Remoção de vírus

[Mr.Wolf]

De acordo com o log, trata-se do Vitro (file infector). O ElistarA limpou sete arquivos contaminados.

Quantos arquivos são?

[вяυиασ 1988]

São 10.

[Mr.Wolf]

Faça o seguinte:

Envie estes sete arquivos ao VirusTotal e verifique se realmente foram limpos. Se for confirmado, coloque-os dentro de uma pasta .rar e salve-os em um mídia (CD, DVD) ou outro dispositivo móvel (sem ser o pen drive usado, pois certamente está comprometido).

C:\Facul\Gestão.pdf
C:\Facul\Finança.pdf
C:\Facul\Preparação Jurídico.pdf
C:\Facul\Documentario Luis Henrique.doc
C:\Facul\Documentario Professor Paulinha.doc
C:\Facul\Gestão.doc
C:\Facul\CMJJ.doc

Quanto aos três demais arquivos, utilize as outras ferramentas que sugeri neste post.

[Safsprin]

Boa tarde, estou com um problema de travamento aleatório no Chrome, e desconfio que seja vírus. Toda vez que posto os logs aqui, dá erro e não carrega a página... Vou ficar tentando.

Tive que upar no 4Shared, não consegui postar aqui de maneira nenhuma...

Log OTL.rar - 4shared.com - online file sharing and storage - download

Obrigado adiantado!

[вяυиασ 1988]

Pronto. O Virustotal não achou nada nos 7. Vou zipar eles então e salvar no meu hd externo, será que rola? Eu não usei ele no backup.

Vou fazer o escan com os outros programas pra ver se limpo os outros 3 arquivos aqui. Como o Windows ainda tá cru e não instalei nada nele eu vou formatar denovo, o que vc acha? Logo depois de limpar todos os arquivos.

[Mr.Wolf]

Boa tarde, estou com um problema de travamento aleatório no Chrome, e desconfio que seja vírus. Toda vez que posto os logs aqui, dá erro e não carrega a página... Vou ficar tentando.

Tive que upar no 4Shared, não consegui postar aqui de maneira nenhuma...

Log OTL.rar - 4shared.com - online file sharing and storage - download

Obrigado adiantado!

Boa tarde, Safsprin!

Não há nada relacionado a malwares ou vírus em seu log.

Já verificou se o problema ocorre em outros navegadores? Entretanto, estou reparando que algumas pessoas estão reclamando de travamentos com a última versão do Chrome. Não sei se isso procede pois não uso Windows e nem o Chrome.

Como o Windows ainda tá cru e não instalei nada nele eu vou formatar denovo, o que vc acha? Logo depois de limpar todos os arquivos.

Mas é isso mesmo o que deve ser feito, Brunão.

[Safsprin]

Boa tarde, Safsprin!

Não há nada relacionado a malwares ou vírus em seu log.

Já verificou se o problema ocorre em outros navegadores? Entretanto, estou reparando que algumas pessoas estão reclamando de travamentos com a última versão do Chrome. Não sei se isso procede pois não uso Windows e nem o Chrome.



Mas é isso mesmo o que deve ser feito, Brunão.

Valeu!! Fiquei meio desconfiado porque peguei minhas sobrinhas usando meu pc (já botei senha!!), e depois disso, ocorreram os problemas. Vou instalar o Firefox e ver se o problema continua!

[Mr.Wolf]

Valeu!! Fiquei meio desconfiado porque peguei minhas sobrinhas usando meu pc (já botei senha!!), e depois disso, ocorreram os problemas. Vou instalar o Firefox e ver se o problema continua!

Se o problema persistir com o Firefox, peço que me informe.

[вяυиασ 1988]

Faça o seguinte:

Envie estes sete arquivos ao VirusTotal e verifique se realmente foram limpos. Se for confirmado, coloque-os dentro de uma pasta .rar e salve-os em um mídia (CD, DVD) ou outro dispositivo móvel (sem ser o pen drive usado, pois certamente está comprometido).

Quanto aos três demais arquivos, utilize as outras ferramentas que sugeri neste post.

Wolf, consegui limpar os outros arquivos e mais alguns com o Norman Malware lá que vc me indicou. Mandei pro Virustotal e nada foi encontrado, dai zipei igual aos outros e joguei no hd externo. Constatei que já arrumou tudo aqui e então ja formatei o pc denovo.

Agora o pc tá rodando redondinho cara graças a vc. Sem sua ajuda eu tava ferrado. Valeu mesmo

Mas fiquei curioso com esses virus que tu citou ae, esses tal file infector e pá. O que seria isso? Como posso me proteger deles de agora em diante? Por onde eles vem?

Desculpa as perguntas mas eu quero proteger totalmente meu pc desses virus. Se eu perdesse meus arquivos eu tava fuuuudido na facul.

Te devo essa brother. Valeuzão

[Vicalvi]

Ola Mr.Wolf, faz algum tempo que não posto meu log do HijackThis, estou colando ele aqui para você verificar se possível, obrigado desde já.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:11, on 31/01/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DU Meter\DUMeter.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Guto\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Guto\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Guto\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 78.47.251.150 easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.com # misleading site
O1 - Hosts: 78.47.251.150 Parabens! # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.org # misleading site
O1 - Hosts: 78.47.251.150 Welcome to www.easyanticheat.org - Search Results for "easyanticheat.org" # misleading site
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC549445-3429-4778-BF30-8D204F7C311B}: NameServer = 192.168.3.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8828 bytes

[Mr.Wolf]

Mas fiquei curioso com esses virus que tu citou ae, esses tal file infector e pá. O que seria isso? Como posso me proteger deles de agora em diante? Por onde eles vem?

No Google você encontra informações mais detalhadas. Mas, resumidamente explicando: File Infector, também conhecido como Vírus Polimórfico ou Parasita, é um tipo de praga que, após executada, modifica praticamente todos os .exe, .dll, .doc, .com, .scr, e etc, inserindo códigos maliciosos. Além de afetar até mesmo os serviços e processos das soluções de segurança instaladas do computador, ele não pode ser removido, mas sim tratado, pois se propaga por arquivos legítimos do sistema. Na maioria dos casos, dependendo da variante do malware, somente formatação resolve!

Os meios de proteção são os normais, incluindo o principal, bom senso. Embora seja um malware totalmente complexo e incômodo, sua infecção ocorre de maneira comum, como qualquer outro malware: Download de arquivos maliciosos, páginas web comprometidas, links infectados via MSN, enfim...

Ola Mr.Wolf, faz algum tempo que não posto meu log do HijackThis, estou colando ele aqui para você verificar se possível, obrigado desde já.

Olá Vicalvi,

O log, aparentemente, está limpo.

Foi você mesmo quem adicionou os IPs no hosts do Windows?

[Vicalvi]

Estais falando destas linhas aqui?

Hosts: 78.47.251.150 easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.com # misleading site
O1 - Hosts: 78.47.251.150 Parabens! # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.org # misleading site
O1 - Hosts: 78.47.251.150 Welcome to gamecheatss.net - Search Results for "easyanticheat.org" # misleading site

Não, não fui eu. Mais sei do que se trata, é um programa anti-cheater usado no CCS para jogar campeonatos. De qualquer forma, tem algum problema em deixar esses IP's no Hosts?

[Mr.Wolf]

Não, não fui eu. Mais sei do que se trata, é um programa anti-cheater usado no CCS para jogar campeonatos. De qualquer forma, tem algum problema em deixar esses IP's no Hosts?

Não, problema nenhum. Só perguntei para ver se você tinha ciência do que se tratava. Os IPs não estão redirecionando para websites comprometidos. Mas é sempre bom perguntar, pois muitos malwares adicionam IPs no hosts sem que o usuário saiba.

No mais, algum problema na máquina?

[Vicalvi]

Não, problema nenhum. Só perguntei para ver se você tinha ciência do que se tratava. Os IPs não estão redirecionando para websites comprometidos. Mas é sempre bom perguntar, pois muitos malwares adicionam IPs no hosts sem que o usuário saiba.

No mais, algum problema na máquina?

Nadinha, mais é sempre bom prevenir e perguntar para quem entende das coisas.

Muito obrigado Mr.Wolf.

[Daniel_Sun]

Olá , segue um log do HijackThis, por favor analizem pois a maquina está muito lenta ...

Obrigado

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:44:49, on 06/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Meus documentos\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (FuturemarkSystemInfoX Class) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files (x86)\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: 1270925823 (.1270925823) - Unknown owner - C:\Program Files (x86)\1270925823\Daniel1270925823L.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9010 bytes

[agorasim™]

boa tarde.
gostaria de solicitar mais uma vez, se possível à ajuda do nobre colega, que tanto colabora com usuarios dessa comunidade.

um breve relato do problema.

estou tendo problema com site da caixaeconomica, que naum abre aqui desde semana final da semana passada (o restante dos bancos abre de boa)
já mandei limpar,corrigir, excluir cookier, arquivos temporarios e nada, já tentei ate restauração no sistema ( por duas vezes em ambas acusa falha ), já desativei antivirus (avira internet security 2012). e nada adianta.
tbm já testei com 3 bronser e sempre a mesma coisa. só o site da caixa continua com problema aqui. Antes de apelar pra uma formatação, pesso ao nobre colega....que me der umas orientações pra ver se me livro da formatação.
desde já agradeço pela disposição do amigo.

edit: segue o log hijackthis

OTL logfile created on: 07/02/2012 14:55:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paulo\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,69% Memory free
7,98 Gb Paging File | 6,13 Gb Available in Paging File | 76,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128,91 Gb Total Space | 73,75 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 127,01 Gb Free Space | 61,93% Space Free | Partition Type: NTFS
Drive E: | 206,90 Gb Total Space | 155,87 Gb Free Space | 75,34% Space Free | Partition Type: NTFS

Computer Name: PAULO-PC | User Name: Paulo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 14:53:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paulo\Downloads\OTL.exe
PRC - [2012/01/16 01:38:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 11:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/21 16:31:24 | 000,204,872 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2011/12/01 17:50:20 | 000,086,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 17:50:08 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011/12/01 17:50:06 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/12/01 17:50:06 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/12/01 17:50:06 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/01 17:50:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/16 01:38:39 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/18 02:22:02 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\detour32.dll
MOD - [2011/05/13 16:03:34 | 000,074,616 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Messenger\ShareAnythingControlRes.dll
MOD - [2011/05/13 15:40:38 | 000,010,616 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Messenger\pt-br\ShareAnythingControllang.dll.mui
MOD - [2011/05/13 14:59:00 | 000,018,792 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Shared\pt-br\wliduxloc.dll.mui
MOD - [2011/05/13 14:58:54 | 000,024,936 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Shared\pt-br\uxctlloc.dll.mui


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/28 19:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 11:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/21 16:31:24 | 000,204,872 | ---- | M] ( ) [Unknown | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2011/12/08 02:15:55 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/01 17:50:20 | 000,086,736 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 17:50:08 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/12/01 17:50:06 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/12/01 17:50:06 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/12/01 17:50:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/01 17:50:33 | 000,139,512 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2011/12/01 17:50:33 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/01 17:50:33 | 000,113,768 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2011/12/01 17:50:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/01 17:50:33 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/11/06 16:55:32 | 001,266,688 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011/07/28 20:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 18:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 20:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/04 04:51:15 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2010/11/21 01:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 01:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 01:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 01:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 01:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 18:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/12 11:49:26 | 000,114,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) Realtek 10/100/1000 PCI NIC Family NDIS XP(x64)
DRV - [2011/12/21 16:32:06 | 000,045,896 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2010/05/26 22:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 34 00 5E 3E 89 CC 01 [binary data]
IE - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/ig"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search. defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search. defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search. selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/ig"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_10 2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paulo\AppData\Local\Google\Update\1.3.21. 99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paulo\AppData\Local\Google\Update\1.3.21. 99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/16 01:38:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/07 14:27:07 | 000,000,000 | ---D | M]

[2011/11/12 04:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulo\AppData\Roaming\mozilla\Extensions
[2012/01/27 19:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulo\AppData\Roaming\mozilla\Firefox\Pro files\wpizrn1q.default\extensions
[2012/02/07 14:27:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Paulo\AppData\Roaming\mozilla\Firefox\Pro files\wpizrn1q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/18 12:21:58 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\Paulo\AppData\Roaming\mozilla\Firefox\Pro files\wpizrn1q.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2012/01/16 01:43:28 | 000,000,000 | ---D | M] (Adicional de Seguranca CAIXA) -- C:\Users\Paulo\AppData\Roaming\mozilla\Firefox\Pro files\wpizrn1q.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
[2012/01/16 01:41:14 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Users\Paulo\AppData\Roaming\mozilla\Firefox\Pro files\wpizrn1q.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2011/12/11 00:38:41 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Paulo\AppData\Roaming\mozilla\Firefox\Pro files\wpizrn1q.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/11/15 21:08:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Paulo\AppData\Roaming\mozilla\Firefox\Pro files\wpizrn1q.default\extensions\ffxtlbr@babylon. com
[2011/12/11 00:38:38 | 000,003,915 | ---- | M] () -- C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Pro files\wpizrn1q.default\searchplugins\sweetim.xml
[2012/01/27 03:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/02/07 14:27:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/16 01:38:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/27 03:15:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/16 01:38:38 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2012/01/16 01:38:38 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2012/01/16 01:38:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/01/16 01:38:38 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/01/16 01:38:38 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: Pesquisa do Google = C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\

O1 HOSTS File: ([2011/11/12 14:16:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2288058773-3325288997-4265356278-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2288058773-3325288997-4265356278-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-2288058773-3325288997-4265356278-1001\..Trusted Domains: caixaeconomicafederal.com.br ([www] https in Sites confiáveis)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{83500F7B-73A9-40F3-B9F1-C3F6FE96002A}: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{E2741D3E-6726-4060-8A7C-EA345E44C33F}: DhcpNameServer = 200.204.0.10 200.204.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 13:40:21 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Google Chrome
[2012/02/07 13:38:06 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\Google
[2012/02/07 13:12:27 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{797044D1-3C1B-42DF-BCF0-0194DF427132}
[2012/02/07 13:12:04 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{916381EA-EE9A-469C-A40C-25A81CF53537}
[2012/02/07 01:11:38 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{6EBFE593-ACD9-4E94-BDE0-AACE81843152}
[2012/02/06 13:11:02 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{29F3B7EE-6A58-48C4-AFD5-40A2BBE88A2A}
[2012/02/06 13:10:38 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{36D5BF0A-E00F-4FF7-9A81-D595E79586C4}
[2012/02/05 23:45:59 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{C72373A5-F65C-45C5-92D7-A5CCB00E849D}
[2012/02/05 11:45:22 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{CA03CFE4-6E9F-45E7-8366-06C6B2F7591E}
[2012/02/05 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{0B81F10D-5B4E-4254-8DC4-A85E212BA29F}
[2012/02/04 23:44:33 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{48673BC4-A9FA-4B4F-A989-0731905810D2}
[2012/02/04 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{07074168-B532-4930-B8E4-8A38C827C1D7}
[2012/02/04 11:43:33 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{2F8B861A-B4D8-47DB-91F3-E4D787CB8A5E}
[2012/02/03 23:43:06 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{2A75CEF4-9AAC-4B84-A30F-5753DD4AA2E3}
[2012/02/03 23:42:43 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{3054A94B-717B-448F-93DB-CA6C6F2C99C8}
[2012/02/03 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{0178F608-7892-4511-B4E8-8EF585B95FE2}
[2012/02/03 11:41:54 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{22B8C4BA-C90C-4045-9CE6-FC11993AE23C}
[2012/02/02 23:41:28 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{33B3F533-FEB5-4D09-AAB0-C971961D15F5}
[2012/02/02 23:41:05 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{ACD22408-50B5-4AAD-8FFB-4B4AAB7C1796}
[2012/02/02 11:40:39 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{206029D1-D1D3-40EC-9765-EE3B8B2E789D}
[2012/02/02 11:40:24 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{4E0B2C30-559E-4E61-A379-691457220FFB}
[2012/02/01 13:52:15 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{C6D747B9-338F-4DFE-BEAB-2B6BEAE2B8C3}
[2012/02/01 13:51:52 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{4B81E151-C289-48AB-9050-10D46272A962}
[2012/02/01 01:51:25 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{B00FFF92-C05C-4207-BAE9-F7668C978621}
[2012/02/01 01:51:02 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{90ECA788-84C0-4DDB-9684-E84567788C14}
[2012/01/31 13:54:39 | 000,000,000 | ---D | C] -- C:\Users\Paulo\Documents\Remote Assistance Logs
[2012/01/31 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{DCDBC1A5-2036-4136-A982-B2B84FE302DB}
[2012/01/31 13:50:13 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{44EC076F-4D56-4041-8F75-9C8707D95AE7}
[2012/01/31 10:58:18 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 10:58:18 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 10:58:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 10:58:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 10:58:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 10:58:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/31 01:49:46 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{B0869F4C-611C-4A81-8738-BCD00C5C7958}
[2012/01/31 01:49:19 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{E0CC8944-4E74-43EC-94EC-8451F388247C}
[2012/01/30 13:48:52 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{F79F22A8-C8C0-4248-967C-F763E2982022}
[2012/01/30 13:48:29 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{6F201B03-3C92-475A-AB95-D5526B738A42}
[2012/01/30 00:33:38 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{1ED44F19-C01F-4468-AD84-3C8D80084605}
[2012/01/30 00:33:14 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{89885335-F13F-49BF-81DE-3EEA9CC743A4}
[2012/01/29 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{3B3AF232-BDD9-4630-908E-1102A1F68AA7}
[2012/01/29 12:32:32 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{1A1AB055-B87A-422B-971D-FB3FBC3AC36F}
[2012/01/28 20:04:28 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{D0C01997-A7E4-4C42-AE52-8DBAE9034033}
[2012/01/28 20:04:14 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{B0F2078F-8E6A-44E6-AADA-4DD6CB786BAC}
[2012/01/27 14:01:53 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{C6A70347-C193-468C-94D3-A28061DCF436}
[2012/01/27 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{B58CF549-F649-489C-A100-BBE47732A9B1}
[2012/01/27 03:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/27 03:15:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/27 03:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/27 03:15:16 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/27 03:15:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/27 03:15:16 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/27 03:15:16 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/27 03:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/01/27 02:01:04 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{E9D97D08-42D3-4469-B896-57A0DE51DC18}
[2012/01/27 02:00:41 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{0AD6CC0F-F146-4BE9-B67B-78DAF317F92B}
[2012/01/26 14:00:15 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{FD5C18F9-A8D7-4393-8C18-BCF5425AF20E}
[2012/01/26 13:59:52 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{1BBED750-712F-4111-822C-C3A7C5D6D2FF}
[2012/01/26 01:58:42 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{4338A3B7-763D-4B61-A242-3E2F108B0C47}
[2012/01/26 01:58:12 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{D62CC233-7491-43C2-981D-694CC848F2C9}
[2012/01/25 13:57:33 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{7F70BF46-2A24-4DC1-86F7-6A5D179249DB}
[2012/01/25 13:57:20 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{303B2281-509A-4B57-9B10-A1E1930670FD}
[2012/01/25 01:13:57 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{477B562D-5661-47A0-A91C-B5FA2D580327}
[2012/01/25 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{B15BCCFB-B9D4-49DE-B0C3-DF93C7850C51}
[2012/01/24 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{F2B47D2A-FA9D-477E-802F-58188BCA2FFC}
[2012/01/24 13:13:11 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{09782764-2BB0-439A-98B9-2117ED0DB063}
[2012/01/24 00:59:00 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{13A480B4-E3C7-4035-9CDF-0142EC567C03}
[2012/01/24 00:58:38 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{39AD6032-0445-4916-9EA4-1C3EE4C65519}
[2012/01/23 12:58:19 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{EB27AC1C-B1C2-44A4-9984-BBBB0562183A}
[2012/01/23 12:57:53 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{EA487175-72CB-4156-A37C-069BE406E7CF}
[2012/01/23 00:42:51 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{F9CA6086-9720-46E6-B2E3-ECA2568618D2}
[2012/01/23 00:42:28 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{40C00540-F2F9-487F-B297-12A6CEE307D9}
[2012/01/22 12:42:00 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{3F038C88-C77A-4476-9868-7352BA672A8C}
[2012/01/22 12:41:44 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{F8FA8D0F-FAC5-449F-A28F-5FE733FF07A4}
[2012/01/22 00:27:33 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{20668927-5C8F-419A-B430-666C8635690C}
[2012/01/22 00:27:10 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{9D1DB3CE-2B25-437D-B34B-B34CE6754F52}
[2012/01/21 12:26:43 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{0B372233-90CC-4BF1-B4B2-C6BF89E857E9}
[2012/01/21 12:26:21 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{FAEA7C2F-7FB0-43A1-97A7-37FDE9AF41C4}
[2012/01/21 00:25:54 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{7243C4F8-63DA-48FC-A026-7DEE9D093880}
[2012/01/21 00:25:31 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{FFE32960-951A-4CCB-A0D2-676AE2C505FC}
[2012/01/21 00:25:31 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{7BC684CF-C774-4028-BAD3-62B57C1F602B}
[2012/01/20 12:25:02 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{B86D745D-27E0-4F94-8FD5-719580CC195C}
[2012/01/20 12:24:38 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{89297693-554B-489A-8A01-6E97AF5B550D}
[2012/01/19 16:55:10 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{F2549BEC-1BE0-4F62-9CB0-6BA47819DC5C}
[2012/01/19 16:54:45 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{1BFD3108-7554-4960-B434-3E7181085654}
[2012/01/19 03:16:18 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{4D425E61-F796-4BE9-8474-73CD035DF6FD}
[2012/01/19 03:15:55 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{444EBFA5-6837-4045-91B3-7C271F820229}
[2012/01/18 15:15:03 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{9D3B0B3C-7DCA-4B80-BCDA-50DA237BA497}
[2012/01/18 15:14:47 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\{165D6B09-F270-48DA-BE2B-427E37BA3C55}
[2012/01/18 14:59:27 | 000,000,000 | ---D | C] -- C:\Users\Paulo\AppData\Local\Windows Live
[2012/01/11 09:37:35 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 09:37:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 09:37:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 09:37:35 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 09:37:33 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 09:37:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 09:37:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

========== Files - Modified Within 30 Days ==========

[2012/02/07 14:43:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2288058773-3325288997-4265356278-1001UA.job
[2012/02/07 14:28:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 14:28:08 | 3212,959,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 13:43:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2288058773-3325288997-4265356278-1001Core.job
[2012/02/07 13:40:23 | 000,002,324 | ---- | M] () -- C:\Users\Paulo\Desktop\Google Chrome.lnk
[2012/02/07 02:20:38 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 02:20:38 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 22:47:51 | 002,233,462 | ---- | M] () -- C:\Users\Paulo\Documents\DSC_5372.JPG
[2012/02/05 22:17:30 | 002,495,933 | ---- | M] () -- C:\Users\Paulo\Documents\DSC_5370.JPG
[2012/02/03 16:18:06 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2012/02/03 16:18:06 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/02/03 16:18:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/02/03 10:36:44 | 001,517,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 10:36:44 | 000,663,606 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/02/03 10:36:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 10:36:44 | 000,127,896 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/02/03 10:36:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/02 15:07:07 | 001,745,372 | ---- | M] () -- C:\Users\Paulo\Documents\Attachments_2012_02_2.zip
[2012/02/02 09:06:58 | 000,873,349 | ---- | M] () -- C:\Users\Paulo\Documents\2012-02-01 17.01.05.jpg
[2012/01/27 03:15:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/27 03:15:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/27 03:15:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/27 03:15:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files Created - No Company Name ==========

[2012/02/07 13:40:23 | 000,002,324 | ---- | C] () -- C:\Users\Paulo\Desktop\Google Chrome.lnk
[2012/02/07 13:38:08 | 000,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2288058773-3325288997-4265356278-1001UA.job
[2012/02/07 13:38:07 | 000,001,026 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2288058773-3325288997-4265356278-1001Core.job
[2012/02/05 22:47:32 | 002,233,462 | ---- | C] () -- C:\Users\Paulo\Documents\DSC_5372.JPG
[2012/02/05 22:16:36 | 002,495,933 | ---- | C] () -- C:\Users\Paulo\Documents\DSC_5370.JPG
[2012/02/02 15:27:18 | 000,873,349 | ---- | C] () -- C:\Users\Paulo\Documents\2012-02-01 17.01.05.jpg
[2012/02/02 15:27:12 | 001,745,372 | ---- | C] () -- C:\Users\Paulo\Documents\Attachments_2012_02_2.zip
[2012/01/18 15:08:50 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/13 22:48:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/12 23:58:00 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2011/10/12 22:37:27 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/08/24 21:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/03/17 15:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/15 21:07:50 | 000,000,000 | ---D | M] -- C:\Users\Paulo\AppData\Roaming\Babylon
[2011/11/15 16:52:34 | 000,000,000 | ---D | M] -- C:\Users\Paulo\AppData\Roaming\OpenCandy
[2011/10/13 01:41:57 | 000,000,000 | ---D | M] -- C:\Users\Paulo\AppData\Roaming\Panda Security
[2012/02/03 16:19:23 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 309 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

< End of report >

OTL Extras logfile created on: 07/02/2012 14:55:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paulo\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,69% Memory free
7,98 Gb Paging File | 6,13 Gb Available in Paging File | 76,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128,91 Gb Total Space | 73,75 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 127,01 Gb Free Space | 61,93% Space Free | Partition Type: NTFS
Drive E: | 206,90 Gb Total Space | 155,87 Gb Free Space | 75,34% Space Free | Partition Type: NTFS

Computer Name: PAULO-PC | User Name: Paulo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2288058773-3325288997-4265356278-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{26F8AE36-AC4D-A641-9BA5-8ED97E74CC51}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5CD4705D-8EED-4C6B-9B52-6A1FFC39332B}" = Software básico do dispositivo HP Deskjet 1000 J110 series
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{C5823264-8DFC-6E63-9D69-A35B1A98B537}" = AMD Media Foundation Decoders
"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17C515BE-9EA8-BB8C-28FB-13731C5FD301}" = Catalyst Control Center
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5F1B30-B10B-4579-86DD-D00F662E1046}" = Nero 8
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C785836-A576-444B-9DD0-74E878695A56}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner 1.7.3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Ajuda
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25E9970-864D-2AE6-70A2-51D9C6FEF480}" = Catalyst Control Center InstallProxy
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8F817ED-7F1D-05A5-1374-C6D115BC9051}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Internet Security 2012
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 9.0.1 (x86 pt-BR)" = Mozilla Firefox 9.0.1 (x86 pt-BR)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 2.0.2
"Steam App 10690" = Virtua Tennis 2009
"Steam App 12750" = GRID
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2288058773-3325288997-4265356278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/02/2012 12:17:43 | Computer Name = Paulo-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 07/02/2012 12:17:43 | Computer Name = Paulo-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07/02/2012 12:17:43 | Computer Name = Paulo-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07/02/2012 12:17:43 | Computer Name = Paulo-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 07/02/2012 12:17:43 | Computer Name = Paulo-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 07/02/2012 12:17:43 | Computer Name = Paulo-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 07/02/2012 12:17:50 | Computer Name = Paulo-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/02/2012 12:28:26 | Computer Name = Paulo-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x80070005.

Error - 07/02/2012 12:29:12 | Computer Name = Paulo-PC | Source = System Restore | ID = 8210
Description =

Error - 07/02/2012 12:29:55 | Computer Name = Paulo-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30/01/2012 15:07:06 | Computer Name = Paulo-PC | Source = DCOM | ID = 10010
Description =

Error - 30/01/2012 22:49:00 | Computer Name = Paulo-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro: %%5

Error - 30/01/2012 23:49:00 | Computer Name = Paulo-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro: %%5

Error - 31/01/2012 00:49:00 | Computer Name = Paulo-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro: %%5

Error - 31/01/2012 01:48:10 | Computer Name = Paulo-PC | Source = DCOM | ID = 10010
Description =

Error - 31/01/2012 14:35:25 | Computer Name = Paulo-PC | Source = DCOM | ID = 10010
Description =

Error - 01/02/2012 02:01:52 | Computer Name = Paulo-PC | Source = yukonw7 | ID = 458853
Description = Driver status 1

Error - 01/02/2012 02:01:52 | Computer Name = Paulo-PC | Source = yukonw7 | ID = 458853
Description = Driver status 1

Error - 01/02/2012 02:01:52 | Computer Name = Paulo-PC | Source = yukonw7 | ID = 458853
Description = Driver status 1

Error - 01/02/2012 03:33:09 | Computer Name = Paulo-PC | Source = DCOM | ID = 10010
Description =


< End of report >

PS: é um prazer em ver o colega novamente ativo no forum, essa comunidade ganha muito com a sua imensa e boa vontade de ajudar. vlw

[Luminatti]

Bom Eu vi esse topico Aqui no google eu estava Atras de alguma coisa pra saber se o processo explore.exe esta com Virus pq dps que meu amigo Coloco o pendrive dele na minha maquina e passo um jogo pra min a net Fica muito Lenta nao sei mais oque fazer Aqui esta o Log

[spolier]OTL logfile created on: 07/02/2012 16:50:56 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ivo\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,35% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 412,40 Gb Free Space | 88,56% Space Free | Partition Type: NTFS

Computer Name: IVO-PC | User Name: Ivo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 16:50:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ivo\Downloads\OTL.exe
PRC - [2012/02/07 16:49:46 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Arquivos de Programas\Trend Micro\HijackThis\HijackThis.exe
PRC - [2012/02/07 16:16:51 | 000,737,656 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de Programas\uTorrent\uTorrent.exe
PRC - [2012/02/01 17:22:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 16:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/24 16:51:19 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Arquivos de Programas\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 06:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 06:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Arquivos de Programas\Ask.com\Updater\Updater.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/26 03:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 23:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/01 17:22:57 | 001,911,768 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll
MOD - [2012/01/31 14:27:02 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/09 19:44:22 | 000,166,912 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 15:11:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 15:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 15:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 15:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 15:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 15:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 15:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/15 06:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 20:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sobre a Ask.com Brasil
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 C8 04 C1 6C DF CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/05 07:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 17:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/05 14:47:13 | 000,000,000 | ---D | M]

[2012/01/30 15:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivo\AppData\Roaming\mozilla\Extensions
[2012/02/07 11:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivo\AppData\Roaming\mozilla\Firefox\Profi les\mm63f6fl.default\extensions
[2012/02/07 11:19:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Ivo\AppData\Roaming\mozilla\Firefox\Profi les\mm63f6fl.default\extensions\toolbar@ask.com
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profi les\mm63f6fl.default\searchplugins\askcom.xml
[2012/02/01 18:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2012/02/05 07:08:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/01 17:22:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 03:07:30 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2011/12/21 03:07:30 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2011/12/21 02:46:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/12/21 03:07:30 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/12/21 03:07:30 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2009/06/10 19:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PlusService] C:\Arquivos de Programas\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{03A38CD2-DFCA-4E7D-B57C-1E48629E69F0}: NameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{29391A85-C734-4B88-9F3D-CDC837B4812B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b40f8cd5-4b58-11e1-b9aa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b40f8cd5-4b58-11e1-b9aa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SCDAAutorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 16:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/02/07 16:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/07 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/02/07 16:15:11 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\uTorrent
[2012/02/07 15:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/07 15:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/07 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\Ivo\Desktop\CombatArms
[2012/02/07 12:33:00 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Vitalwerks
[2012/02/07 12:19:32 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\No-IP DUC
[2012/02/07 12:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2012/02/07 11:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Movie Maker
[2012/02/07 11:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\YUMediaCodec
[2012/02/07 11:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Movie Maker
[2012/02/07 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Downloaded Installations
[2012/02/07 11:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2012/02/07 11:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/02/07 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\DsNET Corp
[2012/02/07 10:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up!
[2012/02/07 10:03:38 | 000,000,000 | ---D | C] -- C:\Level Up! Games
[2012/02/05 11:53:49 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/02/05 11:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Entertainment
[2012/02/05 11:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Entertainment
[2012/02/05 11:41:50 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\InstallShield
[2012/02/05 07:09:59 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Google
[2012/02/05 07:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/05 07:09:58 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/05 07:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/05 07:09:57 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/05 07:09:55 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/05 07:09:55 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/05 07:09:54 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/05 07:09:52 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/05 07:08:38 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/05 07:08:37 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/05 07:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/05 07:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/04 19:24:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/02/04 19:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012/02/04 19:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/02/04 19:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2012/02/04 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Ivo\Documents\Messenger Plus
[2012/02/04 10:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2012/02/03 19:43:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012/02/03 19:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/02/03 19:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/02/03 16:42:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/03 15:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2012/02/03 15:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\{637ECCC1-848D-487F-91FE-D3883BE4BC53}
[2012/02/03 15:28:28 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\{8F31E15B-D760-445C-922D-BFE158AE84FE}
[2012/02/03 15:28:05 | 000,000,000 | ---D | C] -- C:\Users\Ivo\Tracing
[2012/02/03 14:50:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/02/03 13:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/02/03 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/03 12:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/03 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/03 12:36:09 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Windows Live
[2012/02/03 12:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/02/03 08:59:36 | 000,000,000 | ---D | C] -- C:\Users\Ivo\Documents\PointBlank
[2012/02/03 08:38:29 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\PointBlank
[2012/02/02 22:21:17 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/02/02 21:15:44 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\TS3Client
[2012/02/02 21:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/02/02 21:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/02/02 00:00:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/01 23:59:39 | 000,000,000 | ---D | C] -- C:\3df53de2fe645652a71829ad876e
[2012/02/01 12:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank
[2012/02/01 12:25:59 | 000,000,000 | ---D | C] -- C:\ongame
[2012/02/01 12:19:24 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Leadertech
[2012/02/01 12:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2012/02/01 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2012/01/31 22:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/31 16:59:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/01/31 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\NVIDIA
[2012/01/31 15:01:28 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Tibia
[2012/01/31 14:58:41 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Macromedia
[2012/01/31 14:58:41 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Adobe
[2012/01/31 14:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asprate
[2012/01/31 14:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate
[2012/01/31 14:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
[2012/01/31 14:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia
[2012/01/31 14:27:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/01/31 14:26:03 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Desktop\[8.60]Projeto Global Compacto
[2012/01/31 12:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/01/31 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\Ivo\Desktop\BackUp
[2012/01/31 12:24:39 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\WinRAR
[2012/01/31 12:24:39 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\WinRAR
[2012/01/31 12:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/31 12:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/31 12:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/01/31 12:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/01/31 12:12:03 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/01/31 12:08:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/01/30 19:39:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/01/30 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/30 18:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/01/30 18:45:38 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/01/30 17:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/30 17:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/30 17:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/30 17:16:52 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/01/30 16:00:05 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Games
[2012/01/30 15:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2012/01/30 15:44:09 | 000,000,000 | ---D | C] -- C:\Users\Ivo\Documents\GTA San Andreas User Files
[2012/01/30 15:44:08 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\San Andreas Multiplayer
[2012/01/30 15:01:10 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Mozilla
[2012/01/30 15:01:10 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Mozilla
[2012/01/30 15:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/30 14:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2012/01/30 14:34:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/01/30 14:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/01/30 14:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/01/30 13:59:13 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Diagnostics
[2012/01/30 13:57:24 | 000,000,000 | ---D | C] -- C:\D
[2012/01/30 13:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\DRV
[2012/01/30 13:48:32 | 000,000,000 | R--D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup
[2012/01/30 13:48:32 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Searches
[2012/01/30 13:48:32 | 000,000,000 | R--D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Administrative Tools
[2012/01/30 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Identities
[2012/01/30 13:48:23 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Contacts
[2012/01/30 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\VirtualStore
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\AppData\Local\Temporary Internet Files
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\SendTo
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Recent
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Modelos
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Documents\Minhas músicas
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Documents\Minhas imagens
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Documents\Meus vídeos
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Meus documentos
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Menu Iniciar
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\AppData\Local\Histórico
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Dados de aplicativos
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\AppData\Local\Dados de aplicativos
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Cookies
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Configurações locais
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Ambiente de rede
[2012/01/30 13:48:11 | 000,000,000 | -HSD | C] -- C:\Users\Ivo\Ambiente de impressão
[2012/01/30 13:48:10 | 000,000,000 | --SD | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Videos
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Saved Games
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Pictures
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Music
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Maintenance
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Links
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Favorites
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Downloads
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Documents
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\Desktop
[2012/01/30 13:48:10 | 000,000,000 | R--D | C] -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Accessories
[2012/01/30 13:48:10 | 000,000,000 | -H-D | C] -- C:\Users\Ivo\AppData
[2012/01/30 13:48:10 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Temp
[2012/01/30 13:48:10 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Local\Microsoft
[2012/01/30 13:48:10 | 000,000,000 | ---D | C] -- C:\Users\Ivo\AppData\Roaming\Media Center Programs
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\Sistema
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas
[2012/01/30 13:48:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Arquivos Comuns
[2012/01/30 13:43:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/01/30 13:40:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/01/30 13:40:20 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2008/06/16 16:06:12 | 000,548,919 | ---- | C] ( ) -- C:\Windows\System32\colorcvt.dll
[2008/06/16 16:06:12 | 000,065,602 | ---- | C] ( ) -- C:\Windows\System32\cook.dll
[2008/03/30 07:42:46 | 000,557,056 | ---- | C] ( ) -- C:\Windows\System32\raac.dll
[2008/03/30 07:42:46 | 000,286,720 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[2008/03/30 07:42:46 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\drv2.dll
[2008/03/30 07:42:46 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\sipr.dll
[2008/03/30 07:42:46 | 000,090,112 | ---- | C] ( ) -- C:\Windows\System32\atrc.dll
[2008/03/30 07:42:46 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\rv20.dll
[2008/03/30 07:42:46 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\rv30.dll
[2008/03/30 07:42:46 | 000,049,152 | ---- | C] ( ) -- C:\Windows\System32\rv40.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 16:49:47 | 000,002,039 | ---- | M] () -- C:\Users\Ivo\Desktop\HijackThis.lnk
[2012/02/07 16:29:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 16:16:52 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/02/07 15:49:46 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 15:49:46 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 15:46:49 | 000,663,606 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/02/07 15:46:49 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/07 15:46:49 | 000,127,896 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/02/07 15:46:49 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/07 15:43:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 15:42:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 15:42:19 | 1609,412,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 15:31:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/07 11:35:06 | 000,003,584 | ---- | M] () -- C:\Users\Ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/07 11:35:03 | 020,462,080 | ---- | M] () -- C:\rzcapture.avi
[2012/02/07 11:31:56 | 000,002,757 | ---- | M] () -- C:\Users\Public\Desktop\Youtube Movie Maker.lnk
[2012/02/07 11:19:56 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012/02/07 11:19:56 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Video Search.lnk
[2012/02/07 11:19:45 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/02/07 10:07:10 | 000,001,697 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/02/05 11:53:49 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/02/05 11:51:12 | 000,002,202 | ---- | M] () -- C:\Users\Public\Desktop\TimeShift.lnk
[2012/02/05 07:09:58 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/05 07:09:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/03 13:55:17 | 000,000,020 | ---- | M] () -- C:\Windows\Øú”
[2012/02/02 22:20:25 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/02 21:14:38 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/02/02 07:37:19 | 000,001,163 | ---- | M] () -- C:\Users\Ivo\Desktop\GGMM - Atalho.lnk
[2012/02/01 12:28:25 | 000,000,745 | ---- | M] () -- C:\Users\Ivo\Desktop\PointBlank.lnk
[2012/02/01 12:20:35 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Locomotion.lnk
[2012/01/31 17:00:44 | 000,265,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/31 14:54:01 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2012/01/31 14:53:02 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2012/01/30 17:30:40 | 000,000,017 | ---- | M] () -- C:\Users\Ivo\AppData\Local\resmon.resmoncfg
[2012/01/30 15:44:24 | 000,001,163 | ---- | M] () -- C:\Users\Ivo\Desktop\samp - Atalho.lnk
[2012/01/30 15:01:06 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/30 13:51:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2012/01/30 13:43:59 | 000,051,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/01/28 03:07:38 | 000,097,125 | ---- | M] () -- C:\Users\Ivo\Desktop\catsvfp.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 16:49:47 | 000,002,039 | ---- | C] () -- C:\Users\Ivo\Desktop\HijackThis.lnk
[2012/02/07 16:16:52 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/02/07 15:31:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/07 13:13:25 | 001,155,072 | ---- | C] () -- C:\Users\Ivo\Desktop\Augs_Dist.exe
[2012/02/07 11:35:06 | 000,003,584 | ---- | C] () -- C:\Users\Ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/07 11:34:26 | 020,462,080 | ---- | C] () -- C:\rzcapture.avi
[2012/02/07 11:31:56 | 000,002,757 | ---- | C] () -- C:\Users\Public\Desktop\Youtube Movie Maker.lnk
[2012/02/07 11:19:56 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Downloader.lnk
[2012/02/07 11:19:56 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Video Search.lnk
[2012/02/07 11:19:45 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/02/07 10:07:10 | 000,001,697 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/02/05 11:51:12 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\TimeShift.lnk
[2012/02/05 07:10:07 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/05 07:10:05 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 07:09:58 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/03 13:55:16 | 000,000,020 | ---- | C] () -- C:\Windows\Øú”
[2012/02/02 22:20:25 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/02 21:14:38 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/02/02 07:37:19 | 000,001,163 | ---- | C] () -- C:\Users\Ivo\Desktop\GGMM - Atalho.lnk
[2012/02/01 12:28:25 | 000,000,745 | ---- | C] () -- C:\Users\Ivo\Desktop\PointBlank.lnk
[2012/02/01 12:20:35 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Locomotion.lnk
[2012/01/31 14:54:01 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2012/01/31 14:53:02 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk
[2012/01/31 12:12:03 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/01/31 11:15:15 | 000,097,125 | ---- | C] () -- C:\Users\Ivo\Desktop\catsvfp.jpg
[2012/01/30 17:30:40 | 000,000,017 | ---- | C] () -- C:\Users\Ivo\AppData\Local\resmon.resmoncfg
[2012/01/30 15:44:24 | 000,001,163 | ---- | C] () -- C:\Users\Ivo\Desktop\samp - Atalho.lnk
[2012/01/30 15:01:06 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 15:01:06 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/30 13:51:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
[2012/01/30 13:48:33 | 000,001,389 | ---- | C] () -- C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Internet Explorer.lnk
[2012/01/30 13:43:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/30 13:43:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/30 13:40:20 | 1609,412,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2009/07/17 16:48:25 | 000,663,606 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/17 16:48:25 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/17 16:48:25 | 000,127,896 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/17 16:48:25 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 02:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:33:53 | 000,265,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 00:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 00:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 00:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 00:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 00:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 00:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 22:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 21:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/02/01 12:19:24 | 000,000,000 | ---D | M] -- C:\Users\Ivo\AppData\Roaming\Leadertech
[2012/01/31 15:02:27 | 000,000,000 | ---D | M] -- C:\Users\Ivo\AppData\Roaming\Tibia
[2012/02/07 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\Ivo\AppData\Roaming\TS3Client
[2012/02/07 16:57:15 | 000,000,000 | ---D | M] -- C:\Users\Ivo\AppData\Roaming\uTorrent
[2009/07/14 02:53:46 | 000,008,094 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/02/07 13:08:38 | 000,000,000 | ---D | M](C:\Users\Ivo\Documents\?? ???) -- C:\Users\Ivo\Documents\%¨ ìø
[2012/02/07 13:08:38 | 000,000,000 | ---D | C](C:\Users\Ivo\Documents\?? ???) -- C:\Users\Ivo\Documents\%¨ ìø

< End of report >[/spolier]

Extras

[SPOLIER]OTL Extras logfile created on: 07/02/2012 16:50:56 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ivo\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,35% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 412,40 Gb Free Space | 88,56% Space Free | Partition Type: NTFS

Computer Name: IVO-PC | User Name: Ivo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E084C471-FA8F-4468-93F1-25B3A13ED942}" = YoutubeMovieMaker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Combat Arms" = Combat Arms
"DriverPack LAN_is1" = DriverPack LAN 7.1
"DriverPack Sound_is1" = DriverPack Sound 7.1
"HijackThis" = HijackThis 2.0.2
"Messenger Plus!" = Messenger Plus!
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0 (x86 pt-BR)" = Mozilla Firefox 10.0 (x86 pt-BR)
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"PointBlank" = PointBlank

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/02/2012 05:20:55 | Computer Name = Ivo-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: SCDA_Online.exe, versão: 0.0.0.0, carimbo
de hora: 0x453c9978 Nome do módulo de falhas: SCDA_Online.exe, versão: 0.0.0.0,
carimbo de hora: 0x453c9978 Código de exceção: 0xc0000005 Deslocamento com falha:
0x00379512 Identificação do processo com falha: 0xff8 Hora de início do aplicativo
com falha: 0x01cce3e771400002 Caminho do aplicativo com falha: C:\Program Files\Ubisoft\Tom
Clancy's Splinter Cell Double Agent\SCDA-Online\System\SCDA_Online.exe FCaminho
do módulo de falhas: C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double
Agent\SCDA-Online\System\SCDA_Online.exe Identificação do Relatório: b482e8a6-4fda-11e1-95a0-001e90caf080

Error - 05/02/2012 05:23:03 | Computer Name = Ivo-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: SplinterCell4.exe, versão: 0.0.0.0,
carimbo de hora: 0x4539e082 Nome do módulo de falhas: nvd3dum.dll, versão: 8.17.12.8562,
carimbo de hora: 0x4e992873 Código de exceção: 0xc0000005 Deslocamento com falha:
0x002696f6 Identificação do processo com falha: 0xc30 Hora de início do aplicativo
com falha: 0x01cce3e7968451c9 Caminho do aplicativo com falha: C:\Program Files\Ubisoft\Tom
Clancy's Splinter Cell Double Agent\SCDA-Offline\system\SplinterCell4.exe FCaminho
do módulo de falhas: C:\Windows\system32\nvd3dum.dll Identificação do Relatório:
00c321c6-4fdb-11e1-95a0-001e90caf080

Error - 05/02/2012 05:31:22 | Computer Name = Ivo-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: SplinterCell4.exe, versão: 0.0.0.0,
carimbo de hora: 0x4539e082 Nome do módulo de falhas: nvd3dum.dll, versão: 8.17.12.8562,
carimbo de hora: 0x4e992873 Código de exceção: 0xc0000005 Deslocamento com falha:
0x002696f6 Identificação do processo com falha: 0xe64 Hora de início do aplicativo
com falha: 0x01cce3e89a67c4df Caminho do aplicativo com falha: C:\Program Files\Ubisoft\Tom
Clancy's Splinter Cell Double Agent\SCDA-Offline\system\SplinterCell4.exe FCaminho
do módulo de falhas: C:\Windows\system32\nvd3dum.dll Identificação do Relatório:
29cab6e4-4fdc-11e1-95a0-001e90caf080

Error - 05/02/2012 05:34:07 | Computer Name = Ivo-PC | Source = VSS | ID = 8194
Description =

Error - 05/02/2012 05:37:22 | Computer Name = Ivo-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: SplinterCell4.exe, versão: 0.0.0.0,
carimbo de hora: 0x4539e082 Nome do módulo de falhas: nvd3dum.dll, versão: 8.17.12.8562,
carimbo de hora: 0x4e992873 Código de exceção: 0xc0000005 Deslocamento com falha:
0x002696f6 Identificação do processo com falha: 0x4b0 Hora de início do aplicativo
com falha: 0x01cce3e98286fe43 Caminho do aplicativo com falha: C:\Program Files\Ubisoft\Tom
Clancy's Splinter Cell Double Agent\SCDA-Offline\system\SplinterCell4.exe FCaminho
do módulo de falhas: C:\Windows\system32\nvd3dum.dll Identificação do Relatório:
00a0bda2-4fdd-11e1-ae5b-001e90caf080

Error - 05/02/2012 09:42:44 | Computer Name = Ivo-PC | Source = VSS | ID = 8194
Description =

Error - 05/02/2012 12:40:43 | Computer Name = Ivo-PC | Source = VSS | ID = 8194
Description =

Error - 05/02/2012 13:32:51 | Computer Name = Ivo-PC | Source = Application Hang | ID = 1002
Description = O programa UNKNOWN versão 0.0.0.0 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações. ID de Processo:
4cc Hora de Início: 01cce42c09616951 Hora de Término: 18 Caminho do Aplicativo: UNKNOWN

Id
do Relatório: 6067b620-501f-11e1-a48e-001e90caf080

Error - 07/02/2012 09:58:26 | Computer Name = Ivo-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: YoutubeMovieMaker.exe, versão: 1.0.0.1,
carimbo de hora: 0x4ea8c9c6 Nome do módulo de falhas: snxhk.dll, versão: 6.0.1367.0,
carimbo de hora: 0x4ed3ca80 Código de exceção: 0xc0000005 Deslocamento com falha:
0x00002890 Identificação do processo com falha: 0x56c Hora de início do aplicativo
com falha: 0x01cce59cfcfad44d Caminho do aplicativo com falha: C:\Program Files\Youtube
Movie Maker\YoutubeMovieMaker.exe FCaminho do módulo de falhas: C:\Program Files\AVAST
Software\Avast\snxhk.dll Identificação do Relatório: cde31fef-5193-11e1-a25d-001e90caf080

Error - 07/02/2012 11:57:43 | Computer Name = Ivo-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Engine.exe, versão: 0.0.0.0, carimbo
de hora: 0x4e784a3b Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo
de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x003dc185
Identificação
do processo com falha: 0x1580 Hora de início do aplicativo com falha: 0x01cce5abcbc86713
Caminho
do aplicativo com falha: C:\Level Up! Games\Combat Arms\Engine.exe FCaminho do módulo
de falhas: unknown Identificação do Relatório: 77d621c0-51a4-11e1-a25d-001e90caf080

[ System Events ]
Error - 30/01/2012 21:56:04 | Computer Name = Ivo-PC | Source = Service Control Manager | ID = 7016
Description = O serviço NVIDIA Display Driver Service relatou um estado atual 32
inválido.

Error - 30/01/2012 21:56:07 | Computer Name = Ivo-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Server terminou com o erro: %%1062

Error - 30/01/2012 21:56:08 | Computer Name = Ivo-PC | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291
Description = O SAM não conseguiu iniciar o thread de escuta do TCP/IP ou do SPX/IPX.

Error - 31/01/2012 15:01:25 | Computer Name = Ivo-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Instalador de Módulos do Windows terminou com o erro: %%16405

Error - 02/02/2012 05:15:32 | Computer Name = Ivo-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 00:00:36 às ?02/?02/?2012 não
era esperado.

Error - 04/02/2012 06:29:17 | Computer Name = Ivo-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 00:10:36 às ?04/?02/?2012 não
era esperado.

Error - 05/02/2012 05:22:35 | Computer Name = Ivo-PC | Source = Service Control Manager | ID = 7034
Description = O serviço Serviço do Google Update (gupdate) foi encerrado inesperadamente.
Isso aconteceu 1 vez(es).

Error - 05/02/2012 21:30:56 | Computer Name = Ivo-PC | Source = DCOM | ID = 10005
Description =

Error - 05/02/2012 21:30:56 | Computer Name = Ivo-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Serviço do Google Update (gupdate).

Error - 05/02/2012 21:30:56 | Computer Name = Ivo-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Serviço do Google Update (gupdate)
devido ao seguinte erro: %%1053


< End of report >[/SPOLIER]

Do HijackThis

[SPOLIER]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:34, on 07/02/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Ivo\Downloads\OTL.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sobre a Ask.com Brasil
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-4023128738-421926536-3635648616-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4023128738-421926536-3635648616-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A38CD2-DFCA-4E7D-B57C-1E48629E69F0}: NameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A38CD2-DFCA-4E7D-B57C-1E48629E69F0}: NameServer = 8.8.8.8 8.8.4.4
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5372 bytes

[/SPOLIER]



Me ajudem Urgente

[Guix17]

VÍRUS DETECTED
to com um virus removi ele monte de vez desinfectei deletei o arquivo passei ant virus mais sempre volta, ele destiva o gerenciador de tarefas e n sei mais oque..
FOTO DO VÍRUS http://img821.imageshack.us/img821/808/virusad.jpg

[X.DragonSlayer.X]

Guix,uma vez eu peguei um virus chamdo domal.exe,q rodava em meu sistema e dava constantes mensagens de erro, e eu só conseguia desativar ele finalizando seu processo no gerenciador de tarefas,era uma coisinha chata,que eu só resolvi formatando....

[Mr.Wolf]

Daniel_Sun, era preferível que você tivesse postado um log do OTL. Mas, de qualquer maneira, não há nada mal-intencionado em seu log.

Grande amigo agorasim, boa tarde!

Olha rapaz, embora seja estranho esse problema estar ocorrendo apenas com o site da Caixa, seus logs indicam somente a presença de um adware (improvável de estar ocasionando isso). Geralmente, quando está relacionado a malwares mais perigosos, os sites bancários são clonados ou são bloqueados no hosts do Windows. Mas é estranho só o da Caixa estar assim. Quando você tenta acessar, o site simplesmente não carrega ou alguma mensagem é exibida? Peço que siga o spoiler abaixo.

1ª Etapa

1 - Baixe o AdwCleaner (para baixar clique no botão com a setinha verde à direita) e salve-o no desktop.
2 - Execute-o como administrador.
3 - Clique em Search (ou Recherche caso a ferramenta abra no idioma francês) e aguarde a rápida verificação.
4 - No final, um log será aberto automaticamente. Ele será salvo em C:\AdwCleaner[R1].txt.
5 - Cole este log em sua próxima resposta, por gentileza.

2ª Etapa

1 - Baixe o HostsXpert e extraia-o em seu desktop.
2 - Execute-o como administrador.
3 - Ao lado esquerdo do painel, clique em Restore MS Hosts File > OK.
4 - Após isto feche o programa.

3ª Etapa

1 - Faça o download do BankerFix e salve-o no desktop.
2 - Utilize a ferramenta de acordo com este tutorial oficial.
3 - No final de todos os procedimentos, o resultado estará em C:\LinhaDefensiva\relatorio.txt.

Cole este log em sua próxima resposta, juntamente com o do AdwCleaner.

Veja se consegue então acessar o site da Caixa Econômica.

Luminatti, peço gentilmente que coloque os logs dentro de spoilers para não deixar o tópico muito poluído. Siga o spoiler abaixo (basta clicar em Mostrar).

Baixe o ComboFix aqui e salve no desktop.

Utilize a ferramenta seguindo rigorosamente este tutorial. Ao término do scan, poste o relatório que estará em C:\ComboFix.txt.

Guix17, a princípio, temos um problema chato aí. Pela descrição da screenshot que você postou, é provável que seja um rootkit a nível de kernel. Se for, adianto que não é fácil lidar com esta praga — quando possível lidar. Ele monitora todas as chamadas do Windows e pode fazer a ferramenta anti-malware acreditar que o arquivo foi renomedo/removido quando ele não foi.

Todavia, para eu dar um diagnóstico preciso, é necessário que você poste um log do OTL aqui (conforme descrito no primeiro post deste tópico).

[agorasim™]

caro amigo Mr.Wolf, tenho que me desculpar pela minha desatenção.
pois pelo que vi, parece que o endereço do site da caixa mudou, e aqui o antigo naum redireciona pro novo, oq fazz dar esse problema.
tentava acessar o www.caixaeconomicafederal.com.br, oque sempre usei pra acesso o site, só que agora vi que está acessando pelo, www.caixa.gov.br. ^^

mas eu fuçando aqui fiz oq vc mandou, e uma coisa me intrigou, naum conseguir fazer o programa do bankerfix por completo, li o tutorial completo, o segui a risca, desativei antivirus, tentei no modo seguro, umas duas vezes e sempre no final ele mandava eu reiniciar e voltar a executar o programa. achei estranho. porem pelo que puder perceber, ele trata de um programa, pra detectar virus espião né? bom ctz que naum devo ter problema com isso, se naum já tava frito a tempo^^

bom pelo menos conseguir descubrir o (suposto) problema com site da caixa, desatenção total da minha parte

mais oq contribuiu um pouco para essa desatenção foi o fato deu ter postado na janela do msn o endereço www.caixaeconomicafederal.com.br e pra colega abriu normal, e no meu naum abria...vai entender^^.

caro Mr.Wolf...mais uma vez deixo meu agradecimento ao amigo.
e caso o colega ainda queira q eu post o log do AdwCleaner...é só avisar blz?

valeu amigo e um ótimo final de tarde. abs

[Mr.Wolf]

agorasim, sem problemas, amigo. Acontece!

mas eu fuçando aqui fiz oq vc mandou, e uma coisa me intrigou, naum conseguir fazer o programa do bankerfix por completo, li o tutorial completo, o segui a risca, desativei antivirus, tentei no modo seguro, umas duas vezes e sempre no final ele mandava eu reiniciar e voltar a executar o programa. achei estranho. porem pelo que puder perceber, ele trata de um programa, pra detectar virus espião né? bom ctz que naum devo ter problema com isso, se naum já tava frito a tempo^^

Não precisa ficar intrigado. Em certos sistemas o Bankerfix não roda muito bem mesmo.

A ferramenta lida com trojan banker (malware brasileiro com a finalidade de roubar dados sensíveis do usuário). Eles monitoram o Internet Banking que o usuário mais acessa e, geralmente, alteram o hosts do Windows. Por isso recomendei o uso deste aplicativo.

e caso o colega ainda queira q eu post o log do AdwCleaner...é só avisar blz?

Na verdade, o AdwCleaner não tem nada a ver com o seu problema de acesso ao banco. Mas sim, com o adware que está presente na sua máquina. Aconselho a usar a ferramenta ainda assim para remover as chaves de registro e outros arquivos do adware. No entanto, ao invés de clicar em Search no AdwCleaner, como instruí no post anterior, clique em Delete.
A função Search mostraria, além de outras coisas, se alguma modificação havia sido feita na sua conexão que estaria provocando o bloqueio ao site da Caixa. Entretanto, como já descobriu a causa do problema, não há necessidade do log Search. Portanto, pode deletar os arquivos do adware de uma vez.

Ótimo final de semana, amigo.
Abraços

[andlsa]

Há mais de uma semana vem acontecendo esse problema no meu PC... No inicio quando eu abria o Windows Explorer (principalmente a pasta Imagens) o explorer.exe reiniciava, mais eu nem me preocupava tanto... Agora a cada cinco segundos o explorer.exe reinicia e ta me causando um tremendo caos! Instalei o Spyware Doctor e o msm detectou o Rootkit q está no título sendo q o programa não está sendo capaz de remover essa praga! Acredito q seja esse vírus q esteja causando essa bagunça... Pode me ajudar?

[LuiZz``]

e ai wolf... to precisando de uma ajuda aqui.... estou com o malwarebytes instalado e ele ta detectando um site malicioso tentando entrar e enviar coisas e ta bloqueando.... mas ja passei alguns programas e NADA detectou....

segue o log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:23:00, on 14/2/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Luiz\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8430 bytes

[Mr.Wolf]

andlsa, seria interessante se você postasse um log do OTL aqui. Mas, vamos ver se é o TDSS mesmo. Siga o spoiler abaixo (clique no botão Mostrar).

- Baixe o TDSSKiller e salve-o no desktop.
- Execute-o como administrador caso utilize Windows Vista ou 7.
- Clique Change parameters.
- Selecione a opção Detect TDLFS file system e clique em OK.
- Clique Start scan e aguarde.
- Caso encontre algo, selecione Skip.

Ao término, clique Report e cole aqui o relatório que estará em C:\TDSSKiller.txt.

LuiZz, não há nada de errado em seu log. Execute o Malwarebytes e clique na aba Logs. Abra o arquivo protection-log-[data].txt mais recente, copie o conteúdo dele e poste aqui.