Boa Noite! Meyer |- Informe a situação de sua máquina! -/- |- Baixe: < [COLOR=blue]MyHosts[/COLOR] > ( ... par Jeanmimigab ) |- Salve-o no desktop! https://www.hardware.com.br/static/c/m/084af793b6269f45b60116cd3c5f1b9b |- Execute o arquivo MyHosts.exe,que está na área de trabalho. |- Para Windows Vista ou 7,execute-o como administrador. #######ººº####### ** Rapport MyHosts.txt ** MyHosts V.1.0.0.2 de jeanmimigab Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides Résultat de l'opération:restauration du fichier hosts réussi... ** Fin du rapport ** #######ººº####### |- Poste o relatório: C:\[COLOR=green]MyHosts.txt[/COLOR] -/- |- Vá à este endereço: < http://support.microsoft.com/kb/2579295 > https://www.hardware.com.br/static/c/m/14eb01fba0097bfdc9bc83e26071e6e0 |- Execute o FixIt para desinstalar o IE9,onde seu computador voltará à versão anterior do navegador. |- < [COLOR=blue]IE8[/COLOR] > |- Procure o setup de instalação do IE8 e execute-o! Caso não possua-o,desinstale o IE8 e baixe novo setup para sua reinstalação. |- Estando com o IE8 funcional,busque a reinstalação do [COLOR=blue]IE9[/COLOR]. |- Poste novo relatório de ZHPDiag_silent,mas não esqueça de deletar o antigo,para não postá-lo novamente. Abraços! ( PS: Devido à compromissos inadiáveis,somente poderei atendê-lo na segunda-feira. )

[quote=joram, post: 6049612]Olá! Meyer |- Isso,com certeza,deve ser conduzido à defesa do consumidor. ( PROCOM ) |- Recomendo formatar seu computador e instalar novo Windows 7 [COLOR=darkred]original[/COLOR]. Abraços![/quote] Formatar, por enquanto, não é o caso. Restaurei o WAT, vou deixar até amanhã para convencer o pai :nao_sei_nao:... Quer continuar tentando arrumar o IE?

Home
>
Fórum
>
Windows, Softwa...
>
Análise de log,...
>
Análise de rotina

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

[Resolvido] Análise de rotina

#1 Por Meyer! 25/06/2012 - 19:59

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
IL Harmor
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
HijackThis 1.99.1
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Mozilla Firefox (x86 pt-BR..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

Não sei porque apareceu o IL Harmor no log, visto que ele é um plugin VST: http://www.image-line.com/documents/harmor.html

[code=rich]OTL logfile created on: 25/06/2012 19:32:36 - Run 3
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Usuário\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,48 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 55,57% Memory free
6,95 Gb Paging File | 4,82 Gb Available in Paging File | 69,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164,66 Gb Total Space | 100,06 Gb Free Space | 60,77% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 55,04 Mb Free Space | 55,04% Space Free | Partition Type: NTFS
Drive F: | 259,84 Gb Total Space | 88,00 Gb Free Space | 33,87% Space Free | Partition Type: NTFS

Computer Name: MEYERPC | User Name: usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 12:36:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Usuário\Desktop\OTL
PRC - [2012/04/20 13:01:02 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/11/13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/11/13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/04/06 17:31:12 | 000,675,128 | ---- | M] (Acunetix Ltd.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe
PRC - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/06/16 18:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2008/10/18 07:32:47 | 000,775,168 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008/08/04 18:04:38 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/08/01 15:55:28 | 000,143,467 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2007/06/26 11:39:46 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Topro\TP6800\tppoll.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/12 01:33:52 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2010/06/16 18:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2008/08/04 18:04:38 | 000,226,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
MOD - [2008/08/01 15:56:14 | 000,098,403 | ---- | M] () -- C:\Windows\SysWOW64\Bs2Res.dll
MOD - [2008/08/01 15:55:40 | 000,118,880 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileSDK.dll
MOD - [2008/08/01 15:55:30 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll
MOD - [2008/08/01 15:46:30 | 017,907,824 | ---- | M] () -- C:\Windows\SysWOW64\BsLangInDepRes.dll
MOD - [2007/06/26 11:39:46 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Topro\TP6800\tppoll.exe
MOD - [2007/06/04 10:24:24 | 000,057,344 | ---- | M] () -- C:\Windows\SysWOW64\CAMLIB.DLL

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 08:08:24 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012/02/16 07:25:23 | 000,011,264 | ---- | M] (Olof Lagerkvist) [Auto | Running] -- C:\Windows\SysNative\imdsksvc.exe -- (ImDskSvc)
SRV:64bit: - [2011/02/17 11:51:10 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/20 17:56:46 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/20 13:01:02 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/08 12:45:43 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 08:08:34 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/05 08:08:24 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/03/28 14:41:30 | 001,882,376 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Raxco\PDFree\PDAgent.exe -- (PDAgent)
SRV - [2012/03/28 14:41:20 | 003,290,376 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2012/03/22 17:34:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Arquivos de Programas\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/23 07:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Arquivos de Programas\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/11/13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/11/13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/11/13 22:55:18 | 011,839,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/04/06 17:31:12 | 000,675,128 | ---- | M] (Acunetix Ltd.) [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe -- (AcuWVSSchedulerv7)
SRV - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/12/28 05:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [Disabled | Stopped] -- C:\Arquivos de Programas\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Disabled | Stopped] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/18 07:32:47 | 000,775,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/01 16:00:18 | 000,141,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/08/01 15:55:28 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/19 20:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/16 07:25:27 | 000,018,384 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\awealloc.sys -- (AWEAlloc)
DRV:64bit: - [2012/02/16 07:25:25 | 000,037,336 | ---- | M] (Olof Lagerkvist) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\imdisk.sys -- (ImDisk)
DRV:64bit: - [2011/12/19 12:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/12/02 10:56:48 | 000,140,816 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2011/11/13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/11/13 23:28:10 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2011/11/13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/11/13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/11/13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/09/29 04:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011/09/21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 13:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 19:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/12 00:09:08 | 000,291,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/12/02 19:30:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/11/29 11:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/20 10:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 10:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 08:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 10:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/08/30 10:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/08/24 06:55:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/04/26 11:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009/12/21 09:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:64bit: - [2009/07/24 11:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/17 12:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/31 20:45:44 | 000,024,328 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008/07/10 18:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2008/07/02 14:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2008/07/02 14:58:38 | 000,038,536 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2008/07/02 14:58:28 | 000,047,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2008/02/29 14:19:52 | 000,204,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TP6800.SYS -- (DCamUSBIntel)
DRV:64bit: - [2008/01/21 19:28:14 | 000,016,904 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2008/01/21 19:27:52 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV - [2012/05/03 19:35:53 | 000,092,536 | ---- | M] (WinMount International Inc) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\WMDrive.sys -- (WMDrive)
DRV - [2012/02/09 13:16:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/02/29 15:10:04 | 000,196,548 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TP6800.sys -- (DCamUSBIntel)
DRV - [2006/10/09 15:29:22 | 000,032,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2005/05/31 08:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 13:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 16:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 12:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 20 81 9A 52 4E CD 01 [binary data]
IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 10.0.2\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/03/04 17:40:00 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 10.0.2\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 10:53:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 10:53:19 | 000,000,000 | ---D | M]

[2012/01/18 15:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Extensions
[2012/06/22 18:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\27q6mkm7.default\extensions
[2012/06/22 18:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\br7cpq5b.UX\extensions
[2012/02/05 13:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/10/13 15:22:22 | 000,009,584 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\HILLCREST LABS\KYLO\EXTENSIONS\{34685145-442A-4A29-A33E-AF4FFA3DDAEB}.XPI
[2011/10/13 15:22:22 | 000,099,159 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\HILLCREST LABS\KYLO\EXTENSIONS\{448D473E-BEC6-11E0-8845-A93E4824019B}.XPI
[2012/02/17 10:53:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/03 03:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\components\npBitCometAgent.dll
[2011/12/21 02:07:30 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2011/12/21 02:07:30 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/12/21 01:46:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/12/21 02:07:30 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/12/21 02:07:30 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2012/06/23 15:28:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de Programas\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF16793.3XE /c C:\ComboFix\Combobatch.bat File not found
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [CPA] C:\Arquivos de Programas\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\vdeck.exe (VIA)
O4 - HKLM..\Run: [TPPOLL] C:\Program Files (x86)\Topro\TP6800\TPPOLL.EXE ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-1602252896-3381256103-921796795-1000..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-1602252896-3381256103-921796795-1003..\Run: [Facebook Update] C:\Users\Usuário\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1602252896-3381256103-921796795-1003..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1602252896-3381256103-921796795-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [combofix] C:\ComboFix\CF16793.3XE /c C:\ComboFixCombobatch.bat File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1602252896-3381256103-921796795-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1602252896-3381256103-921796795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1602252896-3381256103-921796795-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &B&aixar &com o BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &B&aixar tudo usando o BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Send by Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8:64bit: - Extra context menu item: Send via &Message... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O8 - Extra context menu item: &B&aixar &com o BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1330003957278 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1B6422F-AAA9-4BD5-B06D-53414FAC90DA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2012/06/23 17:53:54 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2012/06/23 15:28:41 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\temp
[2012/06/21 21:27:18 | 000,000,000 | ---D | C] -- C:\MNS
[2012/06/21 19:28:13 | 000,000,000 | ---D | C] -- C:\MSNBATCH
[2012/06/15 11:23:24 | 000,000,000 | ---D | C] -- C:\runasexe
[2012/06/13 19:48:33 | 000,000,000 | ---D | C] -- C:\gfxmenu
[2012/06/13 12:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
[2012/06/13 12:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GnuWin32
[2012/06/13 11:24:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/06/13 11:24:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/06/12 21:47:11 | 000,000,000 | ---D | C] -- C:\winproductkey
[2012/06/12 11:45:35 | 000,248,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2012/06/11 21:59:45 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2012/06/11 19:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burg
[2012/06/11 19:32:26 | 000,000,000 | ---D | C] -- C:\Burg
[2012/06/10 18:38:28 | 000,000,000 | ---D | C] -- C:\Users\usuario\Documents\SharpDevelop Projects
[2012/06/02 18:27:21 | 000,000,000 | ---D | C] -- C:\gdh
[2012/06/02 15:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExactFile
[2012/06/02 15:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExactFile
[2012/05/26 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cakewalk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/25 19:31:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/25 19:05:29 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 19:05:29 | 000,000,970 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012/06/25 19:05:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 19:05:21 | 2800,230,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 12:21:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1602252896-3381256103-921796795-1003UA.job
[2012/06/25 11:59:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/24 21:21:13 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1602252896-3381256103-921796795-1003Core.job
[2012/06/23 21:57:25 | 001,636,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 21:57:25 | 000,706,762 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/06/23 21:57:25 | 000,655,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 21:57:25 | 000,148,074 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/06/23 21:57:25 | 000,122,788 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/23 15:28:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/21 19:30:32 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\batch.ftp
[2012/06/21 18:10:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 12:59:33 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 12:59:33 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 11:07:52 | 000,004,522 | ---- | M] () -- C:\Users\usuario\Documents\exepatch.reg
[2012/06/13 13:16:21 | 000,000,512 | ---- | M] () -- C:\Users\usuario\Documents\Kingston DT 101 G2 USB Device.mbr
[2012/06/11 22:00:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/06/11 22:00:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/06/10 22:03:24 | 000,004,778 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/06/10 19:00:08 | 000,000,099 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/06/10 18:30:17 | 000,000,713 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/06/10 15:34:46 | 000,005,469 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/06/02 15:23:18 | 000,000,960 | ---- | M] () -- C:\Users\usuario\Desktop\ExactFile.lnk
[2012/06/02 15:10:21 | 000,006,269 | ---- | M] () -- C:\Users\usuario\Desktop\Windows 8-2012-06-02-15-10-21.png
[2012/05/26 20:43:53 | 000,001,293 | ---- | M] () -- C:\Users\usuario\Desktop\Z3TA+ 2.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 10:52:20 | 2800,230,400 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/21 19:29:55 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\batch.ftp
[2012/06/21 18:10:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/15 11:06:58 | 000,004,522 | ---- | C] () -- C:\Users\usuario\Documents\exepatch.reg
[2012/06/13 13:16:21 | 000,000,512 | ---- | C] () -- C:\Users\usuario\Documents\Kingston DT 101 G2 USB Device.mbr
[2012/06/11 19:32:30 | 000,170,794 | ---- | C] () -- C:\buldr
[2012/06/11 19:32:30 | 000,008,192 | ---- | C] () -- C:\buldr.mbr
[2012/06/02 20:38:24 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1602252896-3381256103-921796795-1003UA.job
[2012/06/02 20:38:24 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1602252896-3381256103-921796795-1003Core.job
[2012/06/02 15:23:18 | 000,000,960 | ---- | C] () -- C:\Users\usuario\Desktop\ExactFile.lnk
[2012/06/02 15:10:21 | 000,006,269 | ---- | C] () -- C:\Users\usuario\Desktop\Windows 8-2012-06-02-15-10-21.png
[2012/05/26 20:43:53 | 000,001,293 | ---- | C] () -- C:\Users\usuario\Desktop\Z3TA+ 2.lnk
[2012/05/25 21:29:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2012/05/25 21:25:28 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2012/05/25 18:07:46 | 000,002,486 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\unins000.dat
[2012/05/22 13:00:20 | 000,000,216 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2012/05/22 12:57:30 | 000,005,469 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/05/22 12:53:15 | 000,000,713 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/05/22 12:52:59 | 000,004,778 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/05/22 12:52:58 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/05/22 12:47:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2012/05/10 21:48:43 | 000,000,104 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\CairoAppConfig.xml
[2012/05/10 21:48:29 | 000,000,273 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\CairoStacksConfig.xml
[2012/04/20 12:56:21 | 000,298,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/20 12:56:11 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/20 12:56:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/16 20:44:37 | 000,159,744 | ---- | C] () -- C:\Windows\Amcap.exe
[2012/04/16 20:44:36 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\CAMLIB.DLL
[2012/03/27 11:33:51 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/26 11:01:46 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/03/22 17:32:22 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/22 17:32:21 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/22 17:32:20 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/22 17:32:20 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/04 18:45:47 | 001,648,450 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/02 19:06:13 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2012/02/17 17:34:47 | 000,000,337 | ---- | C] () -- C:\Users\usuario\AppData\Local\Perfmon.PerfmonCfg
[2012/02/15 18:29:31 | 000,013,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\BTNetFilter.sys
[2012/02/15 18:29:31 | 000,011,860 | ---- | C] () -- C:\Windows\SysWow64\drivers\VBTEnum.sys
[2012/01/31 10:02:10 | 000,221,184 | ---- | C] () -- C:\Windows\ToproUI.exe
[2012/01/25 12:00:48 | 000,007,602 | ---- | C] () -- C:\Users\usuario\AppData\Local\Resmon.ResmonCfg
[2012/01/24 18:19:15 | 000,205,904 | ---- | C] () -- C:\Windows\ADDONS SITECS (STEAM) Uninstaller.exe
[2012/01/24 10:58:54 | 000,000,053 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\contatos.dat
[2012/01/12 20:59:09 | 000,000,654 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/24 21:34:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/06/24 18:12:03 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\BitComet
[2012/04/27 19:03:44 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Component Factory
[2012/03/04 12:27:26 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\DAZ 3D
[2012/04/04 12:45:20 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Dev-Cpp
[2012/03/08 12:40:56 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\gtk-2.0
[2012/02/07 18:04:08 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Hardcore
[2012/03/07 11:25:16 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Hillcrest Labs
[2012/05/25 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\HTML Help
[2012/04/04 11:03:38 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\ICSharpCode
[2012/03/25 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Image-Line
[2012/01/31 10:56:44 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\ManyCam
[2012/05/01 11:37:31 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Mp3tag
[2012/04/04 11:05:26 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\NuGet
[2012/04/08 16:08:11 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\OpenDNS Updater
[2012/04/21 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\SynthMaker
[2012/04/03 20:16:20 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\TeamViewer
[2012/04/12 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\TuneUp Software
[2012/05/03 19:37:59 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\WinMount
[2012/03/11 15:19:49 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Ashampoo
[2012/06/02 14:49:43 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Audacity
[2012/03/04 20:07:46 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\BitComet
[2012/03/03 16:46:55 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\DAZ 3D
[2012/04/24 13:13:02 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Deckadance19
[2012/05/22 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Dev-Cpp
[2012/03/25 21:15:57 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\DirectWave
[2012/03/25 21:15:39 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Drumaxx
[2012/03/25 21:11:13 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Edison
[2012/05/11 11:42:37 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Emerge Desktop
[2012/03/16 10:38:31 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Folding@home-x86
[2012/05/05 14:15:29 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\gtk-2.0
[2012/03/27 13:06:51 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Hardcore
[2012/03/26 22:14:17 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Harmless
[2012/03/25 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Harmor
[2012/03/07 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Hillcrest Labs
[2012/05/25 21:37:42 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\HTML Help
[2012/04/02 11:15:12 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\ICSharpCode
[2012/03/25 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Image-Line
[2012/05/05 15:06:34 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\ManyCam
[2012/03/25 21:18:12 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Morphine
[2012/05/30 21:31:33 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Mp3tag
[2012/04/02 11:15:21 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\NuGet
[2012/04/08 16:08:19 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\OpenDNS Updater
[2012/05/06 14:03:04 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\PE Explorer
[2012/03/25 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Sakura
[2012/03/31 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Slicex
[2012/06/22 21:43:55 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\SongManager
[2012/03/20 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\TeamViewer
[2012/05/20 21:31:26 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\Toshiba
[2012/04/12 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\TuneUp Software
[2012/05/05 18:15:25 | 000,000,000 | RHSD | M] -- C:\Users\Usuário\AppData\Roaming\windir
[2012/06/03 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\Usuário\AppData\Roaming\WinMount
[2012/06/24 21:21:13 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1602252896-3381256103-921796795-1003Core.job
[2012/06/25 12:21:03 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1602252896-3381256103-921796795-1003UA.job
[2012/06/21 19:56:32 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >
[/code]P.S.: O problema do IE x86 não foi resolvido até hoje... Gostaria de resolvê-lo, visto que já tentei tudo, e o comportamento que o mesmo está apresentando está me levando a crer que seja um vírus.

analise antivirus security version rotina check results x64 screen317

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#31 Por joram

30/06/2012 - 23:39

Boa Noite! Meyer

|- Informe a situação de sua máquina!

-/-

|- Baixe: < MyHosts > ( ... par Jeanmimigab )
|- Salve-o no desktop!

Imagem

|- Execute o arquivo MyHosts.exe,que está na área de trabalho.
|- Para Windows Vista ou 7,execute-o como administrador.

#######ººº#######

** Rapport MyHosts.txt **

MyHosts V.1.0.0.2 de jeanmimigab

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

Résultat de l'opération:restauration du fichier hosts réussi...

** Fin du rapport **

#######ººº#######

|- Poste o relatório: C:\MyHosts.txt

-/-

|- Vá à este endereço: < http://support.microsoft.com/kb/2579295 >

|- Execute o FixIt para desinstalar o IE9,onde seu computador voltará à versão anterior do navegador.

|- < IE8 >

|- Procure o setup de instalação do IE8 e execute-o! Caso não possua-o,desinstale o IE8 e baixe novo setup para sua reinstalação.
|- Estando com o IE8 funcional,busque a reinstalação do IE9.
|- Poste novo relatório de ZHPDiag_silent,mas não esqueça de deletar o antigo,para não postá-lo novamente.

Abraços!

( PS: Devido à compromissos inadiáveis,somente poderei atendê-lo na segunda-feira. )

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

#32 Por Meyer!

01/07/2012 - 12:11

Windows com mensagem de pirata (usei o RemoveWAT, pois o PC veio com serial fria (daquelas que você acha de monte na internet), e algum programa restaurou o WAT), e o IE x86 continua não funcionando.

** Rapport MyHosts.txt **

MyHosts V.1.0.0.2 de jeanmimigab

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

Résultat de l'opération:restauration du fichier hosts réussi...

** Fin du rapport **

Daqui a pouco os outros relatórios...

EDIT: Fiz a remoção do IE9, mas o problema persistiu... Agora estou removendo o IE8 por completo, para reinstalá-lo.
Reinstalei o IE8, mas o problema persiste. Mas, agora, o IE x86 não carrega nada e se dá uma mexida nos botões dele, ele para de funcionar.

ZHP_Silent: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120701_c9b7s14v15i8

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#33 Por joram

02/07/2012 - 11:29

Bom Dia! Meyer

####
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
####

|- Utilizando SO pirata vc corre sérios riscos de segurança e atualizações que seriam necessárias ao IE9,não serão instaladas.
|- Ps: Com a WGA removida vc consegue executar o FixIt?
|- Verifique se existe algum bloqueio ao seu IE nas configurações da Firewall Comodo.
|- Verifique e aplique estas dicas para o seu IE9.

-/-

|- Caso não tenha êxito,vá à esta página: < http://support.microsoft.com/kb/318378 >
|- Utilize a solução FixIt,que está disponível.

-/-

|- Baixe: |DelFix| ( ... de Xplode )

Imagem

|- Estando na página,clique na seta verde para o download. ( Seta verde! )
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

Imagem

|- Clique em "Suppression".
|- Poste o relatório! ( C:\DelFixSuppr.txt )
|- Informe a situação de sua máquina!

Abraços!

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

#34 Por Meyer!

02/07/2012 - 11:57

Em relação a atualização automática, eu deixei ela em manual... De vez em quanto eu instalo elas... E o patch que eu usei foi o RemoveWAT, que tira o sistema WAT, mas eu consigo atualizar manualmente...

Eu notei que ele removeu o patch WAT antes de rodar o FixIt... Só tenho 1 dia de Windows original com a serial fria... O que eu faço? Lembrando que ele veio da loja com a serial fria (bota ela no Google, começa com FJGCP)

No firewall, só tem algumas comunicações bloqueadas de "System", uma do "BitComet", e outra de um vírus que já foi feita a remoção.

- Estou com o IE8 ainda, e não achei a opção de renderização de software (isso está descartado)...
- Excluir cookies e outros não deu em nada
- Limpar o cache SSL não deu em nada
- Redefinir as configurações do Internet Explorer não deu em nada
- Redefinir as configurações avançadas não deu em nada
- Não adianta rodar o FixIt, pois tudo o que ele vai fazer eu já fiz anteriormente... E ainda não tá aceitando a execução via UAC... Ele quer que eu logue na conta de admin...

Delfix:

# DelFix v8.8 - Rapport créé le 02/07/2012 à 11:54:58
# Mis à jour le 12/02/12 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : usuario - MEYERPC (Administrateur)
# Exécuté depuis : C:\Users\Usuário\Desktop\delfix.exe
# Option [Suppression]

~~~~~~ Dossiers(s) ~~~~~~

Supprimé : \USBFix
Supprimé : \MyHosts
Supprimé : \ZHP
Supprimé : C:\Users\usuario\Desktop\RK_Quarantine
Supprimé : C:\Program Files (x86)\ZHPDiag

~~~~~~ Fichier(s) ~~~~~~

Supprimé : \AdwCleaner[R1].txt
Supprimé : \AdwCleaner[S1].txt
Supprimé : \AdwCleaner[S2].txt
Supprimé : \buldr.mbr
Supprimé : \MyHosts.txt
Supprimé : \PhysicalDisk0_MBR.bin
Supprimé : \UsbFix.txt
Supprimé : C:\Users\usuario\Desktop\RKreport[1].txt
Supprimé : C:\Users\usuario\Desktop\RKreport[2].txt
Supprimé : C:\Users\usuario\Desktop\RKreport[3].txt
Supprimé : C:\Users\usuario\Desktop\RKreport[4].txt
Supprimé : C:\Users\usuario\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\usuario\Desktop\ZHPDiag.txt
Supprimé : C:\Users\usuario\Desktop\ZHPFix.lnk
Supprimé : C:\Users\usuario\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\usuario\Desktop\ZHP_uninstall.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\Software\USBFix
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~~~~~~ Autres ~~~~~~

Désinstallé : ESET Online Scanner
-> Prefetch Vidé

*************************

DelFix[S1].txt - [1709 octets] - [02/07/2012 11:54:58]

########## EOF - \DelFix[S1].txt - [1833 octets] ##########

Situação geral da máquina: O IE x86 continua com os mesmos sintomas (mesmo com o downgrade da versão 9 para a versão 8), tenho menos de 1 dia de Windows "original" com a serial fria que foi comprada junto com o PC...
Será que eu peço pro meu pai ir lá na loja brigar???

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#35 Por joram

02/07/2012 - 12:13

Olá! Meyer

|- Isso,com certeza,deve ser conduzido à "defesa do consumidor". ( PROCOM )
|- Recomendo formatar seu computador e instalar novo Windows 7 original.

Abraços!

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

#36 Por Meyer!

02/07/2012 - 19:47

Formatar, por enquanto, não é o caso. Restaurei o WAT, vou deixar até amanhã para convencer o pai

...
Quer continuar tentando arrumar o IE?

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#37 Por joram

02/07/2012 - 21:48

Olá! Meyer

|- Sim! Mas essa é minha última tentativa. OK?

-/-

|- Como seu Windows está apresentando problemas de autenticação,a desinstalação do IE9 não encontra empecilhos,mas...sua reinstalação passa por autenticação da originalidade do Windows 7.
|- Desinstale o IE9 por meio do FixIt e faça sua reinstalação "offline". Creio que assim obterás êxito na reinstalação do IE9 x86 ptb.

|- Instalar Internet Explorer 9 no Windows Seven Pirata (genérico)

|- No link àcima,terás maiores detalhes de onde baixar o(s) patche(s).
|- Ps: Isso vai contra meus princípios,onde o correto seria a formatação e aquisição do Windows 7 original e sem problemas ao receber atualizações da Microsoft.

Abraços!

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

#38 Por Meyer!

03/07/2012 - 11:04

Meu Windows ainda está original, provavelmente quando eu voltar da aula tenho trabalho a fazer

... Vou tentar instalar o IE9 normalmente, se não der certo, vejo o link. To vendo que a loja vai ter um trabalhão...

EDIT: Instalou normalmente, mas não funciona ainda... Mas, estou tentando fazer o IE x64 ficar padrão via registro... Pena que não conseguimos resolver... Boa sorte...

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#39 Por joram

03/07/2012 - 11:23

Olá! Meyer

|- Boa Sorte na empreitada! Mas...vc é tinhoso e não é de desistir sem uma boa luta.
|- Possuis a idade de 13 anos? Meus parabéns! Ganhou meu respeito e admiração.

Um forte abraço!

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

#40 Por Meyer!

03/07/2012 - 12:24

Correto, amigo

... A idade é essa mesmo... Eu consegui resolver usando uma (gambiarra) junção NTFS: mudei o propietário de "c:\program files (x86)\internet explorer" de TrustedInstaller para a conta de administrador, renomeei a pasta original, e usei o programa "Junction" para fazer a junção NTFS da pasta do IE x64 para a pasta do IE x86... Agora o IE x64 tá abrindo como padrão...

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#41 Por joram

03/07/2012 - 12:37

Olá! Meyer

|- O importante é que foi resolvido e de forma engenhosa,principalmente pelo emprego da ferramenta Junction que é muito utilizada pela analista Maria Cristina.

Abraços e parabéns!

|- Os emoticons estão indicando "suco de uva" rsr...

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

#42 Por Meyer!

03/07/2012 - 18:29

Valeu

...

Realmente tinha algo na pasta antiga do IE x86 que estava atrapalhando... Rodando o "iexplore.exe" dessa pasta diferente, continuavam os mesmos erros... Mas, finalmente descobri o problema!!! Me veio a ideia de DLL Hijacking, daí eu peguei, abri as duas pastas, fui comparando, e achei uma DLL suspeita que não pertence a Microsoft. O nome dela era "winmm.dll", foi só eu renomear ela (tanto com extensão .dll, tanto sem extensão), que o IE x86 voltou ao normal! Ao botar o nome original dela (winmm.dll), os erros voltam. Isso é praticamente um DLL hijacking, mas não sei se é do mal ou do bem, pois o arquivo tem uma assinatura digital. Segue a DLL para análise:

http://www.mediafire.com/?m890a6dr4ath804

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#43 Por joram

03/07/2012 - 19:51

Olá! Meyer

|- A análise do ficheiro em "systemexplorer.net",não revelou ser malware.

< %PROGRAMFILES%\Mozilla Firefox\WINMM.dll >

|- Mas...sua localização deveria ser a pasta "Mozilla Firefox" e uso em Windows Vista.
|- Não é Dll da Microsoft,como está delineado,mas... como foi parar na pasta do seu IE?

|- A determinação da assinatura que realizei bateu com a análise em Systemexplorer.net,onde na localização em que o ficheiro se encontra é seguro. ( ... pasta Mozilla Firefox )

|- No Windows XP,o ficheiro possui estas características,completamente antagônica ao ficheiro não-microsoft.

Abraços!

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Meyer! Ubbergeek Registrado

3.9K Mensagens 535 Curtidas

#44 Por Meyer!

03/07/2012 - 21:44

Como foi parar eu não sei... Pois faz meses que estou com o problema... Mas, isso é um caso de DLL Hijacking... Estarei testando com DLL's de teste para ver o que acontece...

joram Highlander Registrado

5.5K Mensagens 2.5K Curtidas

#45 Por joram

04/07/2012 - 01:18

Olá! Meyer

|- A investigação que realizei,não encontrou a aplicação iexplore.exe acompanhada de ficheiros dlls com corrupção ou alteração de extensão,que apontem para vulnerabilidade exploit ou DllHijacking.

< http://www.exploit-db.com/dll-hijacking-vulnerable-applications/ >

|- Esta lista pré-determinada,não incluiu o navegador IE9 ou aplicação como detentor de dlls injetadas para fins maliciosos.
|- Utilize a ferramenta DllHijackAuditor,para encontrar a dll hijacking. Volte com a dll que vc detectou à sua pasta de origem e utilize a ferramenta no aplicativo iexplore.exe,onde poderá ser detectado e confirmado o exploit.

|- Maiores detalhes: < http://www.forum-invaders.com.br/vb/showthread.php/37465-Windows-DLL-Hijacking >

|- Caso seja detectado dll(s) bugadas,pela ferramenta,o seu caso será isolado e não geral. Onde já foi detectado,é claro,a dll winmm.dll sem o concurso da ferramenta.
|- Traduzindo: "Adquiristes uma infecção DllHijacking,de causas ignoradas"

Abraços!

Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil

Ferramentas

Mover Tópico