

guilhermeX

Neste caso, o que você pode fazer é o seguinte:

1 - Dividir o arquivo e enviar parte por parte do mesmo. Isso pode ser feito com o HJ-Split, por exemplo.
2 - Utilizar o recurso "URL Scan" do VirusTotal, submetendo o link de download direto do arquivo desejado.
3 - Buscar pelo valor de hash do arquivo na internet. Para isto, basta procurar pelo MD5 ou SHA-1 do arquivo na rede, pois muitos programas anti-malwares, e até mesmo os resultados do VirusTotal, upam estas informações de arquivos suspeitos ou desconhecidos.

Do contrário, desconheço outra alternativa!

Abraços

 

[guilhermeX]

Vlw pela resposta.

2 - Utilizar o recurso "URL Scan" do VirusTotal, submetendo o link de download direto do arquivo desejado.

Essa opção do Virustotal é aquela parada Submit a URL??

3 - Buscar pelo valor de hash do arquivo na internet. Para isto, basta procurar pelo MD5 ou SHA-1 do arquivo na rede, pois muitos programas anti-malwares, e até mesmo os resultados do VirusTotal, upam estas informações de arquivos suspeitos ou desconhecidos.

E como faço pra ter essas informações??

Ate então acho q o melhor é o da url. Dividir o arquivo vai dar trampo se ele for mtoo grande, tipo 300 mb e tal.

[]'s

 

[Mr.Wolf]

Essa opção do Virustotal é aquela parada Submit a URL??

Exatamente.

E como faço pra ter essas informações??

Recomendo o HashTab.

Em todo caso, é importante utilizar uma SandBox ou Máquina Virtual (especialmente) para uma navegação mais segura, sobretudo, para o download de arquivos duvidosos.

 

[guilhermeX]

Obrigado ae Mr.Wolf. Matou a paulada minhas duvidas cara.

Eu uso o Sandboxie e o VirtualBox aqui e sempre uso eles mesmo.

Vlw brow

[]'s
Guilherme