EES

find22 : não consigo tirar

45 posts neste tópico

Boa noite!

Preciso de ajuda. abaixo segue log. Este find22...em tese, consegui tirar do firefox, mas no IE9 eu não obtive sucesso.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:59:05, on 06/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\System32\aetcrss1.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\vVX1000.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S2BXJ56ZB11068&ts=1359772258

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S2BXJ56ZB11068&ts=1359772258

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S2BXJ56ZB11068&ts=1359772258

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s

O4 - HKLM\..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Users\Reciclare\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DE331915898753E821AA827585B3065A] "C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 15738 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, EES.

Seja bem-vindo ao Fórum do Linha Defensiva. :legal:

Siga os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.

http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Delete.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)

http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  1. Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  2. Se houver atualizações a serem feitas, serão baixadas e instaladas.
  3. Ao final da atualização, com o programa aberto, marque Verificação Completa e clique no botão Verificar.
  4. Começará então o exame. Aguarde, pois pode demorar.
  5. Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  6. Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  7. Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  8. O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  9. Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

http://linhadefensiv...showtopic=75554

3)

Baixe o MbrScan.exe e salve no desktop.

http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em execadmin.png

Selecione, copie e cole o seu conteúdo na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Anexando os logs...que por enquanto não adiantaram, porque o bendito do 22find ainda aparece no meu IE!!!!

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 14:09:35

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)

# User : Reciclare - RECICLARE-PC

# Boot Mode : Normal

# Running from : C:\Users\Reciclare\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\Reciclare\AppData\Local\APN

Folder Deleted : C:\Users\Reciclare\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (pt-BR)

File : C:\Users\Reciclare\AppData\Roaming\Mozilla\Firefox\Profiles\x78k6p7b.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

MBRScan v1.1.1

OS : Windows 7 Service Pack 1 (32 bit)

PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel

BOOT : Normal Boot

DATE : 2013/02/07 (ISO 8601) at 14:32:03

________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __SAMSUNG HM321HI (2AJ1)

BUS_TYPE : (0x03) P-ATA

USE_PIO : NO

MAX_TRANSFER : 128 Kb

ALIGNMENT_MASK : word aligned

________________________________________________________________________________

DISK : Device\Harddisk1\DR1 __Kingston DataTraveler 2.0 (PMAP)

BUS_TYPE : (0x07) USB

USE_PIO : NO

MAX_TRANSFER : 64 Kb

ALIGNMENT_MASK : byte aligned

________________________________________________________________________________

Device\Harddisk0\DR0 298.1 Go [Fixed] ==> HP Recovery Manager

MBR_MD5 : 20D7EABC04E90F6D3AC819E8D9ED1576

MBR_SHA1 : E90A1370ACCA2C82DDEE5B08E4BE5D263B202D74

Device\Harddisk0\Partition1 199.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __

Device\Harddisk0\Partition2 287.3 Go 0x07 NTFS / HPFS

Device\Harddisk0\Partition3 10.45 Go 0x07 NTFS / HPFS

Device\Harddisk0\Partition4 103.3 Mo 0x0C FAT32 [LBA]

________________________________________________________________________________

Device\Harddisk1\DR1 3.84 Go [Removable] ==> Unknown MBR Code

MBR_MD5 : 3F1BC15B73F40E3AF8C8B29BC03BCA3F

MBR_SHA1 : 5D23EB53D289454758024BC5602ADF162618C70C

Device\Harddisk1\Partition1 3.84 Go 0x0B FAT32 [CHS]

________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk

ADDRESS : 0x8EA10000

SIZE : 872.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk

ADDRESS : 0x919A4000

SIZE : 68.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00 3À.м.|û.À.Ø.ô¿.

0x00000010 06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00 .¹..üó¤ê`.......

0x00000020 52 65 63 6F 76 65 72 79 4D 67 72 20 00 68 F1 23 RecoveryMgr .hñ#

0x00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A ................

0x00000050 00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF ....W...........

0x00000060 86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75 .L½¾0.¬´.3ÛÍ..Àu

0x00000070 F5 E3 0B FE 06 13 06 53 53 E8 6D 00 EB 36 B8 12 õã.þ...SSèm.ë6¸.

0x00000080 5F 66 BA 51 50 48 5F CD 15 80 E3 01 74 20 EB 24 _fºQPH_Í..ã.t ë$

0x00000090 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 03 F2 66 ..l.úf¡..¿T.±.òf

0x000000A0 AF FB 74 0A A1 3D 00 00 C2 83 F8 24 76 E6 B0 01 ¯ût.¡=..Â.ø$væ°.

0x000000B0 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E 2C 06 66 .Àu.»Æ}f.7f.>,.f

0x000000C0 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 06 EB 10 ;÷t..Ã.sîë.»(.ë.

0x000000D0 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 F5 EB FE »Â}..ü.x..Ã.sõëþ

0x000000E0 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 B4 08 B2 f.w.è...äÈ...´.²

0x000000F0 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 C0 E9 06 .Í..Á$?þÆ.ØöæÀé.

0x00000100 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B 46 04 73 .ÍA.÷á9V..V..F.s

0x00000110 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 CC 41 8A .÷ñ..öó.ÍÀá..ÌA.

0x00000120 F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 83 C4 10 ð¸..».|.&..ë..Ä.

0x00000130 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B F4 B8 00 ..RP.h.|j.j..ô¸.

0x00000140 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E 1F BB 1B B².Í.ÉÂ...PS..».

0x00000150 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 74 1A 3C ....$..G.ä`<àt.<

0x00000160 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 74 04 84 .t.<*t.<6t.<8t..

0x00000170 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F 88 07 5B Ày.f.'.ë.þ.....[

0x00000180 58 1F EA 00 00 00 00 00 00 00 00 00 00 00 00 00 X.ê.............

0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x000001B0 00 00 00 00 00 00 00 00 FC 80 BF C8 00 00 80 20 ........ü.¿È...

0x000001C0 21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E !..~%......8...~

0x000001D0 26 19 07 FE FF FF 00 40 06 00 00 28 EB 23 00 FE &..þ...@...(ë#.þ

0x000001E0 FF FF 07 FE FF FF 00 68 F1 23 00 40 4E 01 00 FE ...þ...hñ#.@N..þ

0x000001F0 FF FF 0C FE FF FF 00 A8 3F 25 B0 3A 03 00 55 AA ...þ...¨?%°:..Uª

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados: v2013.02.07.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Reciclare :: RECICLARE-PC [administrador]

Proteção: Não permitir

07/02/2013 08:10:34

mbam-log-2013-02-07 (08-10-34).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 425218

Tempo decorrido: 2 hora(s), 42 minuto(s), 8 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Anexando os logs...que por enquanto não adiantaram, porque o bendito do 22find ainda aparece no meu IE!!!!

Peço que tenha paciência. Estamos também fazendo uma limpeza preliminar pois há muitos PUPs (Potentially Unwanted Programs) e adwares no seu log.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta, juntamente com o conteúdo do AdwCleaner[s1].txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

CarlosTurco, só tenho a agradecer! é que realmente ficar vendo este find22 deixa a gente louco! rs

Seguem os logs solicitados:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.2 (02.02.2013:2)

OS: Windows 7 Home Basic x86

Ran by Reciclare on 07/02/2013 at 15:06:38,61

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Reciclare\AppData\Roaming\mozilla\firefox\profiles\x78k6p7b.default\prefs.js

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ

user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*");

Emptied folder: C:\Users\Reciclare\AppData\Roaming\mozilla\firefox\profiles\x78k6p7b.default\minidumps [144 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/02/2013 at 15:15:32,36

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 15:21:31

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)

# User : Reciclare - RECICLARE-PC

# Boot Mode : Normal

# Running from : C:\Users\Reciclare\Downloads\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (pt-BR)

File : C:\Users\Reciclare\AppData\Roaming\Mozilla\Firefox\Profiles\x78k6p7b.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1086 octets] - [06/02/2013 23:19:22]

AdwCleaner[R2].txt - [1078 octets] - [06/02/2013 23:20:27]

AdwCleaner[s1].txt - [1735 octets] - [06/02/2013 14:09:35]

AdwCleaner[s2].txt - [1139 octets] - [06/02/2013 23:21:02]

AdwCleaner[s3].txt - [1203 octets] - [07/02/2013 07:55:49]

AdwCleaner[s4].txt - [1134 octets] - [07/02/2013 15:21:31]

########## EOF - C:\AdwCleaner[s4].txt - [1194 octets] ##########

ogfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:31:34, on 07/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe

C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\System32\aetcrss1.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\vVX1000.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe

C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\Downloads\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S2BXJ56ZB11068&ts=1359772258

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s

O4 - HKLM\..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Users\Reciclare\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DE331915898753E821AA827585B3065A] "C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 15628 bytes

PS: Eu só dei scan no hijack. Precisa dar fix ou algo assim?

De novo, muito obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Verifique nas propriedades (botão direito no atalho -> Propriedades) dos atalhos dos navegadores se há alguma alteração para abertura do site 22find, caso tenha remova.

Abra o IE, vá no ícone de Configurações e clique nele, selecione Gerenciar complementos > Barra de Ferramentas e Extensões > selecione o 22find e desabilite.

Em Provedores de Pesquisa > selecione e remova o 22find se o encontrar.

Feche o IE. Clique com o direito no ícone do IE na barra de ferramentas > Internet Explorer > Propriedades.

Em Destino remova o http:www.22find.com deixando o resto.

Depois clique em Aplicar > Ok.

Se estiver com o Firefox aberto, feche-o.

Segure a tecla SHIFT e abra o Firefox. Aguarde até aparecer a janela Modo de segurança do Firefox.

Clique no botão Iniciar no modo de segurança.

Quando o navegador abrir, clique na seta deste botão yfd00.png no canto superior esquerdo.

Depois selecione Complementos. Nas abas Extensões e Plugins, localize o 22find e se encontrar, selecione e clique no botão Excluir

Clique de novo no botão yfd00.png. Clique em Opções. Remova a página inicial do 22find se encontrar e coloque a que quiser.

Feche o Firefox e depois clique com o direito no seu ícone do desktop. Selecione Propriedades

Em Destino remova o http:www.22find.com deixando o resto.

Depois clique em Aplicar > Ok.

Depois teste todos os navegadores para ver se estão Ok.

- Poste um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Novamente obrigado, CarlosTurco!

Segue o log. Aparentemente, não aparece mais...mas o que é este find22 no log do Hijack?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:44:38, on 07/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe

C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\System32\aetcrss1.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\vVX1000.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Users\Reciclare\Downloads\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S2BXJ56ZB11068&ts=1359772258

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s

O4 - HKLM\..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Users\Reciclare\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DE331915898753E821AA827585B3065A] "C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 15291 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites
Segue o log. Aparentemente, não aparece mais...mas o que é este find22 no log do Hijack?

Ainda resta algumas entradas a ser removidas.

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:

http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png .

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.* /s

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

%PROGRAMFILES%\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%appdata%\*.*

%windir%\tasks\*.* /s

%systemroot%\system32\tasks\*.*

%PROGRAMFILES%\Internet Explorer\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

/md5start

22find*

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL logfile created on: 07/02/2013 16:56:26 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reciclare\Downloads

Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,30 Gb Available Physical Memory | 15,51% Memory free

3,87 Gb Paging File | 1,47 Gb Available in Paging File | 38,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287,35 Gb Total Space | 158,20 Gb Free Space | 55,06% Space Free | Partition Type: NTFS

Drive D: | 10,45 Gb Total Space | 1,77 Gb Free Space | 16,93% Space Free | Partition Type: NTFS

Drive E: | 99,34 Mb Total Space | 95,22 Mb Free Space | 95,85% Space Free | Partition Type: FAT32

Drive H: | 3,84 Gb Total Space | 0,00 Gb Free Space | 0,13% Space Free | Partition Type: FAT32

Computer Name: RECICLARE-PC | User Name: Reciclare | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/07 16:54:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reciclare\Downloads\OTL.exe

PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Arquivos de Programas\PC Connectivity Solution\ServiceLayer.exe

PRC - [2012/12/19 09:49:22 | 000,179,176 | ---- | M] (Nokia) -- C:\Arquivos de Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2012/12/19 09:49:16 | 000,127,464 | ---- | M] (Nokia) -- C:\Arquivos de Programas\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/05 12:53:12 | 003,093,624 | ---- | M] () -- C:\Arquivos de Programas\Pando Networks\Media Booster\PMB.exe

PRC - [2012/11/23 00:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2012/11/02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Mouse and Keyboard Center\ipoint.exe

PRC - [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Mouse and Keyboard Center\itype.exe

PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

PRC - [2012/09/15 17:04:29 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

PRC - [2012/09/12 18:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe

PRC - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe

PRC - [2012/09/12 18:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Security Client\msseces.exe

PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/03/28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2011/03/28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe

PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Arquivos de Programas\CyberLink\YouCam\YCMMirage.exe

PRC - [2010/07/20 14:02:32 | 000,151,552 | ---- | M] (A.E.T. Europe B.V.) -- C:\Windows\System32\aetcrss1.exe

PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010/01/29 20:59:00 | 005,110,304 | ---- | M] (Realtek Semiconductor) -- C:\Arquivos de Programas\Realtek\Audio\HDA\RtkNGUI.exe

PRC - [2010/01/18 15:03:20 | 000,572,416 | ---- | M] (Hewlett-Packard Company) -- C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/01/18 15:03:12 | 000,017,920 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/01/12 22:32:22 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Arquivos de Programas\Realtek\Audio\OSD\RtVOsd.exe

PRC - [2009/11/18 00:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Arquivos de Programas\Realtek\Audio\HDA\AERTSrv.exe

PRC - [2009/06/30 22:23:54 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe

PRC - [2009/03/28 00:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Arquivos de Programas\LSI SoftModem\agrsmsvc.exe

PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2007/03/02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbguard.exe

PRC - [2007/03/02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbserver.exe

PRC - [2001/04/19 17:00:00 | 000,022,016 | ---- | M] (Inprise Corporation) -- C:\Arquivos de Programas\Borland\InterBase\bin\ibguard.exe

PRC - [2001/04/19 16:59:58 | 001,701,888 | ---- | M] (Inprise Corporation) -- C:\Arquivos de Programas\Borland\InterBase\bin\ibserver.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/06 23:31:54 | 012,459,888 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll

MOD - [2013/01/26 00:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

MOD - [2013/01/26 00:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll

MOD - [2013/01/26 00:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll

MOD - [2013/01/26 00:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll

MOD - [2013/01/26 00:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll

MOD - [2013/01/09 23:28:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll

MOD - [2013/01/09 22:47:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll

MOD - [2013/01/09 22:45:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/01/09 22:45:13 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll

MOD - [2013/01/09 22:44:32 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll

MOD - [2013/01/09 22:42:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll

MOD - [2013/01/09 22:42:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/09 22:42:11 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll

MOD - [2013/01/09 22:41:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013/01/09 22:41:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/09 22:41:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/01/09 22:41:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/09 22:41:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2012/12/05 12:53:12 | 003,093,624 | ---- | M] () -- C:\Arquivos de Programas\Pando Networks\Media Booster\PMB.exe

MOD - [2012/11/17 00:10:26 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlFileFormats150.bpl

MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl

MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl

MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\JSDialogPack150.bpl

MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\DEC150.bpl

MOD - [2011/05/28 23:04:58 | 000,140,288 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll

MOD - [2010/11/12 22:02:32 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/11/04 23:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/11/04 23:53:18 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationCore.resources.dll

MOD - [2010/02/22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Arquivos de Programas\Common Files\LightScribe\QtGui4.dll

MOD - [2010/02/22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Arquivos de Programas\Common Files\LightScribe\QtCore4.dll

MOD - [2010/02/22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Arquivos de Programas\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2010/02/09 19:58:30 | 000,061,440 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2010/02/09 19:58:28 | 000,131,072 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2010/02/09 19:58:24 | 000,040,960 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2010/02/09 19:58:24 | 000,007,680 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2010/02/09 19:58:22 | 000,036,864 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2010/02/09 19:58:22 | 000,005,632 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2010/02/09 19:58:18 | 000,018,944 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2010/02/09 19:58:14 | 000,028,672 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)

SRV - [2013/02/06 15:04:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/15 12:17:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Arquivos de Programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/09/12 18:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011/03/28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010/09/22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2010/01/18 15:03:12 | 000,017,920 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2009/11/18 00:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Arquivos de Programas\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/03/28 00:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Arquivos de Programas\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2007/03/02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

SRV - [2007/03/02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2001/04/19 17:00:00 | 000,022,016 | ---- | M] (Inprise Corporation) [Auto | Running] -- C:\Arquivos de Programas\Borland\InterBase\bin\ibguard.exe -- (InterBaseGuardian)

SRV - [2001/04/19 16:59:58 | 001,701,888 | ---- | M] (Inprise Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Borland\InterBase\bin\ibserver.exe -- (InterBaseServer)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2012/11/09 15:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2012/11/09 15:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2012/11/02 15:37:10 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)

DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/10/17 13:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2012/10/15 12:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/08/30 23:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 12:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2011/09/08 02:46:56 | 001,117,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2011/02/11 19:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)

DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/08/02 12:14:48 | 000,029,168 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)

DRV - [2010/03/05 17:57:18 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)

DRV - [2009/09/22 23:40:00 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/08/13 17:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 21:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 20:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/13 20:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009/06/30 22:24:04 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com.br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\..\SearchScopes,DefaultScope = {85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}

IE - HKCU\..\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}

IE - HKCU\..\SearchScopes\{A1376AA6-468F-4666-8172-D9E2D0E55E11}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPT&o=102880&src=kw&q={searchTerms}&locale=&apn_ptnrs=6H&apn_dtid=YYYYYYYYBR&apn_uid=7C6C31CF-8EA8-4C68-A627-50555D009D71&apn_sauid=92E90AC9-85A6-4A4C-A155-29849BA55BD4&

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "22find"

FF - prefs.js..browser.search.order.1: "22find"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Reciclare\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Reciclare\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 18:01:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/09/15 14:58:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/29 21:58:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 15:05:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/16 15:15:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 18:01:41 | 000,000,000 | ---D | M]

[2011/08/16 15:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reciclare\AppData\Roaming\mozilla\Extensions

[2013/02/02 03:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reciclare\AppData\Roaming\mozilla\Firefox\Profiles\x78k6p7b.default\extensions

[2013/02/02 03:18:20 | 000,000,000 | ---D | M] (BlockSite Plus) -- C:\Users\Reciclare\AppData\Roaming\mozilla\Firefox\Profiles\x78k6p7b.default\extensions\{6d43fee4-72e7-4290-b75a-b898e4f4676d}

[2013/02/02 02:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

[2013/01/19 13:55:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/01/19 13:55:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013/02/02 02:08:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

[2013/02/06 15:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions

[2013/02/06 09:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/02/06 09:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013/02/06 09:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

[2012/11/29 21:58:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2013/01/19 13:55:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013/02/02 02:08:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

[2013/02/06 15:05:02 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013/02/02 00:31:07 | 000,000,745 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\22find.xml

[2013/01/08 14:06:34 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2013/01/08 14:06:34 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2012/10/22 12:19:18 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2013/01/08 14:06:34 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2013/01/08 14:06:34 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - homepage: http://www.reciclareconsultoria.com.br/home

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.reciclareconsultoria.com.br/home

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Reciclare\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Reciclare\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Angry Birds = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: SocialBro = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm\0.4.0.14_0\

CHR - Extension: Gmail Off-line = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\

CHR - Extension: Box - 5 GB Armazenagem Gr\u00E1tis\n = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\

CHR - Extension: Cron\u00F3metro / Temporizador = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\

CHR - Extension: TweetDeck = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.5.2_0\

CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\

CHR - Extension: HootSuite = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\

CHR - Extension: Jogo WGT de Golf = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb\32.1.0_0\

O1 HOSTS File: ([2013/02/06 09:18:41 | 000,445,095 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 15284 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CertificateRegistration] C:\Windows\System32\aetcrss1.exe (A.E.T. Europe B.V.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()

O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [RtkOSD] C:\Arquivos de Programas\Realtek\Audio\OSD\RtVOsd.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found

O4 - HKCU..\Run: [HPAdvisorDock] C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()

O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKCU..\Run: [Pando Media Booster] C:\Arquivos de Programas\Pando Networks\Media Booster\PMB.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.182 201.6.2.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E399304-BEDF-4BA6-A78C-59467FD903B8}: DhcpNameServer = 201.6.2.182 201.6.2.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E7999FE-A32C-4F50-B567-CBCF50D60575}: DhcpNameServer = 201.6.2.89 201.6.2.179

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2f0839b6-e2cd-11e0-841a-78acc0892bb4}\Shell - "" = AutoRun

O33 - MountPoints2\{2f0839b6-e2cd-11e0-841a-78acc0892bb4}\Shell\AutoRun\command - "" = G:\setup.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sdnclean.exe)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 15:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/02/07 15:05:51 | 000,000,000 | ---D | C] -- C:\JRT

[2013/02/07 08:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/02/07 08:06:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/02/07 08:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/02/06 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Roaming\Malwarebytes

[2013/02/06 14:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/02/05 17:12:13 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys

[2013/02/05 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2013/02/05 16:31:38 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Roaming\Nokia Suite

[2013/02/02 02:12:19 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{ED592451-4FD5-4F39-8BC2-218A75D11092}

[2013/02/02 00:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2013/02/02 00:18:14 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe

[2013/02/02 00:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

[2013/02/02 00:17:14 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\Programs

[2013/02/02 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Roaming\0B1T1L2V1T1J1L

[2013/01/29 13:25:35 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{0583267C-EDB9-4006-9548-E5E6C900279A}

[2013/01/28 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{0308651B-8F39-4BD1-B074-2BD4744DBF19}

[2013/01/24 22:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013/01/24 22:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2013/01/23 12:21:18 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\Desktop\101

[2013/01/19 13:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/01/18 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\Desktop\2013-01 (jan)

[2013/01/18 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{5BB14D6A-31F0-457B-A1F9-17D10F317885}

[2013/01/16 00:50:26 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{7C99646D-6B93-4602-AECC-A239EDE86B0A}

[2013/01/11 00:38:55 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{43F6C105-C8D6-4650-99D1-C8A4927F5CD0}

[2013/01/10 14:55:32 | 000,000,000 | ---D | C] -- C:\RECICLARE

[2013/01/10 14:55:20 | 000,000,000 | ---D | C] -- C:\CENTÉSIMO

[2013/01/10 14:29:36 | 000,000,000 | ---D | C] -- C:\Tudo

========== Files - Modified Within 30 Days ==========

[2013/02/07 16:49:04 | 000,025,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/07 16:49:04 | 000,025,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/07 16:37:44 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2013/02/07 16:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/07 16:37:22 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/07 16:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/07 16:09:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job

[2013/02/07 16:09:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job

[2013/02/07 15:53:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job

[2013/02/07 08:06:29 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/07 07:54:04 | 000,666,942 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2013/02/07 07:54:04 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/02/07 07:54:04 | 000,129,172 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2013/02/07 07:54:04 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/02/06 23:11:48 | 000,000,512 | ---- | M] () -- C:\Users\Reciclare\Desktop\Dump_Hdd1_DR1.mbr

[2013/02/06 23:11:47 | 000,000,512 | ---- | M] () -- C:\Users\Reciclare\Desktop\Dump_Hdd0_DR0.mbr

[2013/02/06 22:12:26 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job

[2013/02/06 09:18:41 | 000,445,095 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/02/06 09:13:08 | 000,445,095 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130206-091841.backup

[2013/02/05 17:17:22 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk

[2013/02/02 00:18:53 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013/02/01 15:49:08 | 000,809,436 | ---- | M] () -- C:\Users\Reciclare\Desktop\Fidelity 2013.pdf

[2013/02/01 15:48:57 | 000,663,858 | ---- | M] () -- C:\Users\Reciclare\Desktop\Fidelity Lider 2013.pdf

[2013/01/31 20:23:38 | 000,920,679 | ---- | M] () -- C:\Users\Reciclare\Desktop\Allis 2013.pdf

[2013/01/31 20:13:56 | 000,920,718 | ---- | M] () -- C:\Users\Reciclare\Desktop\Provider SP 2013.pdf

[2013/01/31 16:02:35 | 000,723,513 | ---- | M] () -- C:\Users\Reciclare\Desktop\Caelum 2013b.pdf

[2013/01/28 17:03:37 | 000,942,250 | ---- | M] () -- C:\Users\Reciclare\Desktop\West Garden 2013.pdf

[2013/01/28 14:25:44 | 001,122,006 | ---- | M] () -- C:\Users\Reciclare\Desktop\ABB 2013.pdf

[2013/01/16 10:47:54 | 000,843,525 | ---- | M] () -- C:\Users\Reciclare\Desktop\Caelum 2013.pdf

[2013/01/13 18:46:30 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2013/01/09 22:39:28 | 000,506,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/07 08:06:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/06 23:11:19 | 000,000,512 | ---- | C] () -- C:\Users\Reciclare\Desktop\Dump_Hdd1_DR1.mbr

[2013/02/06 23:11:17 | 000,000,512 | ---- | C] () -- C:\Users\Reciclare\Desktop\Dump_Hdd0_DR0.mbr

[2013/02/05 17:17:22 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk

[2013/02/02 00:18:54 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2013/02/02 00:18:53 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013/02/01 15:49:06 | 000,809,436 | ---- | C] () -- C:\Users\Reciclare\Desktop\Fidelity 2013.pdf

[2013/02/01 15:48:52 | 000,663,858 | ---- | C] () -- C:\Users\Reciclare\Desktop\Fidelity Lider 2013.pdf

[2013/01/31 20:23:36 | 000,920,679 | ---- | C] () -- C:\Users\Reciclare\Desktop\Allis 2013.pdf

[2013/01/31 20:13:51 | 000,920,718 | ---- | C] () -- C:\Users\Reciclare\Desktop\Provider SP 2013.pdf

[2013/01/31 16:02:33 | 000,723,513 | ---- | C] () -- C:\Users\Reciclare\Desktop\Caelum 2013b.pdf

[2013/01/28 17:03:35 | 000,942,250 | ---- | C] () -- C:\Users\Reciclare\Desktop\West Garden 2013.pdf

[2013/01/28 14:25:38 | 001,122,006 | ---- | C] () -- C:\Users\Reciclare\Desktop\ABB 2013.pdf

[2013/01/16 10:47:51 | 000,843,525 | ---- | C] () -- C:\Users\Reciclare\Desktop\Caelum 2013.pdf

[2013/01/15 11:23:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/13 18:46:30 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/10/24 23:20:05 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll

[2012/04/18 11:13:06 | 000,060,304 | ---- | C] () -- C:\Users\Reciclare\g2mdlhlpx.exe

[2012/01/18 07:52:16 | 000,007,605 | ---- | C] () -- C:\Users\Reciclare\AppData\Local\Resmon.ResmonCfg

[2012/01/12 12:15:54 | 000,003,584 | ---- | C] () -- C:\Users\Reciclare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/27 15:06:23 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/09/15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

[2011/08/09 16:08:09 | 000,004,320 | ---- | C] () -- C:\Users\Reciclare\AppData\Local\Q$_140062.PTB_SoftGridUserSettings_S-1-5-21-2761178708-1980018019-591794831-1000_settings.cp.temp

[2011/08/01 13:29:09 | 000,471,135 | ---- | C] () -- C:\Windows\hpoins44.dat.temp

[2011/08/01 13:29:09 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp

[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011/06/01 17:44:19 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011/05/17 19:01:51 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI

[2011/04/19 11:15:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011/04/08 10:08:55 | 000,001,849 | ---- | C] () -- C:\Users\Reciclare\AppData\Roaming\GhostObjGAFix.xml

[2011/03/11 16:10:47 | 000,118,784 | ---- | C] () -- C:\Windows\System32\dbexpint.dll

[2011/03/03 16:48:41 | 000,031,988 | ---- | C] () -- C:\Users\Reciclare\AppData\Roaming\Valores Separados por Vírgulas (Windows).ADR

[2011/02/22 17:50:36 | 000,166,637 | ---- | C] () -- C:\Windows\hpoins44.dat

[2011/02/21 13:43:03 | 000,038,371 | ---- | C] () -- C:\Users\Reciclare\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2011/02/11 19:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== ZeroAccess Check ==========

[2005/02/11 09:09:58 | 000,063,918 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Core.u

[2005/02/11 09:10:14 | 000,514,147 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Editor.u

[2005/02/11 09:10:10 | 002,306,560 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Engine.u

[2007/01/19 11:24:04 | 000,011,144 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\ExampleVehicles.u

[2005/02/11 09:10:10 | 000,015,443 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Fire.u

[2005/02/11 09:10:18 | 000,203,444 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Gameplay.u

[2005/02/11 09:10:24 | 000,323,680 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\GUI.u

[2005/02/11 09:10:16 | 000,074,098 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\IpDrv.u

[2005/02/16 08:08:20 | 000,144,314 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\RTInterface.u

[2005/02/11 09:10:24 | 000,015,367 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Runtime.u

[2009/05/05 12:33:30 | 000,042,510 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\RVBase.u

[2009/05/05 12:33:32 | 000,027,589 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\RVInterface.u

[2005/02/11 09:10:14 | 000,012,087 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\UnrealEd.u

[2005/02/11 09:10:16 | 000,028,102 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\UWeb.u

[2007/01/19 11:24:04 | 000,039,166 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Vehicles.u

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/05 16:40:11 | 000,000,000 | -HSD | M] -- C:\Users\Reciclare\AppData\Roaming\.#

[2013/02/02 00:07:15 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\0B1T1L2V1T1J1L

[2011/05/20 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\CTdeveloping

[2012/08/18 21:41:40 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Dropbox

[2011/02/18 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\EssentialPIM

[2013/01/03 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\MediaMonkey

[2012/05/22 18:41:44 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\MusicBrainz

[2011/03/18 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Neoretix

[2013/02/05 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Nokia

[2013/02/05 16:31:38 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Nokia Suite

[2012/08/27 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Octoshape

[2011/03/15 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\OpenOffice.org

[2012/01/12 11:59:34 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\PC Suite

[2011/08/18 12:56:58 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\SoftGrid Client

[2011/04/18 12:39:30 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\TeamViewer

[2012/04/13 16:26:31 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Thinstall

[2011/08/16 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Thunderbird

[2011/06/01 15:10:19 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\TP

[2012/06/27 15:42:19 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Unity

[2013/02/05 09:42:47 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\uTorrent

[2012/08/09 14:02:49 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\webex

[2012/04/04 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Windows Live Writer

[2011/09/16 13:41:28 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\XNote Stopwatch

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2013/02/06 23:19:38 | 000,001,086 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/02/06 23:20:34 | 000,001,078 | ---- | M] () -- C:\AdwCleaner[R2].txt

[2013/02/06 14:10:08 | 000,001,735 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2013/02/06 23:21:33 | 000,001,139 | ---- | M] () -- C:\AdwCleaner[s2].txt

[2013/02/07 08:02:29 | 000,001,203 | ---- | M] () -- C:\AdwCleaner[s3].txt

[2013/02/07 15:22:02 | 000,001,263 | ---- | M] () -- C:\AdwCleaner[s4].txt

[2009/06/10 19:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/07/13 23:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2009/06/10 19:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2013/02/07 16:37:22 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/17 17:50:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/05/17 17:50:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/02/07 16:37:23 | 2075,041,792 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.* /s >

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

[2012/12/15 01:09:41 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_dc3d_01011.Wdf

[2012/12/15 01:10:05 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_point32_01011.Wdf

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 19:31:19 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.com >

[2009/07/14 02:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 02:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 02:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 02:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\*.scr >

[2012/10/30 20:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/03/08 19:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %PROGRAMFILES%\*.* >

[2009/07/14 02:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %LOCALAPPDATA%\*.exe >

< %LOCALAPPDATA%\*.txt >

< %LOCALAPPDATA%\*.ini >

[2012/01/12 12:15:54 | 000,003,584 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %LOCALAPPDATA%\*.dll >

< %LOCALAPPDATA%\*.dat >

[2012/11/14 16:30:32 | 000,145,264 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\GDIPFONTCACHEV1.DAT

< %USERPROFILE%\*.exe >

[2012/04/18 11:13:09 | 000,060,304 | ---- | M] () -- C:\Users\Reciclare\g2mdlhlpx.exe

< %USERPROFILE%\*.txt >

< %USERPROFILE%\*.ini >

[2011/02/18 14:17:34 | 000,000,020 | -HS- | M] () -- C:\Users\Reciclare\ntuser.ini

< %USERPROFILE%\*.dll >

< %USERPROFILE%\*.dat /30 >

[2013/02/07 17:13:11 | 011,272,192 | -HS- | M] () -- C:\Users\Reciclare\ntuser.dat

< %appdata%\*.* >

[2011/09/16 11:53:51 | 000,001,849 | ---- | M] () -- C:\Users\Reciclare\AppData\Roaming\GhostObjGAFix.xml

[2011/09/27 15:10:50 | 000,038,371 | ---- | M] () -- C:\Users\Reciclare\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2012/04/03 15:28:58 | 000,031,988 | ---- | M] () -- C:\Users\Reciclare\AppData\Roaming\Valores Separados por Vírgulas (Windows).ADR

< %windir%\tasks\*.* /s >

[2013/02/07 16:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/06 22:12:26 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job

[2013/02/07 15:53:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job

[2013/02/07 16:09:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job

[2013/02/07 17:09:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job

[2013/02/07 16:37:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2012/12/31 08:05:11 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\tasks\*.* >

[2013/01/15 12:17:50 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater

[2013/02/06 22:34:04 | 000,004,182 | ---- | M] () -- C:\Windows\system32\tasks\avast! Emergency Update

[2012/09/08 19:48:32 | 000,003,560 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core

[2012/09/08 19:48:33 | 000,003,928 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA

[2012/09/15 17:04:45 | 000,003,680 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core

[2012/09/15 17:04:46 | 000,004,076 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA

[2011/07/18 14:59:46 | 000,003,040 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft_Hardware_Launch_IPoint_exe

[2012/11/02 23:41:50 | 000,003,142 | ---- | M] () -- C:\Windows\system32\tasks\MirageAgent

[2011/04/20 11:43:00 | 000,003,960 | ---- | M] () -- C:\Windows\system32\tasks\RecoveryCDWin7

[2011/03/14 15:00:31 | 000,002,866 | ---- | M] () -- C:\Windows\system32\tasks\{1D35374A-611E-4A93-9F3F-B27121BF1796}

[2011/04/18 12:40:18 | 000,003,152 | ---- | M] () -- C:\Windows\system32\tasks\{6B4330E9-0620-4764-AF4E-15077E1F9F7E}

[2011/03/11 14:37:00 | 000,002,968 | ---- | M] () -- C:\Windows\system32\tasks\{9CC9E54C-10A3-4B12-9F53-E63B3AC09047}

< %PROGRAMFILES%\Internet Explorer\*.* >

[2011/03/15 14:59:18 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe

[2011/03/15 14:59:18 | 000,002,535 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc

[2011/03/15 14:59:18 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iecleanup.exe

[2011/03/15 14:59:18 | 000,307,200 | ---- | M] () -- C:\Program Files\Internet Explorer\iediagcmd.exe

[2012/11/14 00:01:45 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll

[2011/03/15 14:59:17 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe

[2011/03/15 14:59:17 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe

[2012/11/13 23:52:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll

[2012/11/13 23:51:48 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll

[2010/11/05 00:20:53 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb

[2009/07/13 23:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll

[2012/11/16 14:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

[2012/11/14 00:00:20 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll

[2011/03/15 14:59:15 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll

[2011/03/15 14:59:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll

[2011/03/15 14:59:18 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll

[2009/06/10 19:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll

[2011/03/15 14:59:17 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll

[2009/06/10 19:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll

[2012/11/16 14:33:24 | 000,149,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}]

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}

"DownloadRetries" = 0

"Version" = 3

"UpgradeTime" = 41 A4 00 0B F8 E3 CB 01 [binary data]

"ShowSearchSuggestionsInAddressGlobal" = 1

"DoNotAskAgain" = 22find.comgoogle.com [binary data]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A1376AA6-468F-4666-8172-D9E2D0E55E11}]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = 46 00 00 00 35 0F 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 DB D3 3D A5 62 05 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A B8 18 65 2F 74 3F 57 FF F1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes]

"SavedLegacySettings" = 46 00 00 00 76 29 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 DB D3 3D A5 62 05 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A B8 18 65 2F 74 3F 57 FF F1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes]

"Conexão de Banda Larga" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >

"SynTPEnh" = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -- [2011/10/14 05:36:24 | 002,299,176 | ---- | M] (Synaptics Incorporated)

"RTHDVCPL" = C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s -- [2010/01/29 20:59:00 | 005,110,304 | ---- | M] (Realtek Semiconductor)

"RtkOSD" = C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe -- [2010/01/12 22:32:22 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.)

"HP Quick Launch" = C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe -- [2010/01/18 15:03:20 | 000,572,416 | ---- | M] (Hewlett-Packard Company)

"Adobe ARM" = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [2012/12/03 05:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated)

"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [2012/12/19 12:39:05 | 000,041,208 | ---- | M] (Adobe Systems Incorporated)

"WirelessAssistant" = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -- [2009/07/23 12:04:42 | 000,498,744 | ---- | M] (Hewlett-Packard)

"CertificateRegistration" = aetcrss1.exe -- [2010/07/20 14:02:32 | 000,151,552 | ---- | M] (A.E.T. Europe B.V.)

"IgfxTray" = C:\Windows\system32\igfxtray.exe -- [2011/02/11 20:26:32 | 000,137,752 | ---- | M] (Intel Corporation)

"HotKeysCmds" = C:\Windows\system32\hkcmd.exe -- [2011/02/11 20:26:26 | 000,171,032 | ---- | M] (Intel Corporation)

"Persistence" = C:\Windows\system32\igfxpers.exe -- [2011/02/11 20:26:30 | 000,172,568 | ---- | M] (Intel Corporation)

"GrooveMonitor" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" -- [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation)

"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software)

"HP Software Update" = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe -- [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard)

"VX1000" = C:\Windows\vVX1000.exe -- [2009/06/30 22:23:54 | 000,762,208 | ---- | M] (Microsoft Corporation)

"NSU_agent" = "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" -- [2012/02/28 16:53:48 | 000,190,768 | ---- | M] ()

"MSC" = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -- [2012/09/12 18:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation)

"SunJavaUpdateSched" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -- [2012/09/17 13:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.)

"IntelliType Pro" = "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" -- [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation)

"IntelliPoint" = "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" -- [2012/11/02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation)

"SDTray" = "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" -- [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >

< HKCU\Software\Microsoft\Internet Explorer\Downloads >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< MD5 for: 22FIND.LNK >

[2013/02/02 00:31:09 | 000,002,297 | ---- | M] () MD5=1E4DCBECE7EED56146FEFFF88B5E62FF -- C:\Users\Reciclare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk

< MD5 for: 22FIND.XML >

[2013/02/02 00:31:07 | 000,000,745 | ---- | M] () MD5=41D592560A6AB61210F0B0511031D9F1 -- C:\Program Files\Mozilla Firefox\searchplugins\22find.xml

[2013/02/02 00:31:07 | 000,000,745 | ---- | M] () MD5=41D592560A6AB61210F0B0511031D9F1 -- C:\Program Files\Mozilla Firefox\updated\searchplugins\22find.xml

< MD5 for: 22FIND[1].COM >

[2013/02/06 23:37:06 | 000,000,085 | ---- | M] () MD5=E41D01C2A279F73C442EE91025CBAD07 -- C:\Users\Reciclare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q6O4I9Q\22find[1].com

< MD5 for: 22FIND_COM[1].HTM >

[2013/02/06 13:33:03 | 000,036,712 | ---- | M] () MD5=87D10C6B56D02A6397C8A24DE3ACE7DC -- C:\Users\Reciclare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q6O4I9Q\22find_com[1].htm

[2013/02/06 14:00:36 | 000,036,712 | ---- | M] () MD5=87D10C6B56D02A6397C8A24DE3ACE7DC -- C:\Users\Reciclare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\443WII0W\22find_com[1].htm

< MD5 for: SERVICES >

[2011/03/11 16:11:03 | 000,017,508 | ---- | M] () MD5=3AB9C804748FE6F4B9332C892EE43E1B -- C:\Windows\System32\drivers\etc\services

[2011/04/15 16:27:14 | 000,000,059 | ---- | M] () MD5=4464581BE20A7D0DE975855A3299C0CD -- C:\Windows\services

[2009/06/10 19:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.DAT >

[2013/02/02 22:47:04 | 000,001,508 | ---- | M] () MD5=687B06F8F906AE9FC4D92F16F19356C0 -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >

[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe

[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2010/05/21 15:12:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui

[2010/05/21 15:12:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui

< MD5 for: SERVICES.ISC >

[2009/06/10 19:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services.isc

< MD5 for: SERVICES.LNK >

[2009/07/14 02:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/14 02:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/14 02:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >

[2011/08/01 13:39:08 | 000,063,207 | ---- | M] () MD5=E3EA0CDC5B5CA7B421BD775AAD60F9DA -- C:\ProgramData\HP\Installer\Temp\services.log

[2011/08/01 13:39:08 | 000,063,207 | ---- | M] () MD5=E3EA0CDC5B5CA7B421BD775AAD60F9DA -- C:\Users\All Users\HP\Installer\Temp\services.log

[2011/08/01 13:39:08 | 000,063,207 | ---- | M] () MD5=E3EA0CDC5B5CA7B421BD775AAD60F9DA -- C:\Users\Todos os Usuários\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >

[2009/06/10 19:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof

[2009/06/10 19:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >

[2009/06/10 19:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc

[2009/06/10 19:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

[2010/05/21 15:12:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc

[2010/05/21 15:12:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc

< MD5 for: SERVICES.PTXML >

[2009/07/13 18:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml

[2009/07/13 18:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >

[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs

< End of report >

OTL Extras logfile created on: 07/02/2013 16:56:26 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reciclare\Downloads

Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,30 Gb Available Physical Memory | 15,51% Memory free

3,87 Gb Paging File | 1,47 Gb Available in Paging File | 38,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287,35 Gb Total Space | 158,20 Gb Free Space | 55,06% Space Free | Partition Type: NTFS

Drive D: | 10,45 Gb Total Space | 1,77 Gb Free Space | 16,93% Space Free | Partition Type: NTFS

Drive E: | 99,34 Mb Total Space | 95,22 Mb Free Space | 95,85% Space Free | Partition Type: FAT32

Drive H: | 3,84 Gb Total Space | 0,00 Gb Free Space | 0,13% Space Free | Partition Type: FAT32

Computer Name: RECICLARE-PC | User Name: Reciclare | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{28D26C38-FBC8-4A40-8355-CAEC68EA3DE0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{327936E8-C549-4B65-97D5-C9EE58DEA002}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{362E3E50-0DC2-4BFE-AA4E-8CEF5E6AB828}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{406F82CC-DFAB-48F9-A639-8D5072B5094E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{48C22BC4-4C03-47D2-97FB-8F2A2B05200E}" = rport=139 | protocol=6 | dir=out | app=system |

"{4D10409A-227F-44AB-B0DB-E33A9F68AA83}" = rport=445 | protocol=6 | dir=out | app=system |

"{5EDD5037-BD59-468E-BD9D-C37857446972}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{64FFC6E1-7739-4A24-B8B1-116DD2C9163D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{75328F97-26D2-402C-AC11-77357FD56C52}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{7E46718E-8CD8-402E-8112-1080844CFBBD}" = lport=137 | protocol=17 | dir=in | app=system |

"{88FD1011-379B-40B4-BEF0-64559B8E4414}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{89FE4A72-29D5-4B4F-AF00-FCB1953B394E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{91F271C4-2A7E-4040-8ECA-4A5BC76C9E1D}" = lport=139 | protocol=6 | dir=in | app=system |

"{94635A09-5732-4295-BA1F-90968A94BB4D}" = lport=138 | protocol=17 | dir=in | app=system |

"{9D3CB37E-0147-4DA3-987C-ED65FC11A43A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A6B05EBC-E3A5-42C0-8D40-590BFCA24DDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B0E0BC3C-267D-4A30-8329-653DD5711DF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{BF21A774-509C-4C37-9EC6-AE925E37C607}" = rport=137 | protocol=17 | dir=out | app=system |

"{C44721DB-30F1-49CE-86F0-F1FA9D425051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CA05343E-0435-4EE1-B91A-E142B0EF61B2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CB12DEB7-AA9A-4AE9-B23B-C0D0A8411B52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D6C39787-B6F8-4D6E-9556-FE1313C46909}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{DAAE9ACE-2AC1-4E80-8CD7-FF60A2A46388}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{E4E43D24-FC6E-4D18-8A23-9C5307EF1767}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{E936E19E-E6D3-429C-92FB-F2C724B3C090}" = lport=445 | protocol=6 | dir=in | app=system |

"{F3511814-6281-48FD-BE1C-63385634338A}" = rport=138 | protocol=17 | dir=out | app=system |

"{FDDCFCE1-97CE-4D04-BD25-4CDEDA44D0E0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{033E8FB4-B01B-4C09-91CC-506F03293DBF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{0707ECD4-4787-41A2-89FD-9DCD4D6BE6FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{100FAEE9-4924-4E70-8CE1-9DFE3C03A32F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{3279AA80-A329-4CE2-82B4-F7872971A6F0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{3725C24A-C657-449F-8C28-BA539ABBAAB9}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |

"{38FB998A-C6B2-4788-8CEC-C1DFB5D3D6EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{3C935127-ED4B-4FE6-9EDC-21CA6CE5ABA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

"{3CA76DC9-9EDD-45A8-9F28-EE059B2D1103}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3CB262CD-92F3-43EF-8429-6A86F9B1ACFC}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{47235843-4203-4D8E-8F6D-28918318AEFF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{511FE878-FE78-467F-B29B-3A96D124DAEA}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |

"{5C0BD64D-9B02-44AE-A8CF-909805D42C43}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{5CAB2D4B-93F1-4346-9DED-EAA085147DDF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{65FB0E1F-E222-4F30-A881-4006C7AA7536}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6C842BEB-4C60-4A6A-994B-94AAB19D8DBB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{6E124BA5-0630-4299-9FDE-44DD100744BD}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |

"{74EA954C-58AB-43FB-ABDF-9F1F09EA4567}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{77C972C1-A815-4381-9941-AF99566C0FA7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{7A54764B-7DEE-4BBC-B425-D2191CFDCCE5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{7D7C051F-2E22-40AE-BC69-E8C00835A485}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7DDA47C6-1A38-4E38-9007-4855B745F9F2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"{7E660637-D469-436E-9083-E27D16F0C106}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{89D049E1-A300-4172-86C2-107E154271F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8A4B2723-6BD3-4B3C-9DC6-4263D789C55D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{93036786-DEB1-478E-BB81-E3FFA85F221A}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"{9BC1C1B4-D58B-468D-84FF-CE939FB8A958}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{9D554B75-E900-4310-B87E-12F2AA0DADD2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"{A062DF0A-FCD0-4699-8B49-632BD3356579}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |

"{A61602A4-8D83-4DF2-BA49-A092C0FBC943}" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\roaming\dropbox\bin\dropbox.exe |

"{A9E1F5C2-7AFD-40FC-943C-EB574CE1ABFB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{AAF4086E-5D51-4D3C-9F6F-1975ADB84283}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AD1748BC-0FA8-4562-865B-6F23C4E110C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{B14E52E2-CE79-4627-A0AD-83527CD3EB81}" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\roaming\dropbox\bin\dropbox.exe |

"{B1E967DA-6B2C-4FDC-9825-E180B218D3D2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{B5F2D805-8675-4692-BF28-B6ACED030DE1}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |

"{BBB73017-B51A-4584-B1CC-41C536065B25}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"{C0DCB899-A807-468B-A12E-175BF4E13795}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C805420C-DE09-4AF6-BDF2-A7C361B1A65F}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |

"{CEA0551D-ACB4-4EA4-B19E-D4CC3153F9B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{D3A8B220-BD55-4087-958A-C63C3A10F3FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{DF0449B2-7830-428A-861A-5E5690BBE0EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{E09D364C-63F7-4D7D-9BFB-AC4830D686BB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{E1A0315F-EED9-4440-994D-A210F51303BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{E2F00B92-C04F-4AA6-BF84-E89D37BC0707}" = dir=in | app=c:\users\reciclare\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{E3DF903F-B981-49E9-A40D-241BE7E8054D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{E6588EA0-B1C0-40D4-8D7F-49539B12599F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{EB1BCC96-0EDC-4FE0-BC10-FF9F4764C3AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{EF93B657-3843-4F89-87FC-858427A2CF96}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{F1A363C2-EB19-4C65-9A05-454E471C6CC4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{F454A243-96A3-499F-BB3A-37A3185D933A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{FA88E264-F407-479F-8F28-9968D9EDBFAB}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |

"{FB82C7BD-F2B7-4EAA-8753-52221AE87E68}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"TCP Query User{05A7C890-3BF0-4FED-AF6B-3D4F1010BBB6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"TCP Query User{260F129D-843A-4895-9FF6-DADE9019A2DA}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |

"TCP Query User{2B872D05-8394-428E-8025-8A509D58DAA7}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{30BDBA25-B9CA-4231-86D4-CD7DDC9EAB92}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{3CB16BF4-DFFB-4696-A93C-D932E7BD5F28}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{5EBD8007-BBC9-4ED4-9FA4-3F61E970DC4D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

"TCP Query User{62FB1711-AB6B-4BCA-AE62-08ECB4B3D78A}C:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

"TCP Query User{6D893407-1571-4161-8E72-02C7A9420409}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{ABD7526B-1CAA-4B65-9814-60D6C44D10C2}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{B30AF153-2521-456D-8DE9-F9CD213BA7FE}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{B5286CB7-A151-4A27-B4A9-19762CFB0529}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |

"TCP Query User{DCA6E261-CE08-43A8-AB70-60BC8E8C9D95}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{DE841C01-917A-44EA-B893-8E5415641141}F:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |

"TCP Query User{E979B03C-BBBF-4293-AA34-1BEFCAE9A722}F:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |

"UDP Query User{029F6430-EACF-4D23-B65F-4005A9A09075}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |

"UDP Query User{040FA116-D02A-4573-A075-4E3A96BE7094}F:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |

"UDP Query User{2262F6EA-2455-448D-B0DC-FDED347BE549}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |

"UDP Query User{237D30F8-96F9-4EBF-8D5B-86D409392EC6}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{3664EAF4-3056-4E04-B2AC-3D5542B6DC6C}F:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |

"UDP Query User{3FABCFAF-52C5-45C2-90E9-C5EA450C76F0}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{492B5E47-9C02-490B-BCD4-D53A525D59EA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{6D7E6119-783D-409E-BE60-42E90146A114}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{8FEDC893-003C-4584-8F8B-FBD556717B3A}C:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

"UDP Query User{976183F7-3B5C-4D83-A242-703081B0A463}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{B740D595-12B1-40EC-A7C6-15D9812FD239}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{C04999F7-0C9A-425B-836F-256F10C77007}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{DDC508BB-053F-41C1-B034-DB19FBDAC398}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

"UDP Query User{FCBDAD1E-2AD9-4474-9EA3-B3C6A96796D5}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5

"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{15B43B38-838A-4391-BFCA-4812A8F9C0CB}_is1" = Colgate Server versão 1.0

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{17D95DC6-0FF1-40CF-9C09-B7C8B314D45B}" = PDF Text Reader

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA

"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 39

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion

"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources

"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant

"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite

"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{5C0F5746-65D7-4C6A-B371-F84E3CE33F19}_is1" = Tomatoon on The Roads versão 1.4

"{5C3E37A9-B7A7-4CDD-8A87-EB6701AFD571}" = HP User Guides 0179

"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw

"{6347401C-C260-4B30-9816-8F5A1419CC49}" = SafeSign

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution

"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84374A47-1DF5-4013-90D4-1288819869B1}" = Central de Mouse e Teclado da Microsoft

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav

"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AAA4C7D4-9EB0-41EC-A3C9-63C120C43508}_is1" = TubeHunter Ultra 4.31

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy

"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{BB714421-5538-49D2-B29D-991DAEA3CDDC}_is1" = Pisando no Tomatoon versão 1.2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Backup das pastas particulares do Microsoft Outlook

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English

"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin

"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E29D8938-2E48-498C-832D-9663DCABD55F}" = Visual Basic for Applications ® Core - Portuguese (Brazil)

"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN

"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F50E691C-FAA1-45E3-A04C-DC3604D496CE}" = HP Quick Launch

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR

"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser

"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Pacote de Driver do Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ArtCRM_is1" = ArtCRM 4.3

"aTube Catcher" = aTube Catcher

"avast" = avast! Free Antivirus

"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 4.1)

"eMule" = eMule

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EssentialPIM" = EssentialPIM

"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.3)

"FBDBServer_2_0_is1" = Firebird 2.0.1

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InterBase" = InterBase

"LSI Soft Modem" = LSI HDA Modem

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.70.0.1100

"MediaMonkey_is1" = MediaMonkey 4.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"Microsoft Mouse and Keyboard Center" = Central de Mouse e Teclado da Microsoft

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 18.0.2 (x86 pt-BR)" = Mozilla Firefox 18.0.2 (x86 pt-BR)

"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MusicBrainz Picard" = MusicBrainz Picard

"Nokia PC Suite" = Nokia PC Suite

"Nokia Suite" = Nokia Suite

"Shop for HP Supplies" = Shop for HP Supplies

"Star Trek Online" = Star Trek Online

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"uTorrent" = µTorrent

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"XNote Stopwatch" = XNote Stopwatch

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Emissor de Nota Fiscal Eletrônica (NF-e) 2.0" = Emissor de Nota Fiscal Eletrônica (NF-e) 2.0

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 5.1.0.880

"Spybot - Search & Destroy Packages" = Spybot - Search & Destroy Packages

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0

Description =

[ Hewlett-Packard Events ]

Error - 31/01/2013 08:54:26 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:26 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:28 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:28 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:30 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:55:28 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Message: Referência de objeto não definida para uma instância de

um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean

includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01

Path:

C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:

1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

[ OSession Events ]

Error - 14/09/2011 11:08:04 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 156

seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/05/2012 15:52:42 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8031

seconds with 1860 seconds of active time. This session ended with a crash.

Error - 31/05/2012 08:49:10 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 278

seconds with 60 seconds of active time. This session ended with a crash.

Error - 13/06/2012 08:18:43 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 89

seconds with 60 seconds of active time. This session ended with a crash.

Error - 19/06/2012 14:31:28 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5654

seconds with 900 seconds of active time. This session ended with a crash.

Error - 26/06/2012 14:41:53 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15145

seconds with 660 seconds of active time. This session ended with a crash.

Error - 25/07/2012 07:45:07 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 07/02/2013 14:38:21 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7009

Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão

do serviço MBAMScheduler.

Error - 07/02/2013 14:38:21 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço MBAMScheduler devido ao seguinte

erro: %%1053

Error - 07/02/2013 14:38:22 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7011

Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta

de uma transação do serviço HPWMISVC.

Error - 07/02/2013 14:38:52 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7011

Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta

de uma transação do serviço HPWMISVC.

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

EES,

Foi detectado uma possível infecção por Rootkit.

Estou repassando seu problema para um especialista. Ele fará a análise e, caso seja confirmado, indicará os procedimentos a serem adotados.

Peço que aguarde para darmos andamento ao tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá EES! Por favor, siga estas instruções:

1 - Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

%appdata%\.#\*.

%appdata%\.#\*.*

Execute o OTL.exe.

Clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha Colar

Feche TODAS as janelas (exceto o próprio OTL).

Onde diz Saída, marque a opção Padrão

Clique no botão botaoNenhum.png e em seguida clique no botão botaoverificar.png

Quando terminar, um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na mesma pasta onde está o OTL.exe, ou seja, na sua área de trabalho, com o nome OTL.txt

2 - Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além da checkbox Internet Services que já vem marcada por padrão, marque as seguintes checkboxes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

3 - Baixe RogueKiller e salve no desktop.

Dê um duplo-clique sobre o RogueKiller.exe.

Clique no botâo Verificar. Aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os ítens antes de fazer isso.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sam, obrigado pela ajuda. Seguem logs:

OTL logfile created on: 08/02/2013 12:09:49 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reciclare\Downloads

Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 48,97% Memory free

3,87 Gb Paging File | 2,07 Gb Available in Paging File | 53,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287,35 Gb Total Space | 159,02 Gb Free Space | 55,34% Space Free | Partition Type: NTFS

Drive D: | 10,45 Gb Total Space | 1,77 Gb Free Space | 16,93% Space Free | Partition Type: NTFS

Drive E: | 99,34 Mb Total Space | 95,22 Mb Free Space | 95,85% Space Free | Partition Type: FAT32

Drive H: | 3,84 Gb Total Space | 0,00 Gb Free Space | 0,13% Space Free | Partition Type: FAT32

Computer Name: RECICLARE-PC | User Name: Reciclare | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %appdata%\.#\*. >

< %appdata%\.#\*.* >

< End of report >

Farbar Service Scanner Version: 30-01-2013

Ran by Reciclare (administrator) on 08-02-2013 at 12:12:08

Running from "C:\Users\Reciclare\Downloads"

Windows 7 Home Basic Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

RogueKiller V8.4.4 [Feb 5 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Site : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : Reciclare [Privilegios de Admnistrador]

Modo : Verificar -- Data : 02/08/2013 12:16:17

| ARK || MBR |

¤¤¤ Entradas ruins : 2 ¤¤¤

[sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> FINALIZADO [TermProc]

[sUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> FINALIZADO [TermProc]

¤¤¤ Entradas do Registro : 6 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO

[HJ] HKLM\[...]\System : EnableLUA (0) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI +++++

--- User ---

[MBR] 20d7eabc04e90f6d3ac819e8d9ed1576

[bSP] f02daf6b01080651ada0bceee89c8f28 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 294245 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603023360 | Size: 10696 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++

--- User ---

[MBR] 3f1bc15b73f40e3af8c8b29bc03bca3f

[bSP] c79bdcb1f4cea35f19f31f7b1f02b3cd : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Concluido : << RKreport[1]_S_02082013_02d1216.txt >>

RKreport[1]_S_02082013_02d1216.txt

ah, em tempo: agora o Firefox está reagindo de forma estranha, ficou lento, e alguns jogos que eu jogava no facebook não estão rodando........só por garantia, não estou usando o firefox tb!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Em qualquer pasta, clique em Organizar, depois > Opções de Pasta e Pesquisa.

Clique na aba Modo de Exibição.

Role a tela até encontrar e desmarque:

Ocultar as extensões dos tipos de arquivo conhecidos

Ocultar arquivos protegidos do sistema operacional

Marque:

Mostrar pastas e arquivos ocultos

Tecle Windows+R e na caixa Executar, digite (ou copie e cole):

%appdata%

Dê o OK. Na pasta que abrirá, veja se consegue localizar uma pasta com estes caracteres ou semelhantes: .#

Entre nela e veja que arquivos estão lá. Se puder pegue uma screen e coloque aqui na próxima resposta.

Baixe 2mfgk11.png e salve no desktop.

Dê um duplo clique para executar o SecurityCheck by screen317.

Na janela que abrirá pressione qualquer tecla para continuar. Aguarde enquanto a ferramenta faz o exame.

Ao final, abrirá um log, o checkup.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sam, me perdoe pela falta de conhecimento, mas não entendi o que fazer em organizar qquer pasta....

Em qualquer pasta, clique em Organizar, depois > Opções de Pasta e Pesquisa.

Clique na aba Modo de Exibição.

Role a tela até encontrar e desmarque:

Desculpe em te amolar com isso, mas realmente não entendi!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Desculpe em te amolar com isso, mas realmente não entendi!

Sem problema.

Abra qualquer pasta, e verá o menu Organizar:

1zqdd0n.png

Clique na seta que expandirá as opções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Realmente me desculpe. Quando me liguei o que era, quase bati a cabeça na parede....risos.....efeito do carnaval q não pulo.....

A pasta .# está vazia. Fiz o procedimento (não consegui colar o screen, sorry), mas está vazia.

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spybot - Search & Destroy

Malwarebytes Anti-Malware versão 1.70.0.1100

Java 6 Update 39

Java version out of Date!

Adobe Flash Player 11.5.502.149

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (18.0.2)

Mozilla Thunderbird (6.0). Thunderbird out of Date!

Google Chrome 24.0.1312.57

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Spybot Teatimer.exe is disabled!

Malwarebytes' Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Compartilhar este post


Link para o post
Compartilhar em outros sites

Delete a pasta .#. Você desativou o UAC (Controle da Conta de Usuário)?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pasta Deletada! Qto ao UAC, sinceramente não me lembro se tinha desativado ou não.

de qquer maneira, deixei ativado pra avisar sempre!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, a pasta não teve ligação com um rootkit. Vou retornar o tópico ao CarlosTurco para prosseguir na remoção das outras infecções. :legal:

Abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

1)

Rode novamente o RogueKiller.

Na guia Registro deixe marcado somente.

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO

[HJ] HKLM\[...]\System : EnableLUA (0) -> ENCONTRADO

Ao final do scan, clique no botão Deletar. Aguarde o processo finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[2].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

2)

Poste um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

RogueKiller V8.5.0 [Feb 9 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Site : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : Reciclare [Privilegios de Admnistrador]

Modo : Remover -- Data : 02/10/2013 10:03:45

| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETADO

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI +++++

--- User ---

[MBR] 20d7eabc04e90f6d3ac819e8d9ed1576

[bSP] f02daf6b01080651ada0bceee89c8f28 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 294245 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603023360 | Size: 10696 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++

--- User ---

[MBR] 3f1bc15b73f40e3af8c8b29bc03bca3f

[bSP] c79bdcb1f4cea35f19f31f7b1f02b3cd : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Concluido : << RKreport[3]_D_02102013_02d1003.txt >>

RKreport[1]_S_02082013_02d1216.txt ; RKreport[2]_S_02102013_02d1000.txt ; RKreport[3]_D_02102013_02d1003.txt

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:08:24, on 10/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe

C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\System32\aetcrss1.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\vVX1000.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\notepad.exe

C:\Users\Reciclare\Downloads\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s

O4 - HKLM\..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Users\Reciclare\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DE331915898753E821AA827585B3065A] "C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 15041 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos, em tempo: meu firefox está muito estranho, lento e não acessando diversos apps do facebook. Não sei o q pode ser.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:

http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png .

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Verificar All Users
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
  • Usar SafeList em Exame Extra do Registro

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.* /s

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

%PROGRAMFILES%\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%appdata%\*.*

%windir%\tasks\*.* /s

%systemroot%\system32\tasks\*.*

%PROGRAMFILES%\Internet Explorer\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

/md5start

22find*

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.