• Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   08-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
rodizzi

inicia em modo normal o windows xp pck3 trava

26 posts neste tópico

Boa noite amigos analista, seguinte fazia um bom tempo que nao tinha dor de cabeça com vermes no pc. exatamente uns 4 anos

da noite para o dia estou tendo problemas.

Não consigo iniciar o windows em modo normal(estou em modo de seguranaça nesse momento).

Quando inicia a tela de boa so que nao carrega o Avast, hd audio, etc... e trava, tenho que reinicializar pela torre, nem consigo pelo reiniciar pelo gerenciador de tarefas.

Então estive lendo alguns topicos, ja baixaei o karpeskay voltou normal , mas... e so desligar e ligar o pc de novo trava.

Fui tentar isntalar o Avira deu tilt

avirar.jpg

Uploaded with ImageShack.us

tenho tbem malware bytes e nao achou nada

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Versão da Base de Dados: v2012.04.13.08

Windows XP Service Pack 3 x86 NTFS (Modo Seguro/Em Rede)

Internet Explorer 8.0.6001.18702

Rodrigo :: PC-AIG988HQ684P [limitado]

13/4/2012 21:00:49

mbam-log-2012-04-13 (21-00-49).txt

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 333610

Tempo decorrido: 43 minuto(s), 31 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

acabei de fazer o GMER e nao deu nada

gmere.jpg

Uploaded with ImageShack.us

segue os logs

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Rodrigo at 23:10:12 on 2012-04-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3327.2427 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\F6I3BXB3\avira_free_antivirus_ptbr[1].exe

C:\DOCUME~1\Rodrigo\CONFIG~1\Temp\RarSFX2\presetup.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.oquefazernainternet.com/

uSearch Bar = hxxp://www.oquefazernainternet.com/

mDefault_Search_URL = hxxp://www.oquefazernainternet.com/

mSearch Page = hxxp://www.oquefazernainternet.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

mSearchAssistant = hxxp://www.oquefazernainternet.com/

mCustomizeSearch = hxxp://www.oquefazernainternet.com/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [ccleaner] "c:\arquivos de programas\ccleaner\ccleaner.exe" /AUTO

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\arquivos de programas\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxdfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dseplugins\dfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dseplugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dseplugins\direct3dvideooutput.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dseplugins\Direct3DVideoOutput.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dseplugins\divxplaybackmodule.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dseplugins\DivXPlaybackModule.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxbanneradplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxdownloadmanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxmediamanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxplayerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXPlayerPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServer

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\rodrigo\menuin~1\progra~1\inicia~1\_uninst_.lnk - c:\documents and settings\rodrigo\configurações locais\temp\_uninst_.bat

StartupFolder: c:\docume~1\rodrigo\menuin~1\progra~1\inicia~1\_unins~1.lnk - c:\documents and settings\rodrigo\configurações locais\temp\_uninst_76641092.bat

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\rodrigo\dados de aplicativos\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289959826268

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290031355406

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518} : NameServer = 200.204.0.10,200.200.0.138

TCP: Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518} : DhcpNameServer = 200.204.0.10 200.204.0.138

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehAbn.dll

Notify: igfxcui - igfxdev.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

Hosts: 69.162.112.196 wwwstatic.megavideo.com

Hosts: 200.220.186.3 www.santander.com.br # GbPlugin

.

============= SERVICES / DRIVERS ===============

.

R0 76641092;76641092;c:\windows\system32\drivers\76641092.sys [2012-4-13 133208]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-2-3 47304]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-23 612184]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-16 337880]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-16 20696]

S2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-11-16 44768]

S2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2012-2-3 199624]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\arquivos de programas\nvidia corporation\nvidia update core\daemonu.exe [2011-12-1 2348352]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\skype\updater\Updater.exe [2012-2-15 158856]

S3 cpudrv;cpudrv;c:\arquivos de programas\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;\??\c:\arquivos de programas\ecs motherboard utility\edlu\ecsiodriver.sys --> c:\arquivos de programas\ecs motherboard utility\edlu\ECSIoDriver.sys [?]

S3 lac97inf;lac97inf;\??\c:\docume~1\rodrigo\config~1\temp\lac97inf.sys --> c:\docume~1\rodrigo\config~1\temp\lac97inf.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-10 137472]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-10 8576]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-11-16 2127728]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-9-6 14336]

S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2010-11-17 1537024]

.

=============== Created Last 30 ================

.

2012-04-13 09:13:44 133208 ----a-w- c:\windows\system32\drivers\76641092.sys

2012-04-13 09:10:20 475736 ----a-w- c:\windows\system32\drivers\8049051drv.sys

2012-04-13 09:10:20 -------- d-----w- c:\windows\LastGood.Tmp

2012-04-12 01:04:19 -------- d-----w- c:\documents and settings\rodrigo\dados de aplicativos\TrojanHunter

2012-04-12 01:02:28 -------- d-----w- c:\arquivos de programas\Yahoo!

2012-04-12 01:02:25 -------- d-----w- c:\arquivos de programas\CCleaner

2012-04-12 00:17:22 -------- d-----w- c:\arquivos de programas\TrojanHunter 5.5

2012-03-30 02:17:52 -------- d-----w- c:\documents and settings\rodrigo\configurações locais\dados de aplicativos\Apple Computer

2012-03-30 02:16:47 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-30 02:16:19 -------- d-----w- c:\documents and settings\rodrigo\configurações locais\dados de aplicativos\Apple

2012-03-27 02:04:55 -------- d-----w- c:\arquivos de programas\Origin Games

2012-03-27 02:04:53 -------- d-----w- c:\documents and settings\rodrigo\configurações locais\dados de aplicativos\Origin

2012-03-27 01:49:39 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Electronic Arts

2012-03-27 01:49:30 -------- d-----w- c:\arquivos de programas\Origin

2012-03-15 02:24:38 -------- d-sh--w- C:\$RECYCLE.BIN

.

==================== Find3M ====================

.

2012-04-10 00:08:15 294604 -c--a-w- c:\windows\system32\nvdrsdb1.bin

2012-04-10 00:08:15 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-04-10 00:01:34 294604 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-04-04 18:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-01 10:59:03 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 10:59:03 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 10:59:03 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 23:58:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 23:58:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58:00 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58:00 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58:00 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 23:58:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 20:30:31 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30:24 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30:24 143680 -c--a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 20:30:23 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 14:09:51 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09:51 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:53 385024 ----a-w- c:\windows\system32\html.iec

2012-02-07 14:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:57:04 1860224 ----a-w- c:\windows\system32\win32k.sys

2010-10-16 13:50:24 3056008 -c--a-w- c:\arquivos de programas\arquivos comuns\AskToolbarInstaller.exe

2010-01-26 12:11:08 444283 -c--a-w- c:\arquivos de programas\arquivos comuns\WinPcapNmap.exe

.

============= FINISH: 23:10:21,32 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 16/11/2010 23:14:43

System Uptime: 13/4/2012 20:15:07 (3 hours ago)

.

Motherboard: DIGITRON | | G31T-M7

Processor: Processador Intel Pentium III Xeon | CPU 1 | 2996/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 128 GiB total, 56,036 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 170 GiB total, 115,142 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia Windows Portable Device Driver

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia E71

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

.

==== System Restore Points ===================

.

RP262: 15/1/2012 22:07:30 - Ponto de verificação do sistema

RP263: 17/1/2012 01:13:10 - Ponto de verificação do sistema

RP264: 19/1/2012 00:03:07 - Ponto de verificação do sistema

RP265: 20/1/2012 00:32:19 - Ponto de verificação do sistema

RP266: 21/1/2012 12:37:30 - Ponto de verificação do sistema

RP267: 24/1/2012 01:36:13 - Ponto de verificação do sistema

RP268: 24/1/2012 04:22:06 - Software Distribution Service 3.0

RP269: 25/1/2012 21:10:22 - Ponto de verificação do sistema

RP270: 27/1/2012 00:07:51 - Ponto de verificação do sistema

RP271: 30/1/2012 20:58:59 - Ponto de verificação do sistema

RP272: 1/2/2012 19:58:32 - Software Distribution Service 3.0

RP273: 2/2/2012 22:45:44 - Ponto de verificação do sistema

RP274: 3/2/2012 23:12:56 - Ponto de verificação do sistema

RP275: 8/2/2012 00:07:26 - Ponto de verificação do sistema

RP276: 9/2/2012 23:36:16 - Ponto de verificação do sistema

RP277: 13/2/2012 21:37:04 - Ponto de verificação do sistema

RP278: 15/2/2012 21:39:39 - Ponto de verificação do sistema

RP279: 16/2/2012 22:47:04 - Removed YouTube Downloader Toolbar v5.0.

RP280: 17/2/2012 19:13:30 - Software Distribution Service 3.0

RP281: 22/2/2012 21:22:12 - Ponto de verificação do sistema

RP282: 25/2/2012 14:46:48 - Ponto de verificação do sistema

RP283: 28/2/2012 19:01:40 - Ponto de verificação do sistema

RP284: 1/3/2012 22:19:56 - Ponto de verificação do sistema

RP285: 2/3/2012 22:58:48 - Ponto de verificação do sistema

RP286: 5/3/2012 19:17:08 - Ponto de verificação do sistema

RP287: 7/3/2012 00:05:24 - Ponto de verificação do sistema

RP288: 8/3/2012 18:57:25 - Ponto de verificação do sistema

RP289: 8/3/2012 21:22:56 - Installed Battlefield 1942 v1.6

RP290: 8/3/2012 22:17:02 - Installed Battlefield 1942 v1.6

RP291: 8/3/2012 22:20:01 - Installed Battlefield 1942 v1.61

RP292: 8/3/2012 23:01:41 - Installed Battlefield 1942 v1.61

RP293: 12/3/2012 12:18:44 - Instalado Microsoft Visual C++ 2005 Redistributable

RP294: 12/3/2012 12:19:25 - Installed Need for Speed™ SHIFT

RP295: 13/3/2012 19:13:03 - Removed VirtualDJ Home FREE

RP296: 14/3/2012 20:22:50 - Software Distribution Service 3.0

RP297: 16/3/2012 00:47:41 - Ponto de verificação do sistema

RP298: 17/3/2012 01:19:58 - Ponto de verificação do sistema

RP299: 18/3/2012 21:54:03 - Ponto de verificação do sistema

RP300: 21/3/2012 19:56:11 - Ponto de verificação do sistema

RP301: 24/3/2012 01:53:33 - Ponto de verificação do sistema

RP302: 26/3/2012 19:30:12 - Ponto de verificação do sistema

RP303: 26/3/2012 23:38:15 - Software Distribution Service 3.0

RP304: 27/3/2012 20:04:56 - Removed Nokia Software Updater.

RP305: 28/3/2012 22:58:23 - Software Distribution Service 3.0

RP306: 29/3/2012 23:16:41 - Instalado iTunes

RP307: 2/4/2012 20:25:55 - Removido iTunes

RP308: 9/4/2012 18:15:59 - Operação de restauração

RP309: 9/4/2012 20:29:01 - Removido Apple Software Update

RP310: 9/4/2012 20:29:46 - Removido Bonjour

RP311: 9/4/2012 20:30:23 - Removed Apple Mobile Device Support

RP312: 9/4/2012 20:31:59 - Removido Apple Application Support

RP313: 10/4/2012 23:13:01 - Ponto de verificação do sistema

RP314: 12/4/2012 19:33:18 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4660_4680_Help

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.6 - Português

Assistente de Conexão do Windows Live

Atheros Communications Inc.® L2 Fast Ethernet Driver

Atualizações da NVIDIA 1.7.11

Atualização de Segurança para Microsoft Windows (KB2564958)

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para Windows Internet Explorer 8 (KB2360131)

Atualização de Segurança para Windows Internet Explorer 8 (KB2416400)

Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)

Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)

Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

Atualização de Segurança para Windows Internet Explorer 8 (KB2530548)

Atualização de Segurança para Windows Internet Explorer 8 (KB2544521)

Atualização de Segurança para Windows Internet Explorer 8 (KB2559049)

Atualização de Segurança para Windows Internet Explorer 8 (KB2586448)

Atualização de Segurança para Windows Internet Explorer 8 (KB2618444)

Atualização de Segurança para Windows Internet Explorer 8 (KB2647516)

Atualização de Segurança para Windows Internet Explorer 8 (KB2675157)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2279986)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2296199)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360131)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB2393802)

Atualização de Segurança para Windows XP (KB2412687)

Atualização de Segurança para Windows XP (KB2419632)

Atualização de Segurança para Windows XP (KB2423089)

Atualização de Segurança para Windows XP (KB2436673)

Atualização de Segurança para Windows XP (KB2440591)

Atualização de Segurança para Windows XP (KB2443105)

Atualização de Segurança para Windows XP (KB2476490)

Atualização de Segurança para Windows XP (KB2476687)

Atualização de Segurança para Windows XP (KB2478960)

Atualização de Segurança para Windows XP (KB2478971)

Atualização de Segurança para Windows XP (KB2479628)

Atualização de Segurança para Windows XP (KB2479943)

Atualização de Segurança para Windows XP (KB2481109)

Atualização de Segurança para Windows XP (KB2483185)

Atualização de Segurança para Windows XP (KB2485376)

Atualização de Segurança para Windows XP (KB2485663)

Atualização de Segurança para Windows XP (KB2503658)

Atualização de Segurança para Windows XP (KB2503665)

Atualização de Segurança para Windows XP (KB2506212)

Atualização de Segurança para Windows XP (KB2506223)

Atualização de Segurança para Windows XP (KB2507618)

Atualização de Segurança para Windows XP (KB2507938)

Atualização de Segurança para Windows XP (KB2508272)

Atualização de Segurança para Windows XP (KB2508429)

Atualização de Segurança para Windows XP (KB2509553)

Atualização de Segurança para Windows XP (KB2511455)

Atualização de Segurança para Windows XP (KB2524375)

Atualização de Segurança para Windows XP (KB2535512)

Atualização de Segurança para Windows XP (KB2536276-v2)

Atualização de Segurança para Windows XP (KB2536276)

Atualização de Segurança para Windows XP (KB2544893-v2)

Atualização de Segurança para Windows XP (KB2544893)

Atualização de Segurança para Windows XP (KB2555917)

Atualização de Segurança para Windows XP (KB2562937)

Atualização de Segurança para Windows XP (KB2566454)

Atualização de Segurança para Windows XP (KB2567053)

Atualização de Segurança para Windows XP (KB2567680)

Atualização de Segurança para Windows XP (KB2570222)

Atualização de Segurança para Windows XP (KB2570947)

Atualização de Segurança para Windows XP (KB2584146)

Atualização de Segurança para Windows XP (KB2585542)

Atualização de Segurança para Windows XP (KB2592799)

Atualização de Segurança para Windows XP (KB2598479)

Atualização de Segurança para Windows XP (KB2603381)

Atualização de Segurança para Windows XP (KB2618451)

Atualização de Segurança para Windows XP (KB2619339)

Atualização de Segurança para Windows XP (KB2620712)

Atualização de Segurança para Windows XP (KB2621440)

Atualização de Segurança para Windows XP (KB2624667)

Atualização de Segurança para Windows XP (KB2631813)

Atualização de Segurança para Windows XP (KB2633171)

Atualização de Segurança para Windows XP (KB2639417)

Atualização de Segurança para Windows XP (KB2641653)

Atualização de Segurança para Windows XP (KB2646524)

Atualização de Segurança para Windows XP (KB2647518)

Atualização de Segurança para Windows XP (KB2653956)

Atualização de Segurança para Windows XP (KB2660465)

Atualização de Segurança para Windows XP (KB2661637)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB971961)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981349)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981957)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização do Microsoft Windows (KB971513)

Atualização para Windows Internet Explorer 8 (KB2362765)

Atualização para Windows Internet Explorer 8 (KB2447568)

Atualização para Windows Internet Explorer 8 (KB2598845)

Atualização para Windows Internet Explorer 8 (KB2632503)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Atualização para Windows XP (KB2467659)

Atualização para Windows XP (KB2492386)

Atualização para Windows XP (KB2541763)

Atualização para Windows XP (KB2607712)

Atualização para Windows XP (KB2616676)

Atualização para Windows XP (KB2641690)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971029)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

avast! Free Antivirus

Battlefield 1942

BPD_HPSU

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

Codec 8.3q

Compatibility Pack for the 2007 Office system

Counter-Strike: Condition Zero

Counter-Strike: Condition Zero Deleted Scenes

CPUID CPU-Z 1.58

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DiskSpeed32

DocMgr

DocProc

eMule

eSupportQFolder

Fax

Ferramenta de Carregamento do Windows Live

GPBaseService

GPBaseService2

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB2158563)

Hotfix para Windows XP (KB2443685)

Hotfix para Windows XP (KB2570791)

Hotfix para Windows XP (KB2633952)

Hotfix para Windows XP (KB932716-v2)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

HP Customer Participation Program 10.0

HP Document Manager 1.0

HP Imaging Device Functions 10.0

HP Officejet All-In-One Series

HP Photosmart Essential 3.5

HP Smart Web Printing

HP Solution Center 13.0

HP Update

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

Instalação do DivX

Intel® Graphics Media Accelerator Driver

J4660

Junk Mail filter update

Malwarebytes Anti-Malware versão 1.61.0.1400

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Office XP Professional com FrontPage

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC100_CRT_SP1_x86

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSVCRT Redists

MSVCSetup

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Need for Speed™ SHIFT

Nero 7 Essentials

Noise Reduction Plug-in 2.0i

Nokia Connectivity Cable Driver

NVIDIA Driver de gráficos 296.10

NVIDIA Install Application

NVIDIA nView 136.18

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA Software do sistema PhysX 9.12.0213

NVIDIA Update Components

Origin

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card

Painel de controle da NVIDIA 296.10

PC Connectivity Solution

PC Wizard 2010.1.96

PDFCreator

Platform

ProductContext

PSSWCORE

Runtime

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Segoe UI

Skype Click to Call

Skype™ 5.8

SmartWebPrintingOC

SolutionCenter

Sony Picture Utility

Status

Steam

System Requirements Lab for Intel

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

VDownloader 3.0.721

VIA Gerenciador de dispositivo de plataforma

VideoToolkit01

WebFldrs XP

WebReg

Winamp

Winamp Detectar Aplicação

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sync

Windows Management Framework Core

Windows XP Service Pack 3

WinRAR archiver

XML Paper Specification Shared Components Language Pack 1.0

YouTube Downloader 3.5

ZSMC USB PC Camera (ZS0211)

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

consegui ligar em modo normal agora de manha] segue os logs

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 16/11/2010 23:14:43

System Uptime: 16/4/2012 07:00:57 (0 hours ago)

.

Motherboard: DIGITRON | | G31T-M7

Processor: Processador Intel Pentium III Xeon | CPU 1 | 2996/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 128 GiB total, 53,78 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 170 GiB total, 115,142 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia Windows Portable Device Driver

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia E71

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

.

==== System Restore Points ===================

.

RP262: 15/1/2012 22:07:30 - Ponto de verificação do sistema

RP263: 17/1/2012 01:13:10 - Ponto de verificação do sistema

RP264: 19/1/2012 00:03:07 - Ponto de verificação do sistema

RP265: 20/1/2012 00:32:19 - Ponto de verificação do sistema

RP266: 21/1/2012 12:37:30 - Ponto de verificação do sistema

RP267: 24/1/2012 01:36:13 - Ponto de verificação do sistema

RP268: 24/1/2012 04:22:06 - Software Distribution Service 3.0

RP269: 25/1/2012 21:10:22 - Ponto de verificação do sistema

RP270: 27/1/2012 00:07:51 - Ponto de verificação do sistema

RP271: 30/1/2012 20:58:59 - Ponto de verificação do sistema

RP272: 1/2/2012 19:58:32 - Software Distribution Service 3.0

RP273: 2/2/2012 22:45:44 - Ponto de verificação do sistema

RP274: 3/2/2012 23:12:56 - Ponto de verificação do sistema

RP275: 8/2/2012 00:07:26 - Ponto de verificação do sistema

RP276: 9/2/2012 23:36:16 - Ponto de verificação do sistema

RP277: 13/2/2012 21:37:04 - Ponto de verificação do sistema

RP278: 15/2/2012 21:39:39 - Ponto de verificação do sistema

RP279: 16/2/2012 22:47:04 - Removed YouTube Downloader Toolbar v5.0.

RP280: 17/2/2012 19:13:30 - Software Distribution Service 3.0

RP281: 22/2/2012 21:22:12 - Ponto de verificação do sistema

RP282: 25/2/2012 14:46:48 - Ponto de verificação do sistema

RP283: 28/2/2012 19:01:40 - Ponto de verificação do sistema

RP284: 1/3/2012 22:19:56 - Ponto de verificação do sistema

RP285: 2/3/2012 22:58:48 - Ponto de verificação do sistema

RP286: 5/3/2012 19:17:08 - Ponto de verificação do sistema

RP287: 7/3/2012 00:05:24 - Ponto de verificação do sistema

RP288: 8/3/2012 18:57:25 - Ponto de verificação do sistema

RP289: 8/3/2012 21:22:56 - Installed Battlefield 1942 v1.6

RP290: 8/3/2012 22:17:02 - Installed Battlefield 1942 v1.6

RP291: 8/3/2012 22:20:01 - Installed Battlefield 1942 v1.61

RP292: 8/3/2012 23:01:41 - Installed Battlefield 1942 v1.61

RP293: 12/3/2012 12:18:44 - Instalado Microsoft Visual C++ 2005 Redistributable

RP294: 12/3/2012 12:19:25 - Installed Need for Speed™ SHIFT

RP295: 13/3/2012 19:13:03 - Removed VirtualDJ Home FREE

RP296: 14/3/2012 20:22:50 - Software Distribution Service 3.0

RP297: 16/3/2012 00:47:41 - Ponto de verificação do sistema

RP298: 17/3/2012 01:19:58 - Ponto de verificação do sistema

RP299: 18/3/2012 21:54:03 - Ponto de verificação do sistema

RP300: 21/3/2012 19:56:11 - Ponto de verificação do sistema

RP301: 24/3/2012 01:53:33 - Ponto de verificação do sistema

RP302: 26/3/2012 19:30:12 - Ponto de verificação do sistema

RP303: 26/3/2012 23:38:15 - Software Distribution Service 3.0

RP304: 27/3/2012 20:04:56 - Removed Nokia Software Updater.

RP305: 28/3/2012 22:58:23 - Software Distribution Service 3.0

RP306: 29/3/2012 23:16:41 - Instalado iTunes

RP307: 2/4/2012 20:25:55 - Removido iTunes

RP308: 9/4/2012 18:15:59 - Operação de restauração

RP309: 9/4/2012 20:29:01 - Removido Apple Software Update

RP310: 9/4/2012 20:29:46 - Removido Bonjour

RP311: 9/4/2012 20:30:23 - Removed Apple Mobile Device Support

RP312: 9/4/2012 20:31:59 - Removido Apple Application Support

RP313: 10/4/2012 23:13:01 - Ponto de verificação do sistema

RP314: 12/4/2012 19:33:18 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4660_4680_Help

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.6 - Português

Assistente de Conexão do Windows Live

Atheros Communications Inc.® L2 Fast Ethernet Driver

Atualizações da NVIDIA 1.7.11

Atualização de Segurança para Microsoft Windows (KB2564958)

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para Windows Internet Explorer 8 (KB2360131)

Atualização de Segurança para Windows Internet Explorer 8 (KB2416400)

Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)

Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)

Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

Atualização de Segurança para Windows Internet Explorer 8 (KB2530548)

Atualização de Segurança para Windows Internet Explorer 8 (KB2544521)

Atualização de Segurança para Windows Internet Explorer 8 (KB2559049)

Atualização de Segurança para Windows Internet Explorer 8 (KB2586448)

Atualização de Segurança para Windows Internet Explorer 8 (KB2618444)

Atualização de Segurança para Windows Internet Explorer 8 (KB2647516)

Atualização de Segurança para Windows Internet Explorer 8 (KB2675157)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2279986)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2296199)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360131)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB2393802)

Atualização de Segurança para Windows XP (KB2412687)

Atualização de Segurança para Windows XP (KB2419632)

Atualização de Segurança para Windows XP (KB2423089)

Atualização de Segurança para Windows XP (KB2436673)

Atualização de Segurança para Windows XP (KB2440591)

Atualização de Segurança para Windows XP (KB2443105)

Atualização de Segurança para Windows XP (KB2476490)

Atualização de Segurança para Windows XP (KB2476687)

Atualização de Segurança para Windows XP (KB2478960)

Atualização de Segurança para Windows XP (KB2478971)

Atualização de Segurança para Windows XP (KB2479628)

Atualização de Segurança para Windows XP (KB2479943)

Atualização de Segurança para Windows XP (KB2481109)

Atualização de Segurança para Windows XP (KB2483185)

Atualização de Segurança para Windows XP (KB2485376)

Atualização de Segurança para Windows XP (KB2485663)

Atualização de Segurança para Windows XP (KB2503658)

Atualização de Segurança para Windows XP (KB2503665)

Atualização de Segurança para Windows XP (KB2506212)

Atualização de Segurança para Windows XP (KB2506223)

Atualização de Segurança para Windows XP (KB2507618)

Atualização de Segurança para Windows XP (KB2507938)

Atualização de Segurança para Windows XP (KB2508272)

Atualização de Segurança para Windows XP (KB2508429)

Atualização de Segurança para Windows XP (KB2509553)

Atualização de Segurança para Windows XP (KB2511455)

Atualização de Segurança para Windows XP (KB2524375)

Atualização de Segurança para Windows XP (KB2535512)

Atualização de Segurança para Windows XP (KB2536276-v2)

Atualização de Segurança para Windows XP (KB2536276)

Atualização de Segurança para Windows XP (KB2544893-v2)

Atualização de Segurança para Windows XP (KB2544893)

Atualização de Segurança para Windows XP (KB2555917)

Atualização de Segurança para Windows XP (KB2562937)

Atualização de Segurança para Windows XP (KB2566454)

Atualização de Segurança para Windows XP (KB2567053)

Atualização de Segurança para Windows XP (KB2567680)

Atualização de Segurança para Windows XP (KB2570222)

Atualização de Segurança para Windows XP (KB2570947)

Atualização de Segurança para Windows XP (KB2584146)

Atualização de Segurança para Windows XP (KB2585542)

Atualização de Segurança para Windows XP (KB2592799)

Atualização de Segurança para Windows XP (KB2598479)

Atualização de Segurança para Windows XP (KB2603381)

Atualização de Segurança para Windows XP (KB2618451)

Atualização de Segurança para Windows XP (KB2619339)

Atualização de Segurança para Windows XP (KB2620712)

Atualização de Segurança para Windows XP (KB2621440)

Atualização de Segurança para Windows XP (KB2624667)

Atualização de Segurança para Windows XP (KB2631813)

Atualização de Segurança para Windows XP (KB2633171)

Atualização de Segurança para Windows XP (KB2639417)

Atualização de Segurança para Windows XP (KB2641653)

Atualização de Segurança para Windows XP (KB2646524)

Atualização de Segurança para Windows XP (KB2647518)

Atualização de Segurança para Windows XP (KB2653956)

Atualização de Segurança para Windows XP (KB2660465)

Atualização de Segurança para Windows XP (KB2661637)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB971961)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981349)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981957)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização do Microsoft Windows (KB971513)

Atualização para Windows Internet Explorer 8 (KB2362765)

Atualização para Windows Internet Explorer 8 (KB2447568)

Atualização para Windows Internet Explorer 8 (KB2598845)

Atualização para Windows Internet Explorer 8 (KB2632503)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Atualização para Windows XP (KB2467659)

Atualização para Windows XP (KB2492386)

Atualização para Windows XP (KB2541763)

Atualização para Windows XP (KB2607712)

Atualização para Windows XP (KB2616676)

Atualização para Windows XP (KB2641690)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971029)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

avast! Free Antivirus

Battlefield 1942

BPD_HPSU

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

Codec 8.3q

Compatibility Pack for the 2007 Office system

Counter-Strike: Condition Zero

Counter-Strike: Condition Zero Deleted Scenes

CPUID CPU-Z 1.58

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DiskSpeed32

DocMgr

DocProc

eMule

eSupportQFolder

Fax

Ferramenta de Carregamento do Windows Live

GPBaseService

GPBaseService2

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB2158563)

Hotfix para Windows XP (KB2443685)

Hotfix para Windows XP (KB2570791)

Hotfix para Windows XP (KB2633952)

Hotfix para Windows XP (KB932716-v2)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

HP Customer Participation Program 10.0

HP Document Manager 1.0

HP Imaging Device Functions 10.0

HP Officejet All-In-One Series

HP Photosmart Essential 3.5

HP Smart Web Printing

HP Solution Center 13.0

HP Update

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

Instalação do DivX

Intel® Graphics Media Accelerator Driver

J4660

Junk Mail filter update

Malwarebytes Anti-Malware versão 1.61.0.1400

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Office XP Professional com FrontPage

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC100_CRT_SP1_x86

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSVCRT Redists

MSVCSetup

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Need for Speed™ SHIFT

Nero 7 Essentials

Noise Reduction Plug-in 2.0i

Nokia Connectivity Cable Driver

NVIDIA Driver de gráficos 296.10

NVIDIA Install Application

NVIDIA nView 136.18

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA Software do sistema PhysX 9.12.0213

NVIDIA Update Components

Origin

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card

Painel de controle da NVIDIA 296.10

PC Connectivity Solution

PC Wizard 2010.1.96

PDFCreator

Platform

ProductContext

PSSWCORE

Runtime

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Segoe UI

Skype Click to Call

Skype™ 5.8

SmartWebPrintingOC

SolutionCenter

Sony Picture Utility

Status

Steam

System Requirements Lab for Intel

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

VDownloader 3.0.721

VIA Gerenciador de dispositivo de plataforma

VideoToolkit01

WebFldrs XP

WebReg

Winamp

Winamp Detectar Aplicação

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sync

Windows Management Framework Core

Windows XP Service Pack 3

WinRAR archiver

XML Paper Specification Shared Components Language Pack 1.0

YouTube Downloader 3.5

ZSMC USB PC Camera (ZS0211)

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Rodrigo at 7:17:51 on 2012-04-16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3327.2771 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.oquefazernainternet.com/

uSearch Bar = hxxp://www.oquefazernainternet.com/

mDefault_Search_URL = hxxp://www.oquefazernainternet.com/

mSearch Page = hxxp://www.oquefazernainternet.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

mSearchAssistant = hxxp://www.oquefazernainternet.com/

mCustomizeSearch = hxxp://www.oquefazernainternet.com/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [ccleaner] "c:\arquivos de programas\ccleaner\ccleaner.exe" /AUTO

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\arquivos de programas\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxdfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dseplugins\dfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dseplugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dseplugins\direct3dvideooutput.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dseplugins\Direct3DVideoOutput.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dseplugins\divxplaybackmodule.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dseplugins\DivXPlaybackModule.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxbanneradplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxdownloadmanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxmediamanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus player\dpxplugins\dpxplayerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus player\dpxplugins\DPXPlayerPlugin.dll",DllRegisterServer

mRunOnce: [b Register c:\arquivos de programas\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServer

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\rodrigo\dados de aplicativos\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\arquivos de programas\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289959826268

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290031355406

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518} : NameServer = 200.204.0.10,200.200.0.138

TCP: Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginAbn - c:\arquivos de programas\gbplugin\gbiehAbn.dll

Notify: igfxcui - igfxdev.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

Hosts: 69.162.112.196 wwwstatic.megavideo.com

Hosts: 200.220.186.3 www.santander.com.br # GbPlugin

.

============= SERVICES / DRIVERS ===============

.

R0 76641092;76641092;c:\windows\system32\drivers\76641092.sys [2012-4-13 133208]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-2-3 47304]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-23 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-16 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-16 20696]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-11-16 44768]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2012-2-3 199624]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\arquivos de programas\nvidia corporation\nvidia update core\daemonu.exe [2011-12-1 2348352]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-11-16 2127728]

R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2010-11-17 1537024]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\skype\updater\Updater.exe [2012-2-15 158856]

S3 cpudrv;cpudrv;c:\arquivos de programas\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 cpuz134;cpuz134;c:\arquivos de programas\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-11-15 20328]

S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;\??\c:\arquivos de programas\ecs motherboard utility\edlu\ecsiodriver.sys --> c:\arquivos de programas\ecs motherboard utility\edlu\ECSIoDriver.sys [?]

S3 lac97inf;lac97inf;\??\c:\docume~1\rodrigo\config~1\temp\lac97inf.sys --> c:\docume~1\rodrigo\config~1\temp\lac97inf.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-10 137472]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-10 8576]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-9-6 14336]

.

=============== Created Last 30 ================

.

2012-04-14 02:26:27 -------- d-----w- c:\documents and settings\rodrigo\configurações locais\dados de aplicativos\PCHealth

2012-04-13 09:13:44 133208 ----a-w- c:\windows\system32\drivers\76641092.sys

2012-04-13 09:10:20 475736 ----a-w- c:\windows\system32\drivers\8049051drv.sys

2012-04-12 01:04:19 -------- d-----w- c:\documents and settings\rodrigo\dados de aplicativos\TrojanHunter

2012-04-12 01:02:28 -------- d-----w- c:\arquivos de programas\Yahoo!

2012-04-12 01:02:25 -------- d-----w- c:\arquivos de programas\CCleaner

2012-04-12 00:17:22 -------- d-----w- c:\arquivos de programas\TrojanHunter 5.5

2012-03-30 02:17:52 -------- d-----w- c:\documents and settings\rodrigo\configurações locais\dados de aplicativos\Apple Computer

2012-03-30 02:16:47 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-30 02:16:19 -------- d-----w- c:\documents and settings\rodrigo\configurações locais\dados de aplicativos\Apple

2012-03-27 02:04:55 -------- d-----w- c:\arquivos de programas\Origin Games

2012-03-27 02:04:53 -------- d-----w- c:\documents and settings\rodrigo\configurações locais\dados de aplicativos\Origin

2012-03-27 01:49:39 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Electronic Arts

2012-03-27 01:49:30 -------- d-----w- c:\arquivos de programas\Origin

.

==================== Find3M ====================

.

2012-04-10 00:08:15 294604 -c--a-w- c:\windows\system32\nvdrsdb1.bin

2012-04-10 00:08:15 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-04-10 00:01:34 294604 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-04-04 18:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-01 10:59:03 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 10:59:03 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 10:59:03 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 23:58:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 23:58:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58:00 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58:00 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58:00 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 23:58:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 20:30:31 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30:24 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30:24 143680 -c--a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 20:30:23 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 14:09:51 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09:51 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:53 385024 ----a-w- c:\windows\system32\html.iec

2012-02-07 14:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:57:04 1860224 ----a-w- c:\windows\system32\win32k.sys

2010-10-16 13:50:24 3056008 -c--a-w- c:\arquivos de programas\arquivos comuns\AskToolbarInstaller.exe

2010-01-26 12:11:08 444283 -c--a-w- c:\arquivos de programas\arquivos comuns\WinPcapNmap.exe

.

============= FINISH: 7:18:15,06 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodizzi

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-04-17.01 - Rodrigo 17/04/2012 18:38:16.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3327.2606 [GMT -3:00]

Executando de: c:\documents and settings\Rodrigo\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\codec

c:\arquivos de programas\codec\AC3Filter\ac3config.exe

c:\arquivos de programas\codec\AC3Filter\presets.reg

c:\arquivos de programas\codec\AC3Filter\renderers win2k.reg

c:\arquivos de programas\codec\AC3Filter\reset to defaults.reg

c:\arquivos de programas\codec\CoreAVC\coreavc.ico

c:\arquivos de programas\codec\Divx6\config.exe

c:\arquivos de programas\codec\Haali\avi.dll

c:\arquivos de programas\codec\Haali\dxr.dll

c:\arquivos de programas\codec\Haali\mkunicode.dll

c:\arquivos de programas\codec\Haali\mkx.dll

c:\arquivos de programas\codec\Haali\mkzlib.dll

c:\arquivos de programas\codec\Haali\mp4.dll

c:\arquivos de programas\codec\Haali\ogm.dll

c:\arquivos de programas\codec\Haali\splitter.ax

c:\arquivos de programas\codec\Haali\ts.dll

c:\arquivos de programas\codec\history.txt

c:\arquivos de programas\codec\readme.txt

c:\arquivos de programas\codec\Uninstall\unins000.dat

c:\arquivos de programas\codec\Uninstall\unins000.exe

c:\arquivos de programas\codec\XviD\xvid.ico

c:\documents and settings\Rodrigo\Dados de aplicativos\cacaoweb

c:\documents and settings\Rodrigo\Dados de aplicativos\cacaoweb\npdfile.dat

c:\documents and settings\Rodrigo\Dados de aplicativos\cacaoweb\storage.db

c:\documents and settings\Rodrigo\Menu Iniciar\Internet Explorer.lnk

c:\documents and settings\Rodrigo\WINDOWS

c:\windows\lgcenter.ini

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\wmpvis.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-17 to 2012-04-17 ))))))))))))))))))))))))))))

.

.

2012-03-30 02:17 . 2012-03-30 02:18 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\Apple Computer

2012-03-30 02:17 . 2012-03-30 02:17 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Apple Computer

2012-03-30 02:16 . 2012-04-09 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2012-03-30 02:16 . 2012-03-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-30 02:16 . 2012-03-30 02:16 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Apple

2012-03-30 02:16 . 2012-03-30 02:16 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Apple Computer

2012-03-30 02:15 . 2012-04-09 23:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2012-03-27 02:04 . 2012-03-27 02:04 -------- d-----w- c:\arquivos de programas\Origin Games

2012-03-27 02:04 . 2012-03-27 02:04 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Origin

2012-03-27 01:49 . 2012-03-27 01:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2012-03-27 01:49 . 2012-04-03 21:48 -------- d-----w- c:\arquivos de programas\Origin

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 18:56 . 2011-05-28 17:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:15 . 2010-11-17 02:22 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:15 . 2010-11-17 02:22 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-07 00:03 . 2011-02-23 22:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:03 . 2010-11-17 02:22 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-07 00:02 . 2010-11-17 02:22 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-07 00:01 . 2010-11-17 02:22 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-07 00:01 . 2010-11-17 02:22 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-07 00:01 . 2010-11-17 02:22 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-07 00:01 . 2010-11-17 02:22 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 23:58 . 2010-11-17 02:22 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-01 10:59 . 2001-09-06 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 10:59 . 2001-09-06 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 10:59 . 2001-09-06 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 23:58 . 2011-11-14 21:43 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58 . 2011-11-14 21:43 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 23:58 . 2011-04-24 23:32 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58 . 2011-04-24 23:32 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58 . 2011-04-24 23:32 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58 . 2011-04-24 23:32 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58 . 2011-04-24 23:31 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58 . 2011-04-24 23:31 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58 . 2011-04-24 23:31 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58 . 2010-11-17 01:41 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 23:58 . 2010-11-17 01:41 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 21:15 . 2011-04-08 01:16 335872 -c--a-w- c:\windows\system32\nvrshe.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsesm.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsja.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrspl.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrssv.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrseng.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrscs.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrsit.dll

2012-02-29 21:15 . 2011-04-08 01:16 278528 -c--a-w- c:\windows\system32\nvrsde.dll

2012-02-29 21:15 . 2011-04-08 01:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrssk.dll

2012-02-29 21:15 . 2011-04-08 01:16 262144 -c--a-w- c:\windows\system32\nvrshu.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrspt.dll

2012-02-29 21:15 . 2011-04-08 01:16 266240 -c--a-w- c:\windows\system32\nvrsko.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsth.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsnl.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrstr.dll

2012-02-29 21:15 . 2011-04-08 01:16 335872 -c--a-w- c:\windows\system32\nvrsar.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrses.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsno.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrsel.dll

2012-02-29 21:15 . 2011-04-08 01:16 286720 -c--a-w- c:\windows\system32\nvrsfr.dll

2012-02-29 21:15 . 2011-04-08 01:16 270336 -c--a-w- c:\windows\system32\nvrsru.dll

2012-02-29 21:15 . 2011-04-08 01:16 229376 -c--a-w- c:\windows\system32\nvrszhc.dll

2012-02-29 21:15 . 2011-04-08 01:16 126976 -c--a-w- c:\windows\system32\nvrszht.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsda.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrsfi.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrssl.dll

2012-02-29 20:30 . 2011-04-08 01:16 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30 . 2011-04-08 01:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30 . 2011-04-08 01:16 143680 -c--a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30 . 2011-04-08 01:16 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:30 . 2011-04-08 01:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 14:09 . 2001-09-06 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2001-09-06 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-11-17 01:41 385024 ----a-w- c:\windows\system32\html.iec

2012-02-07 14:02 . 2012-02-07 14:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:57 . 2001-09-06 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys

2010-10-16 13:50 . 2010-12-01 01:53 3056008 -c--a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe

2010-01-26 12:11 . 2010-12-01 01:53 444283 -c--a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-08-11 40983152]

"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-01-06 18:59 735984 ----a-w- c:\arquivos de programas\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^_uninst_93575188.lnk]

path=c:\documents and settings\Rodrigo\Menu Iniciar\Programas\Inicializar\_uninst_93575188.lnk

backup=c:\windows\pss\_uninst_93575188.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 22:04 139264 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2010-03-29 04:28 1654584 ----a-w- c:\arquivos de programas\CCleaner\CCleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 -c--a-w- c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]

2006-08-18 18:58 49152 ----a-w- c:\windows\Domino.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-28 15:27 173592 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 00:17 49152 -c--a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-08-20 13:54 150016 -c--a-w- c:\arquivos de programas\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-28 15:27 141336 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2006-11-10 19:19 1051648 -c--a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 -c--a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2012-02-29 23:58 1634112 ----a-w- c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-28 15:27 142360 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-15 15:35 17146504 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-10-26 18:48 74752 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]

2007-04-06 13:06 57344 ----a-w- c:\windows\ZSSnp211.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NBService"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Winamp\\winamp.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\rodizzi\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Need for Speed SHIFT\\shift.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\rodizzi\\condition zero\\hl.exe"=

"c:\\Arquivos de programas\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 76641092;76641092;c:\windows\system32\drivers\76641092.sys [13/4/2012 06:13 133208]

R0 98754032;98754032;c:\windows\system32\drivers\98754032.sys [16/4/2012 19:42 133208]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [3/2/2012 21:35 47304]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/2/2011 19:03 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/11/2010 23:22 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/11/2010 23:22 20696]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [3/2/2012 21:35 199624]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1/12/2011 00:38 2348352]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2010 23:08 2127728]

R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [17/11/2010 00:08 1537024]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [15/2/2012 12:30 158856]

S3 cpudrv;cpudrv;c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]

S3 cpuz134;cpuz134;c:\arquivos de programas\CPUID\PC Wizard 2010\pcwiz_x32.sys [15/11/2011 17:22 20328]

S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;\??\c:\arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys --> c:\arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys [?]

S3 lac97inf;lac97inf;\??\c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys --> c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/1/2012 23:12 137472]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/1/2012 23:12 8576]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [6/9/2001 09:00 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518}: NameServer = 200.204.0.10,200.200.0.138

.

- - - - ORFÃOS REMOVIDOS - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-APSDaemon - c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

MSConfigStartUp-cacaoweb - c:\arquivos de programas\cacaoweb\cacaoweb.exe

MSConfigStartUp-EA Core - c:\arquivos de programas\Electronic Arts\EADM\Core.exe

MSConfigStartUp-NokiaOviSuite2 - c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

AddRemove-Codec_is1 - c:\arquivos de programas\Codec\Uninstall\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-17 18:49

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\arquivos de programas\GbPlugin\gbiehabn.dll

.

- - - - - - - > 'explorer.exe'(3328)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GbPlugin\gbiehabn.dll

c:\windows\system32\webcheck.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\RunDLL32.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-04-17 18:51:06 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-04-17 21:51

.

Pré-execução: 13 pasta(s) 58.511.462.400 bytes disponíveis

Pós execução: 16 pasta(s) 58.651.840.512 bytes disponíveis

.

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 54823201FCC25DC22E299E8DBB53308A

Compartilhar este post


Link para o post
Compartilhar em outros sites

hoje ele começou a dar problema ao iniciar, tive que reiniciar 3x pra abrir em modo normal

Compartilhar este post


Link para o post
Compartilhar em outros sites

outra coisa que percebi o pc está mais lento, tanto na net como em abrir os programas

Compartilhar este post


Link para o post
Compartilhar em outros sites

não consigo mais entrar em modo normal, estou nesse momento em modo de segurança.

algo que estranhei foi o seguinte.

quando executo msconfig e faço alguma alteração na inicialização ele pede para ser feito para o adm, ja fiz o logon de ADM ele pede a mesma coisa

Compartilhar este post


Link para o post
Compartilhar em outros sites
não consigo mais entrar em modo normal, estou nesse momento em modo de segurança.

algo que estranhei foi o seguinte.

quando executo msconfig e faço alguma alteração na inicialização ele pede para ser feito para o adm, ja fiz o logon de ADM ele pede a mesma coisa

Não consigo remover o ADOBE AIR

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodizzi

Peço que tenha paciência com o nosso trabalho, lembrando que nosso serviço é voluntário e que temos outros serviços extra-fórum. Lembrando:

Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\windows\system32\drivers\76641092.sys
c:\windows\system32\drivers\98754032.sys
c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys

Driver::
76641092
98754032
lac97inf


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-04-17.01 - Rodrigo 23/04/2012 19:28:30.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3327.2611 [GMT -3:00]

Executando de: c:\documents and settings\Rodrigo\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Rodrigo\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Criado um novo ponto de restauração

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

FILE ::

"c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys"

"c:\windows\system32\drivers\76641092.sys"

"c:\windows\system32\drivers\98754032.sys"

.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\76641092.sys

c:\windows\system32\drivers\98754032.sys

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))

.

.

2012-04-23 22:27 . 2012-04-23 22:27 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2012-04-20 02:28 . 2012-04-20 02:28 -------- d-----w- c:\arquivos de programas\Free MP3 Cutter

2012-04-18 01:13 . 2012-04-17 04:31 475736 ----a-w- c:\windows\system32\drivers\2898387drv.sys

2012-04-18 01:13 . 2012-04-17 04:31 133208 ----a-w- c:\windows\system32\drivers\34291526.sys

2012-04-14 02:26 . 2012-04-14 02:26 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\PCHealth

2012-04-12 01:04 . 2012-04-12 01:04 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\TrojanHunter

2012-04-12 01:02 . 2012-04-12 01:02 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\Yahoo!

2012-04-12 01:02 . 2012-04-12 01:02 -------- d-----w- c:\arquivos de programas\CCleaner

2012-03-30 02:17 . 2012-03-30 02:18 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\Apple Computer

2012-03-30 02:17 . 2012-03-30 02:17 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Apple Computer

2012-03-30 02:16 . 2012-04-09 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2012-03-30 02:16 . 2012-03-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-30 02:16 . 2012-03-30 02:16 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Apple

2012-03-30 02:16 . 2012-03-30 02:16 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Apple Computer

2012-03-30 02:15 . 2012-04-09 23:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2012-03-27 02:04 . 2012-03-27 02:04 -------- d-----w- c:\arquivos de programas\Origin Games

2012-03-27 02:04 . 2012-03-27 02:04 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Origin

2012-03-27 01:49 . 2012-03-27 01:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2012-03-27 01:49 . 2012-04-03 21:48 -------- d-----w- c:\arquivos de programas\Origin

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 18:56 . 2011-05-28 17:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:15 . 2010-11-17 02:22 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:15 . 2010-11-17 02:22 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-07 00:03 . 2011-02-23 22:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:03 . 2010-11-17 02:22 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-07 00:02 . 2010-11-17 02:22 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-07 00:01 . 2010-11-17 02:22 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-07 00:01 . 2010-11-17 02:22 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-07 00:01 . 2010-11-17 02:22 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-07 00:01 . 2010-11-17 02:22 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 23:58 . 2010-11-17 02:22 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-01 10:59 . 2001-09-06 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 10:59 . 2001-09-06 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 10:59 . 2001-09-06 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 23:58 . 2011-11-14 21:43 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58 . 2011-11-14 21:43 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 23:58 . 2011-04-24 23:32 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58 . 2011-04-24 23:32 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58 . 2011-04-24 23:32 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58 . 2011-04-24 23:32 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58 . 2011-04-24 23:31 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58 . 2011-04-24 23:31 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58 . 2011-04-24 23:31 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58 . 2010-11-17 01:41 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 23:58 . 2010-11-17 01:41 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 21:15 . 2011-04-08 01:16 335872 -c--a-w- c:\windows\system32\nvrshe.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsesm.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsja.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrspl.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrssv.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrseng.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrscs.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrsit.dll

2012-02-29 21:15 . 2011-04-08 01:16 278528 -c--a-w- c:\windows\system32\nvrsde.dll

2012-02-29 21:15 . 2011-04-08 01:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrssk.dll

2012-02-29 21:15 . 2011-04-08 01:16 262144 -c--a-w- c:\windows\system32\nvrshu.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrspt.dll

2012-02-29 21:15 . 2011-04-08 01:16 266240 -c--a-w- c:\windows\system32\nvrsko.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsth.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsnl.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrstr.dll

2012-02-29 21:15 . 2011-04-08 01:16 335872 -c--a-w- c:\windows\system32\nvrsar.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrses.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsno.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrsel.dll

2012-02-29 21:15 . 2011-04-08 01:16 286720 -c--a-w- c:\windows\system32\nvrsfr.dll

2012-02-29 21:15 . 2011-04-08 01:16 270336 -c--a-w- c:\windows\system32\nvrsru.dll

2012-02-29 21:15 . 2011-04-08 01:16 229376 -c--a-w- c:\windows\system32\nvrszhc.dll

2012-02-29 21:15 . 2011-04-08 01:16 126976 -c--a-w- c:\windows\system32\nvrszht.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsda.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrsfi.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrssl.dll

2012-02-29 20:30 . 2011-04-08 01:16 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30 . 2011-04-08 01:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30 . 2011-04-08 01:16 143680 -c--a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30 . 2011-04-08 01:16 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:30 . 2011-04-08 01:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 14:09 . 2001-09-06 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2001-09-06 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-11-17 01:41 385024 ----a-w- c:\windows\system32\html.iec

2012-02-07 14:02 . 2012-02-07 14:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:57 . 2001-09-06 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys

2010-10-16 13:50 . 2010-12-01 01:53 3056008 -c--a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-17_21.49.22 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-09-06 12:00 . 2012-04-17 21:20 84436 c:\windows\system32\perfc016.dat

+ 2001-09-06 12:00 . 2012-04-20 09:02 84436 c:\windows\system32\perfc016.dat

- 2001-09-06 12:00 . 2012-04-17 21:20 72530 c:\windows\system32\perfc009.dat

+ 2001-09-06 12:00 . 2012-04-20 09:02 72530 c:\windows\system32\perfc009.dat

+ 2011-05-04 23:37 . 2012-04-18 23:27 54068 c:\windows\system32\mlfcache.dat

+ 2001-09-06 12:00 . 2012-04-20 09:02 480634 c:\windows\system32\perfh016.dat

- 2001-09-06 12:00 . 2012-04-17 21:20 480634 c:\windows\system32\perfh016.dat

- 2001-09-06 12:00 . 2012-04-17 21:20 444654 c:\windows\system32\perfh009.dat

+ 2001-09-06 12:00 . 2012-04-20 09:02 444654 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-08-11 40983152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-01-06 18:59 735984 ----a-w- c:\arquivos de programas\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^_uninst_93575188.lnk]

path=c:\documents and settings\Rodrigo\Menu Iniciar\Programas\Inicializar\_uninst_93575188.lnk

backup=c:\windows\pss\_uninst_93575188.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 22:04 139264 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2010-03-29 04:28 1654584 ----a-w- c:\arquivos de programas\CCleaner\CCleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 -c--a-w- c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]

2006-08-18 18:58 49152 ----a-w- c:\windows\Domino.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-28 15:27 173592 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 00:17 49152 -c--a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-08-20 13:54 150016 -c--a-w- c:\arquivos de programas\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-28 15:27 141336 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2006-11-10 19:19 1051648 -c--a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 -c--a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2012-02-29 23:58 1634112 ----a-w- c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-28 15:27 142360 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-15 15:35 17146504 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-10-26 18:48 74752 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]

2007-04-06 13:06 57344 ----a-w- c:\windows\ZSSnp211.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NBService"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Winamp\\winamp.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\rodizzi\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Need for Speed SHIFT\\shift.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\rodizzi\\condition zero\\hl.exe"=

"c:\\Arquivos de programas\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 76641092;76641092;c:\windows\system32\DRIVERS\76641092.sys --> c:\windows\system32\DRIVERS\76641092.sys [?]

R0 98754032;98754032;c:\windows\system32\DRIVERS\98754032.sys --> c:\windows\system32\DRIVERS\98754032.sys [?]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [3/2/2012 21:35 47304]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/2/2011 19:03 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/11/2010 23:22 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/11/2010 23:22 20696]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [3/2/2012 21:35 199624]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1/12/2011 00:38 2348352]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2010 23:08 2127728]

R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [17/11/2010 00:08 1537024]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [15/2/2012 12:30 158856]

S3 cpudrv;cpudrv;c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]

S3 cpuz134;cpuz134;c:\arquivos de programas\CPUID\PC Wizard 2010\pcwiz_x32.sys [15/11/2011 17:22 20328]

S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;\??\c:\arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys --> c:\arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys [?]

S3 lac97inf;lac97inf;\??\c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys --> c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/1/2012 23:12 137472]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/1/2012 23:12 8576]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [6/9/2001 09:00 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518}: NameServer = 200.204.0.10,200.200.0.138

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-23 19:29

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\arquivos de programas\GbPlugin\gbiehabn.dll

.

Tempo para conclusão: 2012-04-23 19:30:50

ComboFix-quarantined-files.txt 2012-04-23 22:30

ComboFix2.txt 2012-04-17 21:51

.

Pré-execução: 15 pasta(s) 57.408.385.024 bytes disponíveis

Pós execução: 16 pasta(s) 57.773.600.768 bytes disponíveis

.

- - End Of File - - BF2A2316868B1571989486034FE2F4B8

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodizzi

Faz uso desse programa: Codec 8.3q?

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

KillAll:

File::
c:\windows\system32\drivers\2898387drv.sys
c:\windows\system32\drivers\34291526.sys
c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys
c:\documents and settings\Rodrigo\Menu Iniciar\Programas\Inicializar\_uninst_93575188.lnk
c:\windows\pss\_uninst_93575188.lnk

Driver::
76641092
98754032
lac97inf

Registry::
[HKLM\~\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^_uninst_93575188.lnk]


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

eSSE CODEC 8.3 que você se refere nao são dos codecs do winxp que solicita para isntalação e visualizar videos e ouvir musicas de outros formatos ?? , nao me lembro desse codec .

Eu tenho divx plus que uso aqui ,mas esse codec nao lembro

ComboFix 12-04-17.01 - Rodrigo 24/04/2012 19:04:20.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3327.2553 [GMT -3:00]

Executando de: c:\documents and settings\Rodrigo\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Rodrigo\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

FILE ::

"c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys"

"c:\documents and settings\Rodrigo\Menu Iniciar\Programas\Inicializar\_uninst_93575188.lnk"

"c:\windows\pss\_uninst_93575188.lnk"

"c:\windows\system32\drivers\2898387drv.sys"

"c:\windows\system32\drivers\34291526.sys"

.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\2898387drv.sys

c:\windows\system32\drivers\34291526.sys

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-24 to 2012-04-24 ))))))))))))))))))))))))))))

.

.

2012-04-23 22:27 . 2012-04-24 22:03 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2012-04-14 02:26 . 2012-04-14 02:26 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\PCHealth

2012-04-12 01:04 . 2012-04-12 01:04 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\TrojanHunter

2012-04-12 01:02 . 2012-04-12 01:02 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\Yahoo!

2012-04-12 01:02 . 2012-04-12 01:02 -------- d-----w- c:\arquivos de programas\CCleaner

2012-03-30 02:17 . 2012-03-30 02:18 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\Apple Computer

2012-03-30 02:17 . 2012-03-30 02:17 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Apple Computer

2012-03-30 02:16 . 2012-04-09 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2012-03-30 02:16 . 2012-03-30 02:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-03-30 02:16 . 2012-03-30 02:16 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Apple

2012-03-30 02:16 . 2012-03-30 02:16 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Apple Computer

2012-03-30 02:15 . 2012-04-09 23:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2012-03-27 02:04 . 2012-03-27 02:04 -------- d-----w- c:\arquivos de programas\Origin Games

2012-03-27 02:04 . 2012-03-27 02:04 -------- d-----w- c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Origin

2012-03-27 01:49 . 2012-03-27 01:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2012-03-27 01:49 . 2012-04-03 21:48 -------- d-----w- c:\arquivos de programas\Origin

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 18:56 . 2011-05-28 17:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:15 . 2010-11-17 02:22 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:15 . 2010-11-17 02:22 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-07 00:03 . 2011-02-23 22:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:03 . 2010-11-17 02:22 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-07 00:02 . 2010-11-17 02:22 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-07 00:01 . 2010-11-17 02:22 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-07 00:01 . 2010-11-17 02:22 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-07 00:01 . 2010-11-17 02:22 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-07 00:01 . 2010-11-17 02:22 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 23:58 . 2010-11-17 02:22 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-01 10:59 . 2001-09-06 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 10:59 . 2001-09-06 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 10:59 . 2001-09-06 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 23:58 . 2011-11-14 21:43 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58 . 2011-11-14 21:43 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 23:58 . 2011-04-24 23:32 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58 . 2011-04-24 23:32 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58 . 2011-04-24 23:32 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58 . 2011-04-24 23:32 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58 . 2011-04-24 23:31 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58 . 2011-04-24 23:31 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58 . 2011-04-24 23:31 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58 . 2010-11-17 01:41 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 23:58 . 2010-11-17 01:41 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 21:15 . 2011-04-08 01:16 335872 -c--a-w- c:\windows\system32\nvrshe.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsesm.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsja.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrspl.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrssv.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrseng.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrscs.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrsit.dll

2012-02-29 21:15 . 2011-04-08 01:16 278528 -c--a-w- c:\windows\system32\nvrsde.dll

2012-02-29 21:15 . 2011-04-08 01:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrssk.dll

2012-02-29 21:15 . 2011-04-08 01:16 262144 -c--a-w- c:\windows\system32\nvrshu.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrspt.dll

2012-02-29 21:15 . 2011-04-08 01:16 266240 -c--a-w- c:\windows\system32\nvrsko.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsth.dll

2012-02-29 21:15 . 2011-04-08 01:16 274432 -c--a-w- c:\windows\system32\nvrsnl.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrstr.dll

2012-02-29 21:15 . 2011-04-08 01:16 335872 -c--a-w- c:\windows\system32\nvrsar.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrses.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsno.dll

2012-02-29 21:15 . 2011-04-08 01:16 282624 -c--a-w- c:\windows\system32\nvrsel.dll

2012-02-29 21:15 . 2011-04-08 01:16 286720 -c--a-w- c:\windows\system32\nvrsfr.dll

2012-02-29 21:15 . 2011-04-08 01:16 270336 -c--a-w- c:\windows\system32\nvrsru.dll

2012-02-29 21:15 . 2011-04-08 01:16 229376 -c--a-w- c:\windows\system32\nvrszhc.dll

2012-02-29 21:15 . 2011-04-08 01:16 126976 -c--a-w- c:\windows\system32\nvrszht.dll

2012-02-29 21:15 . 2011-04-08 01:16 253952 -c--a-w- c:\windows\system32\nvrsda.dll

2012-02-29 21:15 . 2011-04-08 01:16 249856 -c--a-w- c:\windows\system32\nvrsfi.dll

2012-02-29 21:15 . 2011-04-08 01:16 258048 -c--a-w- c:\windows\system32\nvrssl.dll

2012-02-29 20:30 . 2011-04-08 01:16 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30 . 2011-04-08 01:16 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30 . 2011-04-08 01:16 143680 -c--a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30 . 2011-04-08 01:16 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:30 . 2011-04-08 01:16 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 14:09 . 2001-09-06 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2001-09-06 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-11-17 01:41 385024 ----a-w- c:\windows\system32\html.iec

2012-02-07 14:02 . 2012-02-07 14:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:57 . 2001-09-06 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys

2010-10-16 13:50 . 2010-12-01 01:53 3056008 -c--a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-17_21.49.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-04 23:37 . 2012-04-18 23:27 54068 c:\windows\system32\mlfcache.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-08-11 40983152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-01-06 18:59 735984 ----a-w- c:\arquivos de programas\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^_uninst_93575188.lnk]

path=c:\documents and settings\Rodrigo\Menu Iniciar\Programas\Inicializar\_uninst_93575188.lnk

backup=c:\windows\pss\_uninst_93575188.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-11-16 22:04 139264 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2010-03-29 04:28 1654584 ----a-w- c:\arquivos de programas\CCleaner\CCleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 -c--a-w- c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]

2006-08-18 18:58 49152 ----a-w- c:\windows\Domino.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-28 15:27 173592 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 00:17 49152 -c--a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-08-20 13:54 150016 -c--a-w- c:\arquivos de programas\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-28 15:27 141336 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2006-11-10 19:19 1051648 -c--a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 -c--a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2012-02-29 20:30 15494464 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2012-02-29 20:30 108352 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2012-02-29 23:58 1634112 ----a-w- c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-28 15:27 142360 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-15 15:35 17146504 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-10-26 18:48 74752 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]

2007-04-06 13:06 57344 ----a-w- c:\windows\ZSSnp211.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NBService"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Winamp\\winamp.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\rodizzi\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Need for Speed SHIFT\\shift.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\rodizzi\\condition zero\\hl.exe"=

"c:\\Arquivos de programas\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [3/2/2012 21:35 47304]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/2/2011 19:03 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/11/2010 23:22 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/11/2010 23:22 20696]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [3/2/2012 21:35 199624]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1/12/2011 00:38 2348352]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2010 23:08 2127728]

R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [17/11/2010 00:08 1537024]

S0 76641092;76641092;c:\windows\system32\DRIVERS\76641092.sys --> c:\windows\system32\DRIVERS\76641092.sys [?]

S0 98754032;98754032;c:\windows\system32\DRIVERS\98754032.sys --> c:\windows\system32\DRIVERS\98754032.sys [?]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [15/2/2012 12:30 158856]

S3 cpudrv;cpudrv;c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]

S3 cpuz134;cpuz134;c:\arquivos de programas\CPUID\PC Wizard 2010\pcwiz_x32.sys [15/11/2011 17:22 20328]

S3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;\??\c:\arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys --> c:\arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys [?]

S3 lac97inf;lac97inf;\??\c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys --> c:\docume~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/1/2012 23:12 137472]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/1/2012 23:12 8576]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [6/9/2001 09:00 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518}: NameServer = 200.204.0.10,200.200.0.138

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-24 19:09

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(700)

c:\arquivos de programas\GbPlugin\gbiehabn.dll

.

- - - - - - - > 'explorer.exe'(3304)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GbPlugin\gbiehabn.dll

c:\windows\system32\webcheck.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-04-24 19:10:43 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-04-24 22:10

ComboFix2.txt 2012-04-23 22:30

ComboFix3.txt 2012-04-17 21:51

.

Pré-execução: 15 pasta(s) 57.232.551.936 bytes disponíveis

Pós execução: 16 pasta(s) 57.418.936.320 bytes disponíveis

.

- - End Of File - - 8958B9EC7809047267FDF50B8BD61552

Compartilhar este post


Link para o post
Compartilhar em outros sites

tem alguns ficheiros que eu vi criado que nao uso e ja deletei os progrmas, como trojanhunter, apple e yahoo, tem como excluir eles???

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodizzi

Sobre o Codec: http://www.baixaki.com.br/download/codec.htm

O seu é uma versão antiga!

Faça o donwload do OTL by OldTimer e salve em seu Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dl
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
/md5stop

  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL logfile created on: 29/4/2012 23:23:45 - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Rodrigo\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,05% Memory free

5,09 Gb Paging File | 4,36 Gb Available in Paging File | 85,63% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 128,00 Gb Total Space | 53,88 Gb Free Space | 42,10% Space Free | Partition Type: NTFS

Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 170,09 Gb Total Space | 128,51 Gb Free Space | 75,55% Space Free | Partition Type: NTFS

Drive F: | 379,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC-AIG988HQ684P | User Name: Rodrigo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 23:12:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe

PRC - [2012/03/29 16:38:28 | 000,204,232 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2012/03/06 21:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/03/06 21:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/02/29 20:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/29 16:20:00 | 001,771,520 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\12042901\algo.dll

MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

MOD - [2001/10/28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/03/29 16:38:28 | 000,204,232 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2012/03/06 21:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/02/29 20:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/02/15 12:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/10/27 09:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/11/10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/05/12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mferkdet.sys -- (mferkdet)

DRV - File not found [Kernel | Boot | Running] -- system32\drivers\mfehidk.sys -- (mfehidk)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys -- (lac97inf)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys -- (ECSIoDriver_1_1_0_0)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\98754032.sys -- (98754032)

DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\76641092.sys -- (76641092)

DRV - [2012/03/29 16:40:06 | 000,047,816 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2012/03/06 21:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 21:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 21:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 21:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 21:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 21:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 20:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/08/17 12:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2011/08/17 12:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2011/08/17 11:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011/08/17 11:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011/08/17 11:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2011/08/17 11:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/08/04 20:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2010/07/09 11:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)

DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2008/10/16 23:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/14 13:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007/12/05 10:00:08 | 001,537,024 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC30x)

DRV - [2006/11/10 16:17:50 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2006/11/10 16:16:34 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2006/11/10 16:15:56 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2006/11/10 16:15:44 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-602162358-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..\SearchScopes,DefaultScope = {CA5A17F2-15A5-4731-8DF2-B27799D3EDE5}

IE - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..\SearchScopes\{CA5A17F2-15A5-4731-8DF2-B27799D3EDE5}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}

IE - HKU\S-1-5-21-1614895754-602162358-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-602162358-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Arquivos de programas\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Arquivos de programas\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Arquivos de programas\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/01 21:16:38 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/24 19:08:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Banco Bradesco S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll (DivX, LLC)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll (DivX, LLC)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll (DivX, LLC)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Arquivos de programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O4 - HKU\S-1-5-21-1614895754-602162358-839522115-1007..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (Nero AG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1614895754-602162358-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1614895754-602162358-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: bancoreal.com.br ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: bancosantander.com.br ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: bancosantander.com.br ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: realsecureweb.com.br ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: realsecureweb.com.br ([www2] https in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: realsecureweb.com.br ([wwws] * in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: realsecureweb.com.br ([wwws] https in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santander.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santander.com.br ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santanderempresarial.com.br ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santandernet.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santandernet.com.br ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santandernet.com.br ([wwws] * in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santandernet.com.br ([wwws] https in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: santandernetibe.com.br ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: secureweb.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-1614895754-602162358-839522115-1004\..Trusted Domains: secureweb.com.br ([www] https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289959826268 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290031355406 (MUWebControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518}: DhcpNameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518}: NameServer = 200.204.0.10,200.200.0.138

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\Arquivos de programas\GbPlugin\gbiehAbn.dll) - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/11/16 22:13:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/29 06:55:00 | 000,419,088 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2009/08/26 14:25:38 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]

O32 - AutoRun File - [2009/08/26 13:37:54 | 024,725,504 | R--- | M] () - D:\autorun.dat -- [ UDF ]

O32 - AutoRun File - [2009/08/26 14:25:34 | 000,000,148 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (aswBoot.exe /M:102c06a2123e8)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 23:12:53 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys

[2012/04/29 23:12:30 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.5297.deleteme

[2012/04/29 23:12:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\stinger

[2012/04/29 23:11:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe

[2012/04/29 23:07:57 | 000,674,774 | ---- | C] (NoVirusThanks Company Srl ) -- C:\Documents and Settings\Rodrigo\Desktop\uploader_setup.exe

[2012/04/29 10:54:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/04/29 10:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Meus documentos\Autodata

[2012/04/29 00:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AutoData 2005-XP

[2012/04/29 00:45:10 | 000,000,000 | ---D | C] -- C:\Adcda2

[2012/04/29 00:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Desktop\Nova pasta (2)

[2012/04/24 19:18:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/04/24 19:05:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/04/19 23:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Meus documentos\FABIULA ARQUIVOS DO MADRE

[2012/04/18 23:14:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rodrigo\Recent

[2012/04/17 18:37:29 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/04/17 18:36:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/04/17 18:36:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/04/17 18:36:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/04/17 18:36:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/04/17 18:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/04/17 18:31:36 | 004,466,721 | R--- | C] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\ComboFix.exe

[2012/04/13 23:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\PCHealth

[2012/04/12 21:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Desktop\Nova pasta (5)

[2012/04/12 21:10:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\dds.scr

[2012/04/12 20:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Meus documentos\CNPJ

[2012/04/11 22:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\TrojanHunter

[2012/04/11 22:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Yahoo!

[2012/04/11 22:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Menu Iniciar\Programas\CCleaner

[2012/04/11 22:02:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner

[2012/04/11 21:03:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/29 23:12:53 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys

[2012/04/29 23:12:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe

[2012/04/29 23:12:28 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.5297.deleteme

[2012/04/29 23:08:00 | 000,674,774 | ---- | M] (NoVirusThanks Company Srl ) -- C:\Documents and Settings\Rodrigo\Desktop\uploader_setup.exe

[2012/04/29 23:05:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/04/29 22:35:37 | 000,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/04/29 22:33:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/04/29 21:36:59 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/29 16:05:57 | 000,001,696 | ---- | M] () -- C:\WINDOWS\Ky5s96SF.csa

[2012/04/29 11:45:35 | 133,204,952 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\setup_11.0.0.1245.x01_2012_04_29_17_36.exe

[2012/04/29 10:37:14 | 000,480,634 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2012/04/29 10:37:14 | 000,444,654 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/29 10:37:14 | 000,084,436 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2012/04/29 10:37:14 | 000,072,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/29 10:32:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/29 10:32:10 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/29 00:45:35 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoData2005XP.lnk

[2012/04/28 00:09:11 | 050,000,000 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part2.rar

[2012/04/27 06:16:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/25 21:13:06 | 000,223,727 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Meus documentos\Sensores de detonao.pdf

[2012/04/25 00:01:00 | 050,000,000 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part1.rar

[2012/04/24 19:08:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/04/23 21:41:17 | 001,239,109 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\BDUSBImmunizer1.zip

[2012/04/23 20:16:10 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\Rodrigo\default.pls

[2012/04/18 22:33:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/04/18 20:27:06 | 000,054,068 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/04/17 18:31:38 | 004,466,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\ComboFix.exe

[2012/04/16 21:06:23 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/04/13 23:09:30 | 000,048,639 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Meus documentos\gmer.JPG

[2012/04/13 20:51:57 | 000,043,389 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Meus documentos\avira.JPG

[2012/04/13 06:18:31 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/12 21:14:13 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\gmer.zip

[2012/04/12 21:10:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\dds.scr

[2012/04/11 22:02:27 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\CCleaner.lnk

[2012/04/11 21:17:25 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll

[2012/04/09 21:08:15 | 000,294,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2012/04/09 21:08:15 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[2012/04/09 21:01:34 | 000,294,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/29 11:45:25 | 133,204,952 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\setup_11.0.0.1245.x01_2012_04_29_17_36.exe

[2012/04/29 10:35:52 | 000,001,696 | ---- | C] () -- C:\WINDOWS\Ky5s96SF.csa

[2012/04/29 00:45:35 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoData2005XP.lnk

[2012/04/28 00:09:11 | 050,000,000 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part2.rar

[2012/04/25 21:13:06 | 000,223,727 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Meus documentos\Sensores de detonao.pdf

[2012/04/25 00:00:59 | 050,000,000 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part1.rar

[2012/04/23 21:41:05 | 001,239,109 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\BDUSBImmunizer1.zip

[2012/04/18 22:43:36 | 3488,862,208 | -HS- | C] () -- C:\hiberfil.sys

[2012/04/17 18:37:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/04/17 18:37:30 | 000,261,920 | RHS- | C] () -- C:\cmldr

[2012/04/17 18:36:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/04/17 18:36:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/04/17 18:36:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/04/17 18:36:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/04/17 18:36:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/04/13 23:09:30 | 000,048,639 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Meus documentos\gmer.JPG

[2012/04/13 20:51:57 | 000,043,389 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Meus documentos\avira.JPG

[2012/04/12 21:14:08 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\gmer.zip

[2012/04/11 22:02:27 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\CCleaner.lnk

[2012/04/11 21:17:22 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll

[2012/04/03 20:44:41 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/16 17:30:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/03 21:29:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2012/01/03 21:29:00 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2012/01/03 21:28:59 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2011/11/27 00:28:12 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2011/11/16 21:26:18 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/10/31 20:58:55 | 000,000,606 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2011/10/31 19:43:30 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\fusioncache.dat

[2011/10/15 12:51:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2011/06/02 23:25:02 | 000,077,472 | ---- | C] () -- C:\WINDOWS\hpqins05.dat

[2011/06/02 23:10:58 | 000,191,737 | ---- | C] () -- C:\WINDOWS\hpwins20.dat.temp

[2011/06/02 23:10:58 | 000,002,428 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat.temp

[2011/06/01 22:29:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011/05/24 23:21:41 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/05/05 22:54:38 | 000,019,571 | ---- | C] () -- C:\WINDOWS\hpqins13.dat

[2011/05/04 20:37:04 | 000,054,068 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/05/02 18:50:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2011/04/27 23:10:48 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat

[2011/04/27 23:07:12 | 000,191,737 | ---- | C] () -- C:\WINDOWS\hpwins20.dat

[2011/04/27 23:07:12 | 000,002,428 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat

[2011/04/24 20:32:45 | 000,294,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/04/24 20:32:40 | 000,294,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/04/24 20:32:40 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/04/24 20:28:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/01 01:06:45 | 000,234,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2010/11/23 20:32:55 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010/11/17 17:59:15 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/17 14:22:04 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2010/11/17 13:33:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/17 00:34:11 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/11/17 00:34:11 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/11/17 00:34:10 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/11/17 00:16:46 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll

[2010/11/17 00:16:46 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll

[2010/11/17 00:08:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe

[2010/11/16 23:16:09 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/11/16 23:06:07 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll

[2010/11/16 23:06:05 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/11/16 23:04:51 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/16 22:14:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/11/16 22:11:43 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2010/11/16 23:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2012/03/26 22:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts

[2012/04/29 00:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2012/01/22 22:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

[2012/03/27 20:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

[2011/09/11 00:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NokiaInstallerCache

[2012/03/26 23:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Origin

[2011/05/03 19:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2012/03/29 23:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/05/04 20:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\bowers-wilkins.dlm.8336D9976F9EA57B9953BCD80947775C45DF3256.1

[2010/11/30 22:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers

[2010/11/25 19:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\FreeBurner

[2012/03/27 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Nokia

[2010/12/26 23:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Nokia Ovi Suite

[2012/03/12 16:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Origin

[2011/09/06 21:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\PC Suite

[2010/12/27 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Publish Providers

[2012/04/29 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Scpad

[2011/09/10 16:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Shareaza

[2011/03/29 21:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Sony

[2012/04/11 22:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\TrojanHunter

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >

[2004/08/03 23:55:42 | 018,785,713 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/11/16 23:52:28 | 023,893,088 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004/08/03 23:55:42 | 018,785,713 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2010/11/16 23:52:28 | 023,893,088 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/03 23:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/03 23:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

[2004/08/03 23:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 212 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Rodrigo\Meus documentos\Shareaza Downloads:Shareaza.GUID

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL Extras logfile created on: 29/4/2012 23:23:45 - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Rodrigo\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,05% Memory free

5,09 Gb Paging File | 4,36 Gb Available in Paging File | 85,63% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 128,00 Gb Total Space | 53,88 Gb Free Space | 42,10% Space Free | Partition Type: NTFS

Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 170,09 Gb Total Space | 128,51 Gb Free Space | 75,55% Space Free | Partition Type: NTFS

Drive F: | 379,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC-AIG988HQ684P | User Name: Rodrigo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Arquivos de programas\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Arquivos de programas\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Arquivos de programas\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\Steam\Steam.exe" = C:\Arquivos de programas\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Arquivos de programas\Winamp\winamp.exe" = C:\Arquivos de programas\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe" = C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)

"C:\Arquivos de programas\Steam\steamapps\rodizzi\counter-strike\hl.exe" = C:\Arquivos de programas\Steam\steamapps\rodizzi\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

"C:\Arquivos de programas\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Arquivos de programas\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()

"C:\Arquivos de programas\Electronic Arts\Need for Speed SHIFT\shift.exe" = C:\Arquivos de programas\Electronic Arts\Need for Speed SHIFT\shift.exe:*:Enabled:Need for Speed™ SHIFT -- (Electronic Arts Inc.)

"C:\Arquivos de programas\Steam\steamapps\rodizzi\condition zero\hl.exe" = C:\Arquivos de programas\Steam\steamapps\rodizzi\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)

"C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver

"{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{350C97BB-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB

"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{7F71FDE8-7D81-4faa-8B6A-A792375813EB}" = J4660

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax

"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.6 - Português

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware

"{F87DA817-8D53-42CC-AA45-93A100341046}" = Nero 7 Essentials

"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AutoData-2005-XP" = AutoData-2005-XP

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58

"DiskSpeed32" = DiskSpeed32

"DivX Setup" = Instalação do DivX

"eMule" = eMule

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Document Manager" = HP Document Manager 1.0

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Origin" = Origin

"PC Wizard 2010_is1" = PC Wizard 2010.1.96

"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes

"Steam App 80" = Counter-Strike: Condition Zero

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Winamp" = Winamp

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-602162358-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Detectar Aplicação

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 23/4/2012 19:16:57 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 19:17:04 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 23/4/2012 20:44:07 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:44:39 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:45:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:47:18 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 28/4/2012 23:41:32 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 14:09:13 | Computer Name = PC-AIG988HQ684P | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

Error - 29/4/2012 21:34:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 21:34:11 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1001

Description = Falha no compartimento de memória -1466290071.

[ Application Events ]

Error - 23/4/2012 19:16:57 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 19:17:04 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 23/4/2012 20:44:07 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:44:39 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:45:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:47:18 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 28/4/2012 23:41:32 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 14:09:13 | Computer Name = PC-AIG988HQ684P | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

Error - 29/4/2012 21:34:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 21:34:11 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1001

Description = Falha no compartimento de memória -1466290071.

[ Application Events ]

Error - 23/4/2012 19:16:57 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 19:17:04 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 23/4/2012 20:44:07 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:44:39 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:45:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:47:18 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 28/4/2012 23:41:32 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 14:09:13 | Computer Name = PC-AIG988HQ684P | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

Error - 29/4/2012 21:34:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 21:34:11 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1001

Description = Falha no compartimento de memória -1466290071.

[ OSession Events ]

Error - 5/7/2011 09:31:27 | Computer Name = PC-AIG988HQ684P | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5116

seconds with 240 seconds of active time. This session ended with a crash.

Error - 8/8/2011 18:41:12 | Computer Name = PC-AIG988HQ684P | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2010

seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 28/4/2012 23:47:05 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:20:47 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:22:29 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:24:03 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:28:53 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:30:50 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:32:32 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7022

Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: 76641092 98754032

Error - 29/4/2012 21:34:28 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7034

Description = O serviço Autodata Limited License Service foi encerrado inesperadamente.

Isso aconteceu 1 vez(es).

[ System Events ]

Error - 28/4/2012 23:47:05 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:20:47 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:22:29 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:24:03 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:28:53 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:30:50 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:32:32 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7022

Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: 76641092 98754032

Error - 29/4/2012 21:34:28 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7034

Description = O serviço Autodata Limited License Service foi encerrado inesperadamente.

Isso aconteceu 1 vez(es).

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL Extras logfile created on: 29/4/2012 23:23:45 - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Rodrigo\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,05% Memory free

5,09 Gb Paging File | 4,36 Gb Available in Paging File | 85,63% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 128,00 Gb Total Space | 53,88 Gb Free Space | 42,10% Space Free | Partition Type: NTFS

Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive E: | 170,09 Gb Total Space | 128,51 Gb Free Space | 75,55% Space Free | Partition Type: NTFS

Drive F: | 379,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC-AIG988HQ684P | User Name: Rodrigo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Arquivos de programas\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Arquivos de programas\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Arquivos de programas\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\Steam\Steam.exe" = C:\Arquivos de programas\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Arquivos de programas\Winamp\winamp.exe" = C:\Arquivos de programas\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe" = C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)

"C:\Arquivos de programas\Steam\steamapps\rodizzi\counter-strike\hl.exe" = C:\Arquivos de programas\Steam\steamapps\rodizzi\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

"C:\Arquivos de programas\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Arquivos de programas\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()

"C:\Arquivos de programas\Electronic Arts\Need for Speed SHIFT\shift.exe" = C:\Arquivos de programas\Electronic Arts\Need for Speed SHIFT\shift.exe:*:Enabled:Need for Speed™ SHIFT -- (Electronic Arts Inc.)

"C:\Arquivos de programas\Steam\steamapps\rodizzi\condition zero\hl.exe" = C:\Arquivos de programas\Steam\steamapps\rodizzi\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)

"C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver

"{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{350C97BB-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB

"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{7F71FDE8-7D81-4faa-8B6A-A792375813EB}" = J4660

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage

"{933B4015-4618-4716-A828-5289FC03165F}" = você80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax

"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.6 - Português

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_você100_CRT_SP1_x86

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware

"{F87DA817-8D53-42CC-AA45-93A100341046}" = Nero 7 Essentials

"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AutoData-2005-XP" = AutoData-2005-XP

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58

"DiskSpeed32" = DiskSpeed32

"DivX Setup" = Instalação do DivX

"eMule" = eMule

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Document Manager" = HP Document Manager 1.0

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Origin" = Origin

"PC Wizard 2010_is1" = PC Wizard 2010.1.96

"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes

"Steam App 80" = Counter-Strike: Condition Zero

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Winamp" = Winamp

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-602162358-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Detectar Aplicação

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 23/4/2012 19:16:57 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 19:17:04 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 23/4/2012 20:44:07 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:44:39 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:45:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:47:18 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 28/4/2012 23:41:32 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 14:09:13 | Computer Name = PC-AIG988HQ684P | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

Error - 29/4/2012 21:34:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 21:34:11 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1001

Description = Falha no compartimento de memória -1466290071.

[ Application Events ]

Error - 23/4/2012 19:16:57 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 19:17:04 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 23/4/2012 20:44:07 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:44:39 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:45:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:47:18 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 28/4/2012 23:41:32 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 14:09:13 | Computer Name = PC-AIG988HQ684P | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

Error - 29/4/2012 21:34:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 21:34:11 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1001

Description = Falha no compartimento de memória -1466290071.

[ Application Events ]

Error - 23/4/2012 19:16:57 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 19:17:04 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.5512, endereço com falha 0x0001295d.

Error - 23/4/2012 20:44:07 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:44:39 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:45:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 23/4/2012 20:47:18 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com

falha qedit.dll, versão 6.5.2600.5512, endereço com falha 0x0006674c.

Error - 28/4/2012 23:41:32 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 14:09:13 | Computer Name = PC-AIG988HQ684P | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

Error - 29/4/2012 21:34:06 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1000

Description = Aplicativo com falha divx plus player.exe, versão 10.3.2.6, módulo

com falha qtcore4.dll, versão 4.5.0.0, endereço com falha 0x000e1b16.

Error - 29/4/2012 21:34:11 | Computer Name = PC-AIG988HQ684P | Source = Application Error | ID = 1001

Description = Falha no compartimento de memória -1466290071.

[ OSession Events ]

Error - 5/7/2011 09:31:27 | Computer Name = PC-AIG988HQ684P | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5116

seconds with 240 seconds of active time. This session ended with a crash.

Error - 8/8/2011 18:41:12 | Computer Name = PC-AIG988HQ684P | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2010

seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 28/4/2012 23:47:05 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:20:47 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:22:29 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:24:03 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:28:53 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:30:50 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:32:32 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7022

Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: 76641092 98754032

Error - 29/4/2012 21:34:28 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7034

Description = O serviço Autodata Limited License Service foi encerrado inesperadamente.

Isso aconteceu 1 vez(es).

[ System Events ]

Error - 28/4/2012 23:47:05 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:20:47 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:22:29 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:24:03 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:28:53 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:30:50 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:32:32 | Computer Name = PC-AIG988HQ684P | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7022

Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar.

Error - 29/4/2012 09:34:38 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: 76641092 98754032

Error - 29/4/2012 21:34:28 | Computer Name = PC-AIG988HQ684P | Source = Service Control Manager | ID = 7034

Description = O serviço Autodata Limited License Service foi encerrado inesperadamente.

Isso aconteceu 1 vez(es).

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodizzi

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL
[2012/04/11 22:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\TrojanHunter
[2012/04/11 22:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Yahoo!

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-

:Commands
[purity]
[emptyflash]
[createrestorepoint]
[emptytemp]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo o pc nao inicia mais em modo normal so segurança. posso fazer isso em modo seguranaça???

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim... pode ser :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

All processes killed

========== OTL ==========

C:\Documents and Settings\Rodrigo\Dados de aplicativos\TrojanHunter folder moved successfully.

C:\Documents and Settings\Rodrigo\Dados de aplicativos\Yahoo!\Companion\Buttons folder moved successfully.

C:\Documents and Settings\Rodrigo\Dados de aplicativos\Yahoo!\Companion folder moved successfully.

C:\Documents and Settings\Rodrigo\Dados de aplicativos\Yahoo! folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrador

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Rodrigo

->Flash cache emptied: 3941 bytes

User: UpdatusUser

->Flash cache emptied: 56466 bytes

Total Flash Files Cleaned = 0,00 mb

Unable to start System Restore Service. Error code 10

[EMPTYTEMP]

User: Administrador

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 68227 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Rodrigo

->Temp folder emptied: 697683273 bytes

->Temporary Internet Files folder emptied: 43514458 bytes

->Flash cache emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1831964 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 73832 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 709,00 mb

OTL by OldTimer - Version 3.2.42.2 log created on 05032012_173255

Files\Folders moved on Reboot...

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\2[1].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[1].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[2].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[4].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[5].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[6].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[7].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[8].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\WK9JF0AU\like[9].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\PZ08EDGU\oauth[1].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\PZ08EDGU\xd_arbiter[1].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\PAD2ZHXP\ads[5].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\OJQGQJ7Q\SmartAd[1].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\KO25JMDX\xd_arbiter[2].htm moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\Content.IE5\4ZGHDEU2\ads[4].htm moved successfully.

File move failed. C:\Documents and Settings\Rodrigo\Configurações locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL logfile created on: 3/5/2012 17:45:30 - Run 2

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Rodrigo\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,25 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 83,63% Memory free

5,09 Gb Paging File | 4,82 Gb Available in Paging File | 94,69% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 128,00 Gb Total Space | 57,84 Gb Free Space | 45,19% Space Free | Partition Type: NTFS

Drive E: | 170,09 Gb Total Space | 128,51 Gb Free Space | 75,55% Space Free | Partition Type: NTFS

Drive F: | 379,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC-AIG988HQ684P | User Name: Rodrigo | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 23:12:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe

PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/03/29 16:38:28 | 000,204,232 | ---- | M] ( ) [Auto | Stopped] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2012/03/06 21:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/02/29 20:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/02/15 12:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/10/27 09:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/11/10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/05/12 11:16:50 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rodrigo\CONFIG~1\Temp\lac97inf.sys -- (lac97inf)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\ECS Motherboard Utility\eDLU\ECSIoDriver.sys -- (ECSIoDriver_1_1_0_0)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\98754032.sys -- (98754032)

DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\76641092.sys -- (76641092)

DRV - [2012/03/29 16:40:06 | 000,047,816 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2012/03/06 21:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 21:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 21:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 21:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 21:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 21:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 20:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/08/17 12:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2011/08/17 12:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2011/08/17 11:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011/08/17 11:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011/08/17 11:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2011/08/17 11:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/08/04 20:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2010/07/09 11:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)

DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2008/10/16 23:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/14 13:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2007/12/05 10:00:08 | 001,537,024 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC30x)

DRV - [2006/11/10 16:17:50 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2006/11/10 16:16:34 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2006/11/10 16:15:56 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2006/11/10 16:15:44 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {CA5A17F2-15A5-4731-8DF2-B27799D3EDE5}

IE - HKCU\..\SearchScopes\{CA5A17F2-15A5-4731-8DF2-B27799D3EDE5}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Arquivos de programas\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Arquivos de programas\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Arquivos de programas\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/01 21:16:38 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/24 19:08:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Banco Bradesco S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll (DivX, LLC)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll (DivX, LLC)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] C:\Arquivos de programas\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll (DivX, LLC)

O4 - HKLM..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Arquivos de programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Trusted sites)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] * in Trusted sites)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Trusted sites)

O15 - HKCU\..Trusted Domains: santander.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] * in Trusted sites)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Trusted sites)

O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289959826268 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290031355406 (MUWebControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518}: DhcpNameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{486058E7-0AA5-4E1C-978D-C1542B868518}: NameServer = 200.204.0.10,200.200.0.138

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\Arquivos de programas\GbPlugin\gbiehAbn.dll) - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (Banco Real)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/11/16 22:13:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 17:32:55 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/29 23:12:53 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys

[2012/04/29 23:12:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\stinger

[2012/04/29 23:11:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe

[2012/04/29 23:07:57 | 000,674,774 | ---- | C] (NoVirusThanks Company Srl ) -- C:\Documents and Settings\Rodrigo\Desktop\uploader_setup.exe

[2012/04/29 10:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Meus documentos\Autodata

[2012/04/29 00:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AutoData 2005-XP

[2012/04/29 00:45:10 | 000,000,000 | ---D | C] -- C:\Adcda2

[2012/04/29 00:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Desktop\Nova pasta (2)

[2012/04/24 19:18:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/04/24 19:05:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/04/19 23:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Meus documentos\FABIULA ARQUIVOS DO MADRE

[2012/04/18 23:14:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rodrigo\Recent

[2012/04/17 18:37:29 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/04/17 18:36:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/04/17 18:36:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/04/17 18:36:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/04/17 18:36:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/04/17 18:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/04/17 18:31:36 | 004,466,721 | R--- | C] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\ComboFix.exe

[2012/04/13 23:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\PCHealth

[2012/04/12 21:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Desktop\Nova pasta (5)

[2012/04/12 21:10:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\dds.scr

[2012/04/12 20:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Meus documentos\CNPJ

[2012/04/11 22:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Menu Iniciar\Programas\CCleaner

[2012/04/11 22:02:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner

[2012/04/11 21:03:32 | 000,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 30 Days ==========

[2012/05/03 17:45:17 | 000,480,272 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2012/05/03 17:45:17 | 000,444,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/05/03 17:45:17 | 000,084,210 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2012/05/03 17:45:17 | 000,072,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/05/03 17:41:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/05/03 17:30:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/05/02 17:08:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/29 23:12:53 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys

[2012/04/29 23:12:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe

[2012/04/29 23:08:00 | 000,674,774 | ---- | M] (NoVirusThanks Company Srl ) -- C:\Documents and Settings\Rodrigo\Desktop\uploader_setup.exe

[2012/04/29 23:05:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/04/29 22:35:37 | 000,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/04/29 22:33:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/04/29 21:36:59 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/29 16:05:57 | 000,001,696 | ---- | M] () -- C:\WINDOWS\Ky5s96SF.csa

[2012/04/29 11:45:35 | 133,204,952 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\setup_11.0.0.1245.x01_2012_04_29_17_36.exe

[2012/04/29 00:45:35 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoData2005XP.lnk

[2012/04/28 00:09:11 | 050,000,000 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part2.rar

[2012/04/25 21:13:06 | 000,223,727 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Meus documentos\Sensores de detonao.pdf

[2012/04/25 00:01:00 | 050,000,000 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part1.rar

[2012/04/24 19:08:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/04/23 21:41:17 | 001,239,109 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\BDUSBImmunizer1.zip

[2012/04/23 20:16:10 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\Rodrigo\default.pls

[2012/04/18 20:27:06 | 000,054,068 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/04/17 18:31:38 | 004,466,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\ComboFix.exe

[2012/04/16 21:06:23 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/04/13 23:09:30 | 000,048,639 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Meus documentos\gmer.JPG

[2012/04/13 20:51:57 | 000,043,389 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Meus documentos\avira.JPG

[2012/04/13 06:18:31 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/12 21:14:13 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\gmer.zip

[2012/04/12 21:10:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rodrigo\Desktop\dds.scr

[2012/04/11 22:02:27 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\CCleaner.lnk

[2012/04/11 21:17:25 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll

[2012/04/09 21:08:15 | 000,294,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2012/04/09 21:08:15 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[2012/04/09 21:01:34 | 000,294,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/29 11:45:25 | 133,204,952 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\setup_11.0.0.1245.x01_2012_04_29_17_36.exe

[2012/04/29 10:35:52 | 000,001,696 | ---- | C] () -- C:\WINDOWS\Ky5s96SF.csa

[2012/04/29 00:45:35 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoData2005XP.lnk

[2012/04/28 00:09:11 | 050,000,000 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part2.rar

[2012/04/25 21:13:06 | 000,223,727 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Meus documentos\Sensores de detonao.pdf

[2012/04/25 00:00:59 | 050,000,000 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Auto data 2005 XP.part1.rar

[2012/04/23 21:41:05 | 001,239,109 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\BDUSBImmunizer1.zip

[2012/04/17 18:37:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/04/17 18:37:30 | 000,261,920 | RHS- | C] () -- C:\cmldr

[2012/04/17 18:36:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/04/17 18:36:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/04/17 18:36:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/04/17 18:36:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/04/17 18:36:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/04/13 23:09:30 | 000,048,639 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Meus documentos\gmer.JPG

[2012/04/13 20:51:57 | 000,043,389 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Meus documentos\avira.JPG

[2012/04/12 21:14:08 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\gmer.zip

[2012/04/11 22:02:27 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\CCleaner.lnk

[2012/04/11 21:17:22 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll

[2012/04/03 20:44:41 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/16 17:30:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/03 21:29:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2012/01/03 21:29:00 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2012/01/03 21:28:59 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2011/11/27 00:28:12 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2011/11/16 21:26:18 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/10/31 20:58:55 | 000,000,606 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2011/10/31 19:43:30 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\fusioncache.dat

[2011/10/15 12:51:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2011/06/02 23:25:02 | 000,077,472 | ---- | C] () -- C:\WINDOWS\hpqins05.dat

[2011/06/02 23:10:58 | 000,191,737 | ---- | C] () -- C:\WINDOWS\hpwins20.dat.temp

[2011/06/02 23:10:58 | 000,002,428 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat.temp

[2011/06/01 22:29:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011/05/24 23:21:41 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/05/05 22:54:38 | 000,019,571 | ---- | C] () -- C:\WINDOWS\hpqins13.dat

[2011/05/04 20:37:04 | 000,054,068 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/05/02 18:50:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2011/04/27 23:10:48 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat

[2011/04/27 23:07:12 | 000,191,737 | ---- | C] () -- C:\WINDOWS\hpwins20.dat

[2011/04/27 23:07:12 | 000,002,428 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat

[2011/04/24 20:32:45 | 000,294,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/04/24 20:32:40 | 000,294,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/04/24 20:32:40 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/04/24 20:28:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/01 01:06:45 | 000,234,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2010/11/23 20:32:55 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010/11/17 17:59:15 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/17 14:22:04 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2010/11/17 13:33:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/11/17 00:34:11 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/11/17 00:34:11 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/11/17 00:34:10 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/11/17 00:16:46 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll

[2010/11/17 00:16:46 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll

[2010/11/17 00:08:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe

[2010/11/16 23:16:09 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/11/16 23:06:07 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll

[2010/11/16 23:06:05 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/11/16 23:04:51 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/16 22:14:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/11/16 22:11:43 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2010/11/16 23:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2012/03/26 22:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts

[2012/04/29 00:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2012/01/22 22:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

[2012/03/27 20:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

[2011/09/11 00:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NokiaInstallerCache

[2012/03/26 23:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Origin

[2011/05/03 19:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2012/03/29 23:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/05/04 20:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\bowers-wilkins.dlm.8336D9976F9EA57B9953BCD80947775C45DF3256.1

[2010/11/30 22:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers

[2010/11/25 19:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\FreeBurner

[2012/03/27 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Nokia

[2010/12/26 23:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Nokia Ovi Suite

[2012/03/12 16:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Origin

[2011/09/06 21:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\PC Suite

[2010/12/27 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Publish Providers

[2012/05/03 17:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Scpad

[2011/09/10 16:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Shareaza

[2011/03/29 21:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Sony

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 212 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Rodrigo\Meus documentos\Shareaza Downloads:Shareaza.GUID

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos lá, quando foi gerado o 1° log a maquina reiniciou porém no modo normal , so que não aparecia icone nenhum no desktop.

Reiniciei de novo so que abri em modo seguro com rede ai gerou o 1° log.

E no modo normal quando abre e congela tudo. estou atrás de um HD pra salvas meus arquivos to quase formatando a criatura.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodizzi

E no modo normal quando abre e congela tudo.
Muito estranho (_(

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites