Logo Hardware.com.br
katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas

analise de log por favor ^^

#1 Por katsuriko 13/07/2012 - 00:14
estou com um virus que envia emails no hotmail, queria saber como elimina-lo!!

Logfile of HijackThis v1.99.1
Scan saved at 00:13:40, on 13/07/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)


Running processes:
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fbr.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\RODRIGO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Expat Shield Routing Service (ExpatSrv) - AnchorFree Inc. - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
O23 - Service: Expat Shield Monitoring Service (ExpatWd) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
analise virus hotmail log emails envia eliminalo v1991 logfile
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#2 Por Wings
13/07/2012 - 00:23
Olá katsuriko


veja.png Baixe o Bankerfix (...da Linha Defensiva) e salve-o no desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [Sim] para instalar

Imagem

*Clique [OK] para baixar

Imagem

*Clique [Cancelar]

Imagem

*Execute o arquivo Iniciar-BankerFix.vbs localizado na pasta C:\LinhaDefensiva

*Clique [Sim] para verificar por atualização

Imagem

*Clique [OK] se não houver atualização disponível

*Clique [OK] para executar

Imagem

*Tecle [ENTER]

Imagem

*Ao finalizar, tecle [ENTER]

Imagem

*Cole o relatório ano_mês_dia.txt localizado na pasta C:\LinhaDefensiva\relatorios



veja.png Instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Selecione [Verificação completa]

Imagem

*Clique [Verificar] e selecione a partição onde o Windows está instalado ( geralmente C:\ )

*Clique [Verificar]

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado
katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas
#3 Por katsuriko
13/07/2012 - 00:30
relatório - 01

-------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2012-07-13 - 00:27
-------------------------------------------------------
Lista de Definição: 2012-07-05-1 | CORE: 2012-01-27-1
=======================================================






----- Fim -------------------------






-------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2012-07-13 - 00:29
-------------------------------------------------------
Lista de Definição: 2012-07-05-1 | CORE: 2012-01-27-1
=======================================================






----- Fim -------------------------
AMD Athlon X4 640 | ASUS M4N68T-LE | MARKVISION 4GB DDR3 1333Mhz | SEASONIC 620w | AKASA Freedon X2 | OZAKI 2.2 60W RMS | LG Ultra Wide 25UM58 | MICROSOFT Desktop 400 Wired | NVIDIA GeForce GT 610


katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas
#5 Por katsuriko
13/07/2012 - 01:12
relatório - 02

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org


Versão da Base de Dados: v2012.07.13.01


Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RODRIGO :: RODRIGO-PC [administrador]


Proteção: Permitir


13/07/2012 00:46:50
mbam-log-2012-07-13 (00-46-50).txt


Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 326484
Tempo decorrido: 21 minuto(s), 1 segundo(s)


Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)


Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)


Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)


Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)


Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)


Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)


Arquivos Detectados: 6
C:\Program Files (x86)\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\RODRIGO\AppData\Roaming\Thinstall\Alcohol_120%_v1.9.6.5429\10000001600003i\taskkill.exe (Trojan.IRCBot) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\RODRIGO\AppData\Roaming\Thinstall\Alcohol_120%_v1.9.6.5429\10000006500002i\regedit.exe (Trojan.IRCBot) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\RODRIGO\AppData\Roaming\Thinstall\Alcohol_120%_v1.9.6.5429\40000060900002i\_Alcohol.exe (Trojan.IRCBot) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\RODRIGO\AppData\Roaming\Thinstall\Alcohol_120%_v1.9.6.5429\400000c00002i\Alcohol.exe (Trojan.IRCBot) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\RODRIGO\Downloads\jogo.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.


(fim)
AMD Athlon X4 640 | ASUS M4N68T-LE | MARKVISION 4GB DDR3 1333Mhz | SEASONIC 620w | AKASA Freedon X2 | OZAKI 2.2 60W RMS | LG Ultra Wide 25UM58 | MICROSOFT Desktop 400 Wired | NVIDIA GeForce GT 610


Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#6 Por Wings
13/07/2012 - 01:16
veja.png Baixe o OTL e salve-o no Desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione as opções:

Verificar All Users
Verificar Lop
Verificar Purity


*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections


*Clique [Verificar]

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

*Acesse este link

*Clique [Selecionar arquivo...]

*Localize o relatório OTL.txt no desktop (Área de Trabalho) e clique [Abrir]

*Clique [Upload file]

*Cole o link gerado ao lado de Download link:

*Repita o procedimento para o relatório Extras.txt e cole o link para download
katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas
#7 Por katsuriko
13/07/2012 - 01:26
não gero no desktop, eles abriram

OTL logfile created on: 13/07/2012 01:19:28 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\RODRIGO\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,75 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 42,13% Memory free
7,50 Gb Paging File | 4,96 Gb Available in Paging File | 66,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 11,16 Gb Free Space | 11,44% Space Free | Partition Type: NTFS
Drive D: | 75,13 Gb Total Space | 14,55 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 49,50 Gb Free Space | 16,90% Space Free | Partition Type: NTFS

Computer Name: RODRIGO-PC | User Name: RODRIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 01:18:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RODRIGO\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/02/03 15:28:47 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/04 20:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
PRC - [2012/01/04 20:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/20 03:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/03/05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010/03/05 09:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010/02/03 15:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/07/14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 01:09:00 | 000,438,296 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012/07/10 01:08:59 | 003,972,120 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 01:07:39 | 000,554,520 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 01:07:37 | 000,117,784 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 01:07:22 | 000,140,328 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 01:07:21 | 000,262,184 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 01:07:19 | 002,386,984 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 23:17:27 | 009,255,112 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/09 23:17:27 | 009,255,112 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
MOD - [2009/09/30 11:33:06 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/07/31 20:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/03/19 21:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009/03/19 21:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 16:08:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/04 20:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/04 20:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/29 12:44:00 | 004,111,704 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/08/10 15:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 15:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 10:02:42 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/03 15:29:11 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/02/03 15:29:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/02/03 15:29:11 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/01/04 20:01:56 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010/11/20 04:33:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 02:07:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 02:03:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 00:57:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 23:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/02/13 21:43:24 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunBoundPS\Gun64.sys -- (Gun)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/05 00:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fbr.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes\{324A1BF7-0455-4d2d-B156-BC92C9AFDE34}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes\{5132F25B-9BDA-48ac-B771-FC062D867713}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RODRIGO\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RODRIGO\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012/01/06 10:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RODRIGO\AppData\Roaming\mozilla\Extensions
[2012/06/02 13:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RODRIGO\AppData\Roaming\mozilla\Firefox\Profiles\h07efxpu.default\extensions
[2012/04/02 23:28:00 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\RODRIGO\AppData\Roaming\mozilla\Firefox\Profiles\h07efxpu.default\extensions\2.0@disconnect.me
[2012/02/29 09:39:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Desprotetor de Links = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\1.2.9_0\
CHR - Extension: Gmail = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/26 12:47:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-895244445-3076790678-3433351381-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 200.10.120.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63BB6FC9-89AC-45C3-8868-70331E996694}: DhcpNameServer = 8.8.8.8 8.8.4.4 200.10.120.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 00:32:36 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Roaming\Malwarebytes
[2012/07/13 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/13 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/13 00:32:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/13 00:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/13 00:26:02 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2012/07/12 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C5FB814A-721B-4CBD-B863-148ED17777FE}
[2012/07/12 22:46:01 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{0A363903-6B2B-4902-90FA-4BFCE96EEDC8}
[2012/07/12 10:45:37 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{DD6A5B38-29E9-4DC4-B702-FF4198662B63}
[2012/07/12 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{271D56C5-CE66-43F5-90C4-C7A4E1B68804}
[2012/07/11 22:17:31 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{8FA0D028-B2E3-44E2-B57C-97D41FCFDC59}
[2012/07/11 22:17:06 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{649EF2AB-6309-4E52-BE1A-A269A1FD95C8}
[2012/07/11 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{65035B3F-746B-4A83-8F25-1BC29223AC07}
[2012/07/11 10:16:19 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{3216DE66-DBFA-4096-A324-E70FD7307951}
[2012/07/10 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{7A59A0E1-AD07-419F-A164-24EDB56B2C3F}
[2012/07/10 22:15:40 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{071250F0-6C2A-4D79-A9B5-8DEED9AB9F48}
[2012/07/10 10:15:16 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{4C36C41E-955C-437A-9B2E-4F678FDD75C2}
[2012/07/10 10:14:55 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{6DD9F83E-A092-4B0C-A8FE-26112BBDFFAE}
[2012/07/09 22:14:30 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{E21ADE52-AB4D-4E61-837A-E77D71EAAA1B}
[2012/07/09 22:14:06 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{59FBCD8E-D925-4CA2-9895-AECF1E5F26F6}
[2012/07/09 10:13:43 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{48116AE8-43B4-4713-AC81-6EAD64BACF9A}
[2012/07/09 10:13:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{1E1761A6-1452-47CD-BBA6-F2D8301EC9B1}
[2012/07/08 22:13:20 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{F0CA79B0-C52A-46D0-8E43-BA5FB9C01408}
[2012/07/08 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2C578AEC-D493-409B-A9F3-943B1AAFD170}
[2012/07/08 10:12:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{CCED39CC-6881-473E-A6BB-6D14C57E32D4}
[2012/07/08 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{429D8DCE-7907-43A6-96B2-F5A90FDEB80D}
[2012/07/07 22:11:58 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{3AD3C47B-977E-4EB2-8630-DBDCB31F2512}
[2012/07/07 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C28F47BE-1976-4BD7-BE50-305C8A434954}
[2012/07/07 10:11:25 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{6C9D86C3-48F2-46E6-A1C9-4867BD0DB36E}
[2012/07/07 10:11:11 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{B5F73404-DDE2-446F-BA9B-BEC10A526A63}
[2012/07/06 12:18:09 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{81DDD955-6A7C-4364-8FA6-D422CB681967}
[2012/07/06 12:17:49 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{07CD5134-9E09-4E11-A8A5-22189E0127A2}
[2012/07/05 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{157B4640-7135-4AC9-B865-468443B7F34F}
[2012/07/05 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A7A53308-4D88-47A7-B772-3064412743F2}
[2012/07/05 09:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/05 09:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/05 09:06:26 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/05 09:06:26 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/05 09:06:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/05 09:06:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/05 09:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/05 09:02:12 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{194D52DF-4CB2-428C-9FB5-3C8CF6B472CF}
[2012/07/05 09:01:58 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{39DB7E1A-8844-43F5-8C6F-3B8577C1BE43}
[2012/07/04 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A37E1920-A6AF-46AE-9D0D-31BA8AC12339}
[2012/07/04 08:42:44 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A2968F54-3E36-414C-891F-9E17EBF1AC59}
[2012/07/04 08:42:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{3014CDA9-A69E-411B-B05B-25BD09849A49}
[2012/07/03 18:45:47 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{55FDC79E-0CF9-46E0-96CE-625356C426FB}
[2012/07/03 18:45:21 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{54C80FE4-B9E6-4D58-888C-944CDC7DACDF}
[2012/07/03 06:44:57 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C86DD915-9A4F-4700-A233-2BD9C5B5B626}
[2012/07/03 06:44:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{F649EC3A-FFAA-4BB5-BA5C-7B10E712A457}
[2012/07/02 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9A3CB28D-64A6-4678-94AF-0AE0DBF41DFC}
[2012/07/02 18:43:42 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{31CAC554-DC2A-4F22-91EC-4442904E19CB}
[2012/07/01 21:11:15 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{46B16D0F-3F8A-48B0-9DE2-AAA290D540A0}
[2012/07/01 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2367A509-9EC5-4742-940F-047F80C0C99B}
[2012/07/01 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{186B8B2C-637A-4DA7-81C7-0ED36899567F}
[2012/07/01 09:09:57 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{42A7B934-13FD-42C0-ABAA-EB2828EED376}
[2012/06/30 21:09:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{D23CE83F-D029-49A6-BC4B-31F5AF19E4E1}
[2012/06/30 21:09:21 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{242FC78D-2C68-49CB-B3CD-8EF503ABA533}
[2012/06/30 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{DCD8E72C-19E2-40A3-9BAF-129989D7EB23}
[2012/06/30 09:08:49 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9DEF1B5A-6024-41A7-B01D-1F09600AAA65}
[2012/06/29 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{70A474F7-76EF-4EC8-99ED-712D91D22234}
[2012/06/29 21:08:24 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{EF882612-F051-46E7-8873-45682FEB20B0}
[2012/06/29 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2F3F70AA-CA45-4166-8906-C491650A2FD8}
[2012/06/29 09:07:46 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{B9EDE748-162D-488E-8DBB-0E22ABA52648}
[2012/06/28 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{D870A5F0-8D94-4B2F-B06E-206F2555D512}
[2012/06/28 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{381EBFC9-8031-4E3A-A519-5B4788E5A205}
[2012/06/28 08:57:56 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C658F85B-5A85-4A71-8201-53108BDF2865}
[2012/06/28 08:57:42 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A0F4BF07-2F53-4996-8B01-2E568432884A}
[2012/06/27 12:22:03 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{79C05FE0-4171-4912-A88B-577F3FEAEEB5}
[2012/06/27 12:21:43 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{5A4FF48A-BD9D-4701-9E60-B63EE3102457}
[2012/06/26 18:50:12 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2AC2233E-456E-4F9F-8D0E-7CF4B6B9F7F9}
[2012/06/26 18:49:59 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{FD1BA303-6DF9-4330-9C9A-3330AF6E9DCA}
[2012/06/25 12:21:43 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{E7846EBE-0A0C-4A23-9D51-7D690BE520FE}
[2012/06/25 12:21:31 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C18A52A0-325A-412A-A812-735D9E0840E0}
[2012/06/24 23:13:12 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9ABB75A4-660A-4B02-B2CB-B2B8C632FD43}
[2012/06/24 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2B9902D0-1909-4CE6-911F-7EB23BE6AC5D}
[2012/06/24 11:12:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A09F27DD-18A0-4A89-9470-D45E50FB9F39}
[2012/06/24 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C45E5743-5204-4A3F-8B61-800900F97728}
[2012/06/23 17:42:03 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{54509FB3-EB06-45E4-A2A4-DB9B9EF3245C}
[2012/06/23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{ED68F375-C920-4750-88EC-AD57D422B9B0}
[2012/06/23 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{86B2E73E-9B8F-4B62-B03D-89A70D6CEFE8}
[2012/06/23 00:30:20 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9BD4C5B3-8234-4FF6-A28E-E4C2C14BF3F4}
[2012/06/22 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{4323849C-D62C-48D0-9051-D45202718369}
[2012/06/22 12:29:31 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{B3337615-F24A-48DA-BABA-93AF6C8A3F31}
[2012/06/21 22:05:53 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{EC67D37A-0B50-4C84-9FC9-43028AE2E593}
[2012/06/21 22:05:39 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{72881168-FEFA-4CCB-867B-2DE819402100}
[2012/06/21 21:48:30 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\Windows Live
[2012/06/14 12:32:20 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\webkit
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 01:07:07 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-895244445-3076790678-3433351381-1000UA.job
[2012/07/13 01:01:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 00:32:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 20:28:15 | 000,007,715 | ---- | M] () -- C:\Users\RODRIGO\Desktop\download.jpg
[2012/07/12 20:18:46 | 000,055,773 | ---- | M] () -- C:\Users\RODRIGO\Desktop\linha_do_tempo_influenza-thumb-450x547-17719.jpe
[2012/07/12 17:21:59 | 001,491,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 17:21:59 | 000,654,272 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/07/12 17:21:59 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 17:21:59 | 000,124,724 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/07/12 17:21:59 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/12 05:07:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-895244445-3076790678-3433351381-1000Core.job
[2012/07/11 16:08:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 16:08:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 15:23:31 | 000,002,409 | ---- | M] () -- C:\Users\RODRIGO\Desktop\Google Chrome.lnk
[2012/07/11 11:10:59 | 000,026,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 11:10:59 | 000,026,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 11:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 11:02:33 | 3019,288,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 09:06:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/05 09:06:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/04 23:02:18 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/30 23:52:00 | 000,056,603 | ---- | M] () -- C:\Users\RODRIGO\Desktop\nivernamoro8.gif
[2012/06/30 23:50:29 | 000,015,953 | ---- | M] () -- C:\Users\RODRIGO\Desktop\mensagem-aniversario-de-namoro.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/13 00:32:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 20:28:19 | 000,007,715 | ---- | C] () -- C:\Users\RODRIGO\Desktop\download.jpg
[2012/07/12 20:18:49 | 000,055,773 | ---- | C] () -- C:\Users\RODRIGO\Desktop\linha_do_tempo_influenza-thumb-450x547-17719.jpe
[2012/06/30 23:52:02 | 000,056,603 | ---- | C] () -- C:\Users\RODRIGO\Desktop\nivernamoro8.gif
[2012/06/30 23:50:33 | 000,015,953 | ---- | C] () -- C:\Users\RODRIGO\Desktop\mensagem-aniversario-de-namoro.jpg
[2012/06/21 21:52:20 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/03/26 12:42:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/26 12:42:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/26 12:42:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/26 12:42:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/26 12:42:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/12 22:13:18 | 000,000,019 | ---- | C] () -- C:\Users\RODRIGO\AppData\Roaming\RadioStreamPlayer.dat
[2012/01/30 14:45:34 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/16 16:33:19 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/06 10:45:49 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/06 10:45:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/01/06 10:45:46 | 002,712,064 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/01/06 10:45:46 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/06 10:45:46 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/06 10:45:46 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/01/06 10:45:45 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/06 10:37:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/06 10:28:54 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/01/06 10:28:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/01/06 10:28:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/01/06 10:28:09 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/01/06 10:28:09 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

========== LOP Check ==========

[2012/01/06 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Ashampoo
[2012/06/13 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\DAEMON Tools Lite
[2012/01/06 10:29:51 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\DeviceVm
[2012/05/29 23:19:42 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\DVDVideoSoft
[2012/01/06 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Easeware
[2012/01/06 12:24:52 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Houaiss3
[2012/04/22 22:54:57 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\JAM Software
[2012/06/09 13:05:54 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Nvu
[2012/03/14 15:44:00 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\pdfforge
[2012/02/29 23:59:57 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Skinux
[2012/04/16 23:27:05 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Thinstall
[2012/02/29 23:01:14 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\TuneUp Software
[2012/07/13 00:34:33 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\uTorrent
[2012/02/12 22:13:04 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\www.TheXSoft.com
[2012/06/04 09:04:27 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >
"Version" = 1
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"DownloadRetries" = 0
"KnownProvidersUpgradeTime" = F0 A9 78 25 B3 3B CD 01 [binary data]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{324A1BF7-0455-4d2d-B156-BC92C9AFDE34}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5132F25B-9BDA-48ac-B771-FC062D867713}]

< HKU\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings /s >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Connections >


< End of report >
AMD Athlon X4 640 | ASUS M4N68T-LE | MARKVISION 4GB DDR3 1333Mhz | SEASONIC 620w | AKASA Freedon X2 | OZAKI 2.2 60W RMS | LG Ultra Wide 25UM58 | MICROSOFT Desktop 400 Wired | NVIDIA GeForce GT 610


katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas
#8 Por katsuriko
13/07/2012 - 01:27
OTL Extras logfile created on: 13/07/2012 01:19:28 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\RODRIGO\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,75 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 42,13% Memory free
7,50 Gb Paging File | 4,96 Gb Available in Paging File | 66,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 11,16 Gb Free Space | 11,44% Space Free | Partition Type: NTFS
Drive D: | 75,13 Gb Total Space | 14,55 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 49,50 Gb Free Space | 16,90% Space Free | Partition Type: NTFS

Computer Name: RODRIGO-PC | User Name: RODRIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F2A36E3-15A8-4DBB-93A5-6C6D32E66E09}" = rport=138 | protocol=17 | dir=out | app=system |
"{292ECD30-C1E1-4C38-8D5E-EE5C17B8EAEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29F32FB8-6FD5-4A53-9491-4F08A7550E37}" = rport=137 | protocol=17 | dir=out | app=system |
"{3683719A-0B64-433F-BF1C-B8307591AA7D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3927A9E7-701F-41D5-8519-BF336C160DBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4395D94F-7E29-4E46-81DD-836158F133B2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51965421-1BF7-4449-8CE8-3067364FF471}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{664BC75F-CCB4-4F72-BB76-CADC537F1481}" = lport=137 | protocol=17 | dir=in | app=system |
"{68490556-2F65-4DCC-BC0F-C2DE5CB2C8E7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6A3D302A-ADF2-4D17-AF5B-C92CFB0DBE0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{713542A5-481A-41BA-9BFE-63489A269CC9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A477A1B-3A20-483D-A5C0-B0B488B3430B}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BEB3C75-7894-4702-912F-492063279EAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CD9F186-EE93-4B84-94AB-2090B6013162}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA5C8690-8A1C-4C50-8D9E-3335E13D3B1C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C09E08DC-12CB-4DC3-ADA1-F78D98BFE4EA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C24828E3-9FDF-4ADE-B9CA-3042DDC7871C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9850AD5-BB87-4DCF-9C63-DF032FE790B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C9AF9EE0-D1BB-4B50-9F2A-7F5D7B80EBBC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5349B4A-70EC-454F-87A4-42D409E98C3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA5B4EF5-5FEB-41C0-BB65-E48209F5BC01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E64930AD-FB7F-4084-A6D4-1E765C9207E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{F0DC962F-2180-4647-AB0C-4A7531E59252}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6E79FC1-AEA4-4D16-89CA-2097BC3A8E9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FAF810FF-6931-4240-831B-0180AD38A5E5}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004CBE22-03B4-4429-AA1C-250D3A05F491}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05550386-23E1-4D21-A11C-D279FD804251}" = protocol=17 | dir=in | app=c:\program files (x86)\minituner\tuner.exe |
"{13CF9007-59EF-4FCE-A868-9F919A15E28E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39881C39-98F9-4B84-953B-DEB5C16F817D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41A36A43-BE5C-4DAF-BEBE-0F4E9E666E7B}" = protocol=6 | dir=out | app=system |
"{4BD4507E-D7F5-44AC-9A45-58E5A69863F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{526C1009-60F0-4DB6-8E3C-6F4F50279F65}" = protocol=6 | dir=in | app=c:\program files (x86)\megacubo\megacubo.exe |
"{571E303E-8EB3-490E-9648-D32EE37A540E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B2B1E26-4E5B-4DCD-A807-5424885F498F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5C16BE2D-8688-4B36-A9A8-C218BDE1E3C2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BE22A61-8613-4856-8B2B-5258079083F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{858BBE5E-0C8C-4155-8361-E559DC1AE59C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{885C529F-0226-4FFD-9B80-B048CC717BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\minituner\tuner.exe |
"{A62251BA-84A6-43EE-AF4D-9FBD654EEA24}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A74ED516-5B44-4BB3-95D2-BED61698FFE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB633543-BF72-4641-A04F-583F67A55281}" = protocol=17 | dir=in | app=c:\program files (x86)\megacubo\megacubo.exe |
"{BA63EAE6-EAAF-4653-B625-42631470B812}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5D9C6DB-A33C-4A8F-A7BC-64B66A441446}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7A4B256-20D1-48B3-A08E-1FE74EBA7E07}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CC102063-72DA-4F79-A20F-B413DFAD4844}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CC7453E6-0A55-462B-BFDB-AB67729713FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D00E02EE-FE67-4E05-9B40-8DCB758BAD4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0F3610C-A245-44E7-BD58-3F22419962CB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D40F0334-7C75-4D74-A797-6DD1F42D6F2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA66C817-85AD-449F-9F77-35135F95EF65}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E872A8B8-AAA2-41C7-93AF-85663D0B411F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF0AB5DF-21BB-4BC7-BBD3-247E4B9C4A6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Português
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E39CFEE2-008E-459A-ADFD-60852A445D48}_is1" = Pazera Free 3GP to AVI Converter 1.4
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"ABC 3GP/MP4 Converter" = ABC 3GP/MP4 Converter 3.00
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"CyberScript_is1" = CyberScript v3.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dicionário eletrônico Houaiss da língua portuguesa_is1" = Dicionário eletrônico Houaiss 3.0
"ExpatShield" = Expat Shield 2.25
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.11.508
"GunboundPS_is1" = GunboundPS
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Minituner_is1" = Minituner 3.0
"Nero7Lite_is1" = Nero 7 Lite 7.8.5.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Nvu_is1" = Nvu 1.0PR
"Pangya" = Pangya (Ntreev USA)
"Revo Uninstaller" = Revo Uninstaller 1.93
"ST6UNST #1" = Despertador
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"ZHPDiag_is1" = ZHPDiag 1.31

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/07/2012 16:42:08 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:42:08 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:42:09 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:42:09 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:42:09 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:42:09 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:42:09 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:51:29 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:51:29 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 12/07/2012 16:51:29 | Computer Name = RODRIGO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de:
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

[ Media Center Events ]
Error - 12/06/2012 11:29:14 | Computer Name = RODRIGO-PC | Source = MCUpdate | ID = 0
Description = 12:29:14 - Falha ao recuperar Directory (Erro: A conexão subjacente
estava fechada: Erro inesperado em um recebimento.)

Error - 09/07/2012 23:32:57 | Computer Name = RODRIGO-PC | Source = MCUpdate | ID = 0
Description = 00:32:48 - Falha ao recuperar MCEClientUX (Erro: A conexão subjacente
estava fechada: Não foi possível estabelecer relação de confiança para o canal
seguro de SSL/TLS.)

[ System Events ]
Error - 22/06/2012 11:30:11 | Computer Name = RODRIGO-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Serviço de Compartilhamento de
Rede do Windows Media Player devido ao seguinte erro: %%1053

Error - 25/06/2012 19:45:04 | Computer Name = RODRIGO-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 25/06/2012 23:35:37 | Computer Name = RODRIGO-PC | Source = BROWSER | ID = 8032
Description =

Error - 27/06/2012 11:22:35 | Computer Name = RODRIGO-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Serviço de Compartilhamento de Rede do Windows Media Player.

Error - 27/06/2012 11:22:35 | Computer Name = RODRIGO-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Serviço de Compartilhamento de
Rede do Windows Media Player devido ao seguinte erro: %%1053

Error - 28/06/2012 01:53:58 | Computer Name = RODRIGO-PC | Source = BROWSER | ID = 8032
Description =

Error - 03/07/2012 04:47:23 | Computer Name = RODRIGO-PC | Source = bowser | ID = 8003
Description =

Error - 04/07/2012 21:53:17 | Computer Name = RODRIGO-PC | Source = nvstor64 | ID = 14548995
Description = Erro de dados no dispositivo. Dispositivo: \Device\RaidPort1 Modelo:
SAMSUNG HD502HJ Versão do firmware: 1AJ1 Número de série: S20BJ9CZ614979 Porta: 0

Error - 04/07/2012 22:02:17 | Computer Name = RODRIGO-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\RODRIGO\AppData\Local\Temp\mbr.sys foi impedido de carregar
devido a uma incompatibilidade com este sistema. Contate o fornecedor do software
para obter uma versão compatível do driver.

Error - 04/07/2012 22:02:18 | Computer Name = RODRIGO-PC | Source = nvstor64 | ID = 14548995
Description = Erro de dados no dispositivo. Dispositivo: \Device\RaidPort1 Modelo:
SAMSUNG HD502HJ Versão do firmware: 1AJ1 Número de série: S20BJ9CZ614979 Porta: 0


< End of report >
AMD Athlon X4 640 | ASUS M4N68T-LE | MARKVISION 4GB DDR3 1333Mhz | SEASONIC 620w | AKASA Freedon X2 | OZAKI 2.2 60W RMS | LG Ultra Wide 25UM58 | MICROSOFT Desktop 400 Wired | NVIDIA GeForce GT 610


Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#11 Por Wings
13/07/2012 - 01:43
veja.png Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
[2012/03/14 15:44:00 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\pdfforge

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{324A1BF7-0455-4d2d-B156-BC92C9AFDE34}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5132F25B-9BDA-48ac-B771-FC062D867713}]

:Commands
[emptytemp]
*Clique [Consertar]

*Clique [OK] e o PC será reiniciado

Imagem

*Cole o relatório criado em C:\_OTL\MovedFiles\data_hora.log
katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas
#12 Por katsuriko
13/07/2012 - 11:16
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
C:\Users\RODRIGO\AppData\Roaming\pdfforge\PDFArchitect folder moved successfully.
C:\Users\RODRIGO\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\RODRIGO\AppData\Roaming\pdfforge folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{324A1BF7-0455-4d2d-B156-BC92C9AFDE34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{324A1BF7-0455-4d2d-B156-BC92C9AFDE34}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5132F25B-9BDA-48ac-B771-FC062D867713}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5132F25B-9BDA-48ac-B771-FC062D867713}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RODRIGO
->Temp folder emptied: 215551236 bytes
->Temporary Internet Files folder emptied: 38293595 bytes
->Java cache emptied: 456144 bytes
->FireFox cache emptied: 38237509 bytes
->Google Chrome cache emptied: 301781028 bytes
->Flash cache emptied: 60026 bytes

User: Todos os Usuários

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes
RecycleBin emptied: 5715828746 bytes

Total Files Cleaned = 6.018,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07132012_111212


Files\Folders moved on Reboot...
C:\Users\RODRIGO\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.


PendingFileRenameOperations files...
File C:\Users\RODRIGO\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!


Registry entries deleted on Reboot...
AMD Athlon X4 640 | ASUS M4N68T-LE | MARKVISION 4GB DDR3 1333Mhz | SEASONIC 620w | AKASA Freedon X2 | OZAKI 2.2 60W RMS | LG Ultra Wide 25UM58 | MICROSOFT Desktop 400 Wired | NVIDIA GeForce GT 610


katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas
#14 Por katsuriko
13/07/2012 - 13:41
deu uma melhora ja, segue um novo log

Logfile of HijackThis v1.99.1
Scan saved at 13:40:44, on 13/07/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)


Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RODRIGO\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fbr.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\RODRIGO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Expat Shield Routing Service (ExpatSrv) - AnchorFree Inc. - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
O23 - Service: Expat Shield Monitoring Service (ExpatWd) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
AMD Athlon X4 640 | ASUS M4N68T-LE | MARKVISION 4GB DDR3 1333Mhz | SEASONIC 620w | AKASA Freedon X2 | OZAKI 2.2 60W RMS | LG Ultra Wide 25UM58 | MICROSOFT Desktop 400 Wired | NVIDIA GeForce GT 610


Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#15 Por Wings
13/07/2012 - 13:49
veja.png Execute o hijack, clique [Do a system scan only], selecione as entradas abaixo e clique [Fix Checked]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpr...26type%3DWEB01

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s


*Feche o hijack

O log está limpo.

Um abraço.
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal