não gero no desktop, eles abriram
OTL logfile created on: 13/07/2012 01:19:28 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\RODRIGO\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
3,75 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 42,13% Memory free
7,50 Gb Paging File | 4,96 Gb Available in Paging File | 66,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 11,16 Gb Free Space | 11,44% Space Free | Partition Type: NTFS
Drive D: | 75,13 Gb Total Space | 14,55 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 49,50 Gb Free Space | 16,90% Space Free | Partition Type: NTFS
Computer Name: RODRIGO-PC | User Name: RODRIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/13 01:18:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RODRIGO\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/02/03 15:28:47 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/04 20:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
PRC - [2012/01/04 20:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/20 03:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/03/05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010/03/05 09:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010/02/03 15:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/07/14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/10 01:09:00 | 000,438,296 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012/07/10 01:08:59 | 003,972,120 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 01:07:39 | 000,554,520 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 01:07:37 | 000,117,784 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 01:07:22 | 000,140,328 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 01:07:21 | 000,262,184 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 01:07:19 | 002,386,984 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 23:17:27 | 009,255,112 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/09 23:17:27 | 009,255,112 | ---- | M] () -- C:\Users\RODRIGO\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
MOD - [2009/09/30 11:33:06 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/07/31 20:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/03/19 21:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009/03/19 21:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 16:08:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/04 20:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/04 20:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/29 12:44:00 | 004,111,704 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/08/10 15:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 15:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 10:02:42 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/03 15:29:11 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/02/03 15:29:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/02/03 15:29:11 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/01/04 20:01:56 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010/11/20 04:33:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 02:07:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 02:03:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 00:57:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 23:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/02/13 21:43:24 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunBoundPS\Gun64.sys -- (Gun)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/05 00:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fbr.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes\{324A1BF7-0455-4d2d-B156-BC92C9AFDE34}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\..\SearchScopes\{5132F25B-9BDA-48ac-B771-FC062D867713}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RODRIGO\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RODRIGO\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2012/01/06 10:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RODRIGO\AppData\Roaming\mozilla\Extensions
[2012/06/02 13:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RODRIGO\AppData\Roaming\mozilla\Firefox\Profiles\h07efxpu.default\extensions
[2012/04/02 23:28:00 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\RODRIGO\AppData\Roaming\mozilla\Firefox\Profiles\h07efxpu.default\extensions\2.0@disconnect.me
[2012/02/29 09:39:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RODRIGO\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Desprotetor de Links = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\1.2.9_0\
CHR - Extension: Gmail = C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/03/26 12:47:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-895244445-3076790678-3433351381-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-895244445-3076790678-3433351381-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 200.10.120.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63BB6FC9-89AC-45C3-8868-70331E996694}: DhcpNameServer = 8.8.8.8 8.8.4.4 200.10.120.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-895244445-3076790678-3433351381-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/13 00:32:36 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Roaming\Malwarebytes
[2012/07/13 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/13 00:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/13 00:32:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/13 00:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/13 00:26:02 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2012/07/12 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C5FB814A-721B-4CBD-B863-148ED17777FE}
[2012/07/12 22:46:01 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{0A363903-6B2B-4902-90FA-4BFCE96EEDC8}
[2012/07/12 10:45:37 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{DD6A5B38-29E9-4DC4-B702-FF4198662B63}
[2012/07/12 10:45:14 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{271D56C5-CE66-43F5-90C4-C7A4E1B68804}
[2012/07/11 22:17:31 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{8FA0D028-B2E3-44E2-B57C-97D41FCFDC59}
[2012/07/11 22:17:06 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{649EF2AB-6309-4E52-BE1A-A269A1FD95C8}
[2012/07/11 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{65035B3F-746B-4A83-8F25-1BC29223AC07}
[2012/07/11 10:16:19 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{3216DE66-DBFA-4096-A324-E70FD7307951}
[2012/07/10 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{7A59A0E1-AD07-419F-A164-24EDB56B2C3F}
[2012/07/10 22:15:40 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{071250F0-6C2A-4D79-A9B5-8DEED9AB9F48}
[2012/07/10 10:15:16 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{4C36C41E-955C-437A-9B2E-4F678FDD75C2}
[2012/07/10 10:14:55 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{6DD9F83E-A092-4B0C-A8FE-26112BBDFFAE}
[2012/07/09 22:14:30 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{E21ADE52-AB4D-4E61-837A-E77D71EAAA1B}
[2012/07/09 22:14:06 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{59FBCD8E-D925-4CA2-9895-AECF1E5F26F6}
[2012/07/09 10:13:43 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{48116AE8-43B4-4713-AC81-6EAD64BACF9A}
[2012/07/09 10:13:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{1E1761A6-1452-47CD-BBA6-F2D8301EC9B1}
[2012/07/08 22:13:20 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{F0CA79B0-C52A-46D0-8E43-BA5FB9C01408}
[2012/07/08 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2C578AEC-D493-409B-A9F3-943B1AAFD170}
[2012/07/08 10:12:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{CCED39CC-6881-473E-A6BB-6D14C57E32D4}
[2012/07/08 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{429D8DCE-7907-43A6-96B2-F5A90FDEB80D}
[2012/07/07 22:11:58 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{3AD3C47B-977E-4EB2-8630-DBDCB31F2512}
[2012/07/07 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C28F47BE-1976-4BD7-BE50-305C8A434954}
[2012/07/07 10:11:25 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{6C9D86C3-48F2-46E6-A1C9-4867BD0DB36E}
[2012/07/07 10:11:11 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{B5F73404-DDE2-446F-BA9B-BEC10A526A63}
[2012/07/06 12:18:09 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{81DDD955-6A7C-4364-8FA6-D422CB681967}
[2012/07/06 12:17:49 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{07CD5134-9E09-4E11-A8A5-22189E0127A2}
[2012/07/05 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{157B4640-7135-4AC9-B865-468443B7F34F}
[2012/07/05 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A7A53308-4D88-47A7-B772-3064412743F2}
[2012/07/05 09:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/05 09:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/05 09:06:26 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/05 09:06:26 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/05 09:06:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/05 09:06:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/05 09:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/05 09:02:12 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{194D52DF-4CB2-428C-9FB5-3C8CF6B472CF}
[2012/07/05 09:01:58 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{39DB7E1A-8844-43F5-8C6F-3B8577C1BE43}
[2012/07/04 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A37E1920-A6AF-46AE-9D0D-31BA8AC12339}
[2012/07/04 08:42:44 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A2968F54-3E36-414C-891F-9E17EBF1AC59}
[2012/07/04 08:42:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{3014CDA9-A69E-411B-B05B-25BD09849A49}
[2012/07/03 18:45:47 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{55FDC79E-0CF9-46E0-96CE-625356C426FB}
[2012/07/03 18:45:21 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{54C80FE4-B9E6-4D58-888C-944CDC7DACDF}
[2012/07/03 06:44:57 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C86DD915-9A4F-4700-A233-2BD9C5B5B626}
[2012/07/03 06:44:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{F649EC3A-FFAA-4BB5-BA5C-7B10E712A457}
[2012/07/02 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9A3CB28D-64A6-4678-94AF-0AE0DBF41DFC}
[2012/07/02 18:43:42 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{31CAC554-DC2A-4F22-91EC-4442904E19CB}
[2012/07/01 21:11:15 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{46B16D0F-3F8A-48B0-9DE2-AAA290D540A0}
[2012/07/01 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2367A509-9EC5-4742-940F-047F80C0C99B}
[2012/07/01 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{186B8B2C-637A-4DA7-81C7-0ED36899567F}
[2012/07/01 09:09:57 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{42A7B934-13FD-42C0-ABAA-EB2828EED376}
[2012/06/30 21:09:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{D23CE83F-D029-49A6-BC4B-31F5AF19E4E1}
[2012/06/30 21:09:21 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{242FC78D-2C68-49CB-B3CD-8EF503ABA533}
[2012/06/30 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{DCD8E72C-19E2-40A3-9BAF-129989D7EB23}
[2012/06/30 09:08:49 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9DEF1B5A-6024-41A7-B01D-1F09600AAA65}
[2012/06/29 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{70A474F7-76EF-4EC8-99ED-712D91D22234}
[2012/06/29 21:08:24 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{EF882612-F051-46E7-8873-45682FEB20B0}
[2012/06/29 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2F3F70AA-CA45-4166-8906-C491650A2FD8}
[2012/06/29 09:07:46 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{B9EDE748-162D-488E-8DBB-0E22ABA52648}
[2012/06/28 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{D870A5F0-8D94-4B2F-B06E-206F2555D512}
[2012/06/28 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{381EBFC9-8031-4E3A-A519-5B4788E5A205}
[2012/06/28 08:57:56 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C658F85B-5A85-4A71-8201-53108BDF2865}
[2012/06/28 08:57:42 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A0F4BF07-2F53-4996-8B01-2E568432884A}
[2012/06/27 12:22:03 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{79C05FE0-4171-4912-A88B-577F3FEAEEB5}
[2012/06/27 12:21:43 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{5A4FF48A-BD9D-4701-9E60-B63EE3102457}
[2012/06/26 18:50:12 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2AC2233E-456E-4F9F-8D0E-7CF4B6B9F7F9}
[2012/06/26 18:49:59 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{FD1BA303-6DF9-4330-9C9A-3330AF6E9DCA}
[2012/06/25 12:21:43 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{E7846EBE-0A0C-4A23-9D51-7D690BE520FE}
[2012/06/25 12:21:31 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C18A52A0-325A-412A-A812-735D9E0840E0}
[2012/06/24 23:13:12 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9ABB75A4-660A-4B02-B2CB-B2B8C632FD43}
[2012/06/24 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{2B9902D0-1909-4CE6-911F-7EB23BE6AC5D}
[2012/06/24 11:12:32 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{A09F27DD-18A0-4A89-9470-D45E50FB9F39}
[2012/06/24 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{C45E5743-5204-4A3F-8B61-800900F97728}
[2012/06/23 17:42:03 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{54509FB3-EB06-45E4-A2A4-DB9B9EF3245C}
[2012/06/23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{ED68F375-C920-4750-88EC-AD57D422B9B0}
[2012/06/23 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{86B2E73E-9B8F-4B62-B03D-89A70D6CEFE8}
[2012/06/23 00:30:20 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{9BD4C5B3-8234-4FF6-A28E-E4C2C14BF3F4}
[2012/06/22 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{4323849C-D62C-48D0-9051-D45202718369}
[2012/06/22 12:29:31 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{B3337615-F24A-48DA-BABA-93AF6C8A3F31}
[2012/06/21 22:05:53 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{EC67D37A-0B50-4C84-9FC9-43028AE2E593}
[2012/06/21 22:05:39 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\{72881168-FEFA-4CCB-867B-2DE819402100}
[2012/06/21 21:48:30 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\Windows Live
[2012/06/14 12:32:20 | 000,000,000 | ---D | C] -- C:\Users\RODRIGO\AppData\Local\webkit
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/13 01:07:07 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-895244445-3076790678-3433351381-1000UA.job
[2012/07/13 01:01:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 00:32:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 20:28:15 | 000,007,715 | ---- | M] () -- C:\Users\RODRIGO\Desktop\download.jpg
[2012/07/12 20:18:46 | 000,055,773 | ---- | M] () -- C:\Users\RODRIGO\Desktop\linha_do_tempo_influenza-thumb-450x547-17719.jpe
[2012/07/12 17:21:59 | 001,491,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 17:21:59 | 000,654,272 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/07/12 17:21:59 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 17:21:59 | 000,124,724 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/07/12 17:21:59 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/12 05:07:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-895244445-3076790678-3433351381-1000Core.job
[2012/07/11 16:08:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 16:08:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 15:23:31 | 000,002,409 | ---- | M] () -- C:\Users\RODRIGO\Desktop\Google Chrome.lnk
[2012/07/11 11:10:59 | 000,026,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 11:10:59 | 000,026,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 11:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 11:02:33 | 3019,288,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 09:06:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/05 09:06:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/04 23:02:18 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/30 23:52:00 | 000,056,603 | ---- | M] () -- C:\Users\RODRIGO\Desktop\nivernamoro8.gif
[2012/06/30 23:50:29 | 000,015,953 | ---- | M] () -- C:\Users\RODRIGO\Desktop\mensagem-aniversario-de-namoro.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/13 00:32:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 20:28:19 | 000,007,715 | ---- | C] () -- C:\Users\RODRIGO\Desktop\download.jpg
[2012/07/12 20:18:49 | 000,055,773 | ---- | C] () -- C:\Users\RODRIGO\Desktop\linha_do_tempo_influenza-thumb-450x547-17719.jpe
[2012/06/30 23:52:02 | 000,056,603 | ---- | C] () -- C:\Users\RODRIGO\Desktop\nivernamoro8.gif
[2012/06/30 23:50:33 | 000,015,953 | ---- | C] () -- C:\Users\RODRIGO\Desktop\mensagem-aniversario-de-namoro.jpg
[2012/06/21 21:52:20 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/03/26 12:42:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/26 12:42:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/26 12:42:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/26 12:42:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/26 12:42:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/12 22:13:18 | 000,000,019 | ---- | C] () -- C:\Users\RODRIGO\AppData\Roaming\RadioStreamPlayer.dat
[2012/01/30 14:45:34 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/16 16:33:19 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/06 10:45:49 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/06 10:45:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/01/06 10:45:46 | 002,712,064 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/01/06 10:45:46 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/06 10:45:46 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/06 10:45:46 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/01/06 10:45:45 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/06 10:37:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/06 10:28:54 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/01/06 10:28:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/01/06 10:28:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/01/06 10:28:09 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/01/06 10:28:09 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
========== LOP Check ==========
[2012/01/06 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Ashampoo
[2012/06/13 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\DAEMON Tools Lite
[2012/01/06 10:29:51 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\DeviceVm
[2012/05/29 23:19:42 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\DVDVideoSoft
[2012/01/06 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Easeware
[2012/01/06 12:24:52 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Houaiss3
[2012/04/22 22:54:57 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\JAM Software
[2012/06/09 13:05:54 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Nvu
[2012/03/14 15:44:00 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\pdfforge
[2012/02/29 23:59:57 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Skinux
[2012/04/16 23:27:05 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\Thinstall
[2012/02/29 23:01:14 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\TuneUp Software
[2012/07/13 00:34:33 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\uTorrent
[2012/02/12 22:13:04 | 000,000,000 | ---D | M] -- C:\Users\RODRIGO\AppData\Roaming\www.TheXSoft.com
[2012/06/04 09:04:27 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >
"Version" = 1
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"DownloadRetries" = 0
"KnownProvidersUpgradeTime" = F0 A9 78 25 B3 3B CD 01 [binary data]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{324A1BF7-0455-4d2d-B156-BC92C9AFDE34}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5132F25B-9BDA-48ac-B771-FC062D867713}]
< HKU\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings /s >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Connections >
< End of report >