Ir para conteúdo

Foto

find22 : não consigo tirar


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
44 respostas neste tópico

#1
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
Boa noite!
Preciso de ajuda. abaixo segue log. Este find22...em tese, consegui tirar do firefox, mas no IE9 eu não obtive sucesso.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:59:05, on 06/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\aetcrss1.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...8&ts=1359772258
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...8&ts=1359772258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.co...8&ts=1359772258
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Reciclare\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DE331915898753E821AA827585B3065A] "C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 15738 bytes

#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.870 posts
Olá, EES.

Seja bem-vindo ao Fórum do Linha Defensiva. :legal:

Siga os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em Imagem Postada.

Clique em Delete.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Completa e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

3)

Baixe o MbrScan.exe e salve no desktop.
http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em Imagem Postada

Selecione, copie e cole o seu conteúdo na próxima resposta.

#3
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
Anexando os logs...que por enquanto não adiantaram, porque o bendito do 22find ainda aparece no meu IE!!!!


# AdwCleaner v2.111 - Logfile created 02/06/2013 at 14:09:35
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)
# User : Reciclare - RECICLARE-PC
# Boot Mode : Normal
# Running from : C:\Users\Reciclare\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Reciclare\AppData\Local\APN
Folder Deleted : C:\Users\Reciclare\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (pt-BR)

File : C:\Users\Reciclare\AppData\Roaming\Mozilla\Firefox\Profiles\x78k6p7b.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************




[code=auto:0]
MBRScan v1.1.1

OS : Windows 7 Service Pack 1 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2013/02/07 (ISO 8601) at 14:32:03
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __SAMSUNG HM321HI (2AJ1)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK : Device\Harddisk1\DR1 __Kingston DataTraveler 2.0 (PMAP)
BUS_TYPE : (0x07) USB
USE_PIO : NO
MAX_TRANSFER : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0 298.1 Go [Fixed] ==> HP Recovery Manager

MBR_MD5 : 20D7EABC04E90F6D3AC819E8D9ED1576
MBR_SHA1 : E90A1370ACCA2C82DDEE5B08E4BE5D263B202D74

Device\Harddisk0\Partition1 199.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 287.3 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 10.45 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition4 103.3 Mo 0x0C FAT32 [LBA]
________________________________________________________________________________

Device\Harddisk1\DR1 3.84 Go [Removable] ==> Unknown MBR Code

MBR_MD5 : 3F1BC15B73F40E3AF8C8B29BC03BCA3F
MBR_SHA1 : 5D23EB53D289454758024BC5602ADF162618C70C

Device\Harddisk1\Partition1 3.84 Go 0x0B FAT32 [CHS]
________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x8EA10000
SIZE : 872.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x919A4000
SIZE : 68.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00 3À.м.|û.À.Ø.ô¿.
0x00000010 06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00 .¹..üó¤ê`.......
0x00000020 52 65 63 6F 76 65 72 79 4D 67 72 20 00 68 F1 23 RecoveryMgr .hñ#
0x00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A ................
0x00000050 00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF ....W...........
0x00000060 86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75 .L½¾0.¬´.3ÛÍ..Àu
0x00000070 F5 E3 0B FE 06 13 06 53 53 E8 6D 00 EB 36 B8 12 õã.þ...SSèm.ë6¸.
0x00000080 5F 66 BA 51 50 48 5F CD 15 80 E3 01 74 20 EB 24 _fºQPH_Í..ã.t ë$
0x00000090 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 03 F2 66 ..l.úf¡..¿T.±.òf
0x000000A0 AF FB 74 0A A1 3D 00 00 C2 83 F8 24 76 E6 B0 01 ¯ût.¡=..Â.ø$væ°.
0x000000B0 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E 2C 06 66 .Àu.»Æ}f.7f.>,.f
0x000000C0 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 06 EB 10 ;÷t..Ã.sîë.»(.ë.
0x000000D0 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 F5 EB FE »Â}..ü.x..Ã.sõëþ
0x000000E0 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 B4 08 B2 f.w.è...äÈ...´.²
0x000000F0 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 C0 E9 06 .Í..Á$?þÆ.ØöæÀé.
0x00000100 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B 46 04 73 .ÍA.÷á9V..V..F.s
0x00000110 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 CC 41 8A .÷ñ..öó.ÍÀá..ÌA.
0x00000120 F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 83 C4 10 ð¸..».|.&..ë..Ä.
0x00000130 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B F4 B8 00 ..RP.h.|j.j..ô¸.
0x00000140 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E 1F BB 1B B².Í.ÉÂ...PS..».
0x00000150 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 74 1A 3C ....$..G.ä`<àt.<
0x00000160 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 74 04 84 .t.<*t.<6t.<8t..
0x00000170 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F 88 07 5B Ày.f.'.ë.þ.....[
0x00000180 58 1F EA 00 00 00 00 00 00 00 00 00 00 00 00 00 X.ê.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 FC 80 BF C8 00 00 80 20 ........ü.¿È...
0x000001C0 21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E !..~%......8...~
0x000001D0 26 19 07 FE FF FF 00 40 06 00 00 28 EB 23 00 FE &..þ...@...(ë#.þ
0x000001E0 FF FF 07 FE FF FF 00 68 F1 23 00 40 4E 01 00 FE ...þ...hñ#.@N..þ
0x000001F0 FF FF 0C FE FF FF 00 A8 3F 25 B0 3A 03 00 55 AA ...þ...¨?%°:..Uª




Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados: v2013.02.07.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Reciclare :: RECICLARE-PC [administrador]

Proteção: Não permitir

07/02/2013 08:10:34
mbam-log-2013-02-07 (08-10-34).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 425218
Tempo decorrido: 2 hora(s), 42 minuto(s), 8 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.870 posts

Anexando os logs...que por enquanto não adiantaram, porque o bendito do 22find ainda aparece no meu IE!!!!

Peço que tenha paciência. Estamos também fazendo uma limpeza preliminar pois há muitos PUPs (Potentially Unwanted Programs) e adwares no seu log.

Baixe Imagem Postada e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione Imagem Postada

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta, juntamente com o conteúdo do AdwCleaner[S1].txt e um novo log do HijackThis.

#5
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
CarlosTurco, só tenho a agradecer! é que realmente ficar vendo este find22 deixa a gente louco! rs

Seguem os logs solicitados:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Basic x86
Ran by Reciclare on 07/02/2013 at 15:06:38,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Reciclare\AppData\Roaming\mozilla\firefox\profiles\x78k6p7b.default\prefs.js
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*");
Emptied folder: C:\Users\Reciclare\AppData\Roaming\mozilla\firefox\profiles\x78k6p7b.default\minidumps [144 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/02/2013 at 15:15:32,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v2.111 - Logfile created 02/07/2013 at 15:21:31
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)
# User : Reciclare - RECICLARE-PC
# Boot Mode : Normal
# Running from : C:\Users\Reciclare\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (pt-BR)

File : C:\Users\Reciclare\AppData\Roaming\Mozilla\Firefox\Profiles\x78k6p7b.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1086 octets] - [06/02/2013 23:19:22]
AdwCleaner[R2].txt - [1078 octets] - [06/02/2013 23:20:27]
AdwCleaner[S1].txt - [1735 octets] - [06/02/2013 14:09:35]
AdwCleaner[S2].txt - [1139 octets] - [06/02/2013 23:21:02]
AdwCleaner[S3].txt - [1203 octets] - [07/02/2013 07:55:49]
AdwCleaner[S4].txt - [1134 octets] - [07/02/2013 15:21:31]

########## EOF - C:\AdwCleaner[S4].txt - [1194 octets] ##########




ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:31:34, on 07/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\aetcrss1.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...8&ts=1359772258
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Reciclare\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DE331915898753E821AA827585B3065A] "C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 15628 bytes


PS: Eu só dei scan no hijack. Precisa dar fix ou algo assim?

De novo, muito obrigado!

#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.870 posts
Verifique nas propriedades (botão direito no atalho -> Propriedades) dos atalhos dos navegadores se há alguma alteração para abertura do site 22find, caso tenha remova.

Abra o IE, vá no ícone de Configurações e clique nele, selecione Gerenciar complementos > Barra de Ferramentas e Extensões > selecione o 22find e desabilite.

Em Provedores de Pesquisa > selecione e remova o 22find se o encontrar.

Feche o IE. Clique com o direito no ícone do IE na barra de ferramentas > Internet Explorer > Propriedades.

Em Destino remova o http:www.22find.com deixando o resto.

Depois clique em Aplicar > Ok.

Se estiver com o Firefox aberto, feche-o.

Segure a tecla SHIFT e abra o Firefox. Aguarde até aparecer a janela Modo de segurança do Firefox.

Clique no botão Iniciar no modo de segurança.

Quando o navegador abrir, clique na seta deste botão Imagem Postada no canto superior esquerdo.

Depois selecione Complementos. Nas abas Extensões e Plugins, localize o 22find e se encontrar, selecione e clique no botão Excluir

Clique de novo no botão Imagem Postada. Clique em Opções. Remova a página inicial do 22find se encontrar e coloque a que quiser.

Feche o Firefox e depois clique com o direito no seu ícone do desktop. Selecione Propriedades

Em Destino remova o http:www.22find.com deixando o resto.

Depois clique em Aplicar > Ok.


Depois teste todos os navegadores para ver se estão Ok.

- Poste um novo log do HijackThis.

#7
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
Novamente obrigado, CarlosTurco!

Segue o log. Aparentemente, não aparece mais...mas o que é este find22 no log do Hijack?


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:44:38, on 07/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\aetcrss1.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Reciclare\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...8&ts=1359772258
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Reciclare\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DE331915898753E821AA827585B3065A] "C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 15291 bytes

#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.870 posts

Segue o log. Aparentemente, não aparece mais...mas o que é este find22 no log do Hijack?

Ainda resta algumas entradas a ser removidas.

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada
.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%appdata%\*.*
%windir%\tasks\*.* /s
%systemroot%\system32\tasks\*.*
%PROGRAMFILES%\Internet Explorer\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start
22find*
services.*
/md5stop


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip e anexe-os à sua resposta.

#9
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
OTL logfile created on: 07/02/2013 16:56:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reciclare\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,30 Gb Available Physical Memory | 15,51% Memory free
3,87 Gb Paging File | 1,47 Gb Available in Paging File | 38,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,35 Gb Total Space | 158,20 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
Drive D: | 10,45 Gb Total Space | 1,77 Gb Free Space | 16,93% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 95,22 Mb Free Space | 95,85% Space Free | Partition Type: FAT32
Drive H: | 3,84 Gb Total Space | 0,00 Gb Free Space | 0,13% Space Free | Partition Type: FAT32

Computer Name: RECICLARE-PC | User Name: Reciclare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/07 16:54:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reciclare\Downloads\OTL.exe
PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Arquivos de Programas\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/12/19 09:49:22 | 000,179,176 | ---- | M] (Nokia) -- C:\Arquivos de Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/12/19 09:49:16 | 000,127,464 | ---- | M] (Nokia) -- C:\Arquivos de Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/05 12:53:12 | 003,093,624 | ---- | M] () -- C:\Arquivos de Programas\Pando Networks\Media Booster\PMB.exe
PRC - [2012/11/23 00:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/11/02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2012/09/15 17:04:29 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/12 18:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 18:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Security Client\msseces.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe
PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Arquivos de Programas\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/07/20 14:02:32 | 000,151,552 | ---- | M] (A.E.T. Europe B.V.) -- C:\Windows\System32\aetcrss1.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/01/29 20:59:00 | 005,110,304 | ---- | M] (Realtek Semiconductor) -- C:\Arquivos de Programas\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2010/01/18 15:03:20 | 000,572,416 | ---- | M] (Hewlett-Packard Company) -- C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/01/18 15:03:12 | 000,017,920 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/01/12 22:32:22 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Arquivos de Programas\Realtek\Audio\OSD\RtVOsd.exe
PRC - [2009/11/18 00:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Arquivos de Programas\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/06/30 22:23:54 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009/03/28 00:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Arquivos de Programas\LSI SoftModem\agrsmsvc.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/03/02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbguard.exe
PRC - [2007/03/02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbserver.exe
PRC - [2001/04/19 17:00:00 | 000,022,016 | ---- | M] (Inprise Corporation) -- C:\Arquivos de Programas\Borland\InterBase\bin\ibguard.exe
PRC - [2001/04/19 16:59:58 | 001,701,888 | ---- | M] (Inprise Corporation) -- C:\Arquivos de Programas\Borland\InterBase\bin\ibserver.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/06 23:31:54 | 012,459,888 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013/01/26 00:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013/01/26 00:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 00:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 00:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 00:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/09 23:28:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 22:47:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 22:45:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 22:45:13 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 22:44:32 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/09 22:42:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 22:42:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 22:42:11 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/09 22:41:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 22:41:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 22:41:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 22:41:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 22:41:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/05 12:53:12 | 003,093,624 | ---- | M] () -- C:\Arquivos de Programas\Pando Networks\Media Booster\PMB.exe
MOD - [2012/11/17 00:10:26 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/05/28 23:04:58 | 000,140,288 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
MOD - [2010/11/12 22:02:32 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/04 23:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/04 23:53:18 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010/02/22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Arquivos de Programas\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Arquivos de Programas\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Arquivos de Programas\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/02/09 19:58:30 | 000,061,440 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 19:58:28 | 000,131,072 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 19:58:24 | 000,040,960 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 19:58:24 | 000,007,680 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 19:58:22 | 000,036,864 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 19:58:22 | 000,005,632 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 19:58:18 | 000,018,944 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 19:58:14 | 000,028,672 | ---- | M] () -- C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/02/06 15:04:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/15 12:17:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Arquivos de Programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/12 18:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/03/28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/09/22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/18 15:03:12 | 000,017,920 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2009/11/18 00:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Arquivos de Programas\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/28 00:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Arquivos de Programas\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/03/02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007/03/02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Arquivos de Programas\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/04/19 17:00:00 | 000,022,016 | ---- | M] (Inprise Corporation) [Auto | Running] -- C:\Arquivos de Programas\Borland\InterBase\bin\ibguard.exe -- (InterBaseGuardian)
SRV - [2001/04/19 16:59:58 | 001,701,888 | ---- | M] (Inprise Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Borland\InterBase\bin\ibserver.exe -- (InterBaseServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012/11/09 15:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/11/09 15:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/11/02 15:37:10 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/17 13:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/10/15 12:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/30 23:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 12:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/09/08 02:46:56 | 001,117,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2011/02/11 19:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/02 12:14:48 | 000,029,168 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/03/05 17:57:18 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/09/22 23:40:00 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/13 17:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 21:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 20:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 20:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/30 22:24:04 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com.br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\..\SearchScopes,DefaultScope = {85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}
IE - HKCU\..\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{A1376AA6-468F-4666-8172-D9E2D0E55E11}: "URL" = http://websearch.ask...5-29849BA55BD4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "22find"
FF - prefs.js..browser.search.order.1: "22find"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Reciclare\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Reciclare\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 18:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/09/15 14:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/29 21:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 15:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/16 15:15:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 18:01:41 | 000,000,000 | ---D | M]

[2011/08/16 15:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reciclare\AppData\Roaming\mozilla\Extensions
[2013/02/02 03:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reciclare\AppData\Roaming\mozilla\Firefox\Profiles\x78k6p7b.default\extensions
[2013/02/02 03:18:20 | 000,000,000 | ---D | M] (BlockSite Plus) -- C:\Users\Reciclare\AppData\Roaming\mozilla\Firefox\Profiles\x78k6p7b.default\extensions\{6d43fee4-72e7-4290-b75a-b898e4f4676d}
[2013/02/02 02:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/01/19 13:55:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/19 13:55:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/02 02:08:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/02/06 15:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions
[2013/02/06 09:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/06 09:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 09:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012/11/29 21:58:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/01/19 13:55:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/19 13:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/02 02:08:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/02/06 15:05:02 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/02 00:31:07 | 000,000,745 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\22find.xml
[2013/01/08 14:06:34 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2013/01/08 14:06:34 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/10/22 12:19:18 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/01/08 14:06:34 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/01/08 14:06:34 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - homepage: http://www.reciclare...ria.com.br/home
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.reciclare...ria.com.br/home
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Reciclare\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Reciclare\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: SocialBro = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm\0.4.0.14_0\
CHR - Extension: Gmail Off-line = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Box - 5 GB Armazenagem Gr\u00E1tis\n = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: Cron\u00F3metro / Temporizador = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\
CHR - Extension: TweetDeck = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.5.2_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: HootSuite = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Jogo WGT de Golf = C:\Users\Reciclare\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb\32.1.0_0\

O1 HOSTS File: ([2013/02/06 09:18:41 | 000,445,095 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15284 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CertificateRegistration] C:\Windows\System32\aetcrss1.exe (A.E.T. Europe B.V.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Arquivos de Programas\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RtkOSD] C:\Arquivos de Programas\Realtek\Audio\OSD\RtVOsd.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Reciclare\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [HPAdvisorDock] C:\Arquivos de Programas\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [Pando Media Booster] C:\Arquivos de Programas\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Arquivos de Programas\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.182 201.6.2.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E399304-BEDF-4BA6-A78C-59467FD903B8}: DhcpNameServer = 201.6.2.182 201.6.2.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E7999FE-A32C-4F50-B567-CBCF50D60575}: DhcpNameServer = 201.6.2.89 201.6.2.179
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f0839b6-e2cd-11e0-841a-78acc0892bb4}\Shell - "" = AutoRun
O33 - MountPoints2\{2f0839b6-e2cd-11e0-841a-78acc0892bb4}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 15:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/07 15:05:51 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/07 08:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/07 08:06:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/07 08:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/06 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Roaming\Malwarebytes
[2013/02/06 14:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/05 17:12:13 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2013/02/05 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2013/02/05 16:31:38 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Roaming\Nokia Suite
[2013/02/02 02:12:19 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{ED592451-4FD5-4F39-8BC2-218A75D11092}
[2013/02/02 00:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/02/02 00:18:14 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/02/02 00:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/02/02 00:17:14 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\Programs
[2013/02/02 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Roaming\0B1T1L2V1T1J1L
[2013/01/29 13:25:35 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{0583267C-EDB9-4006-9548-E5E6C900279A}
[2013/01/28 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{0308651B-8F39-4BD1-B074-2BD4744DBF19}
[2013/01/24 22:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/24 22:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/23 12:21:18 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\Desktop\101
[2013/01/19 13:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/18 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\Desktop\2013-01 (jan)
[2013/01/18 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{5BB14D6A-31F0-457B-A1F9-17D10F317885}
[2013/01/16 00:50:26 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{7C99646D-6B93-4602-AECC-A239EDE86B0A}
[2013/01/11 00:38:55 | 000,000,000 | ---D | C] -- C:\Users\Reciclare\AppData\Local\{43F6C105-C8D6-4650-99D1-C8A4927F5CD0}
[2013/01/10 14:55:32 | 000,000,000 | ---D | C] -- C:\RECICLARE
[2013/01/10 14:55:20 | 000,000,000 | ---D | C] -- C:\CENTÉSIMO
[2013/01/10 14:29:36 | 000,000,000 | ---D | C] -- C:\Tudo

========== Files - Modified Within 30 Days ==========

[2013/02/07 16:49:04 | 000,025,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 16:49:04 | 000,025,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 16:37:44 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/07 16:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/07 16:37:22 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/07 16:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/07 16:09:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job
[2013/02/07 16:09:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job
[2013/02/07 15:53:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job
[2013/02/07 08:06:29 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/07 07:54:04 | 000,666,942 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/02/07 07:54:04 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/07 07:54:04 | 000,129,172 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/02/07 07:54:04 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/06 23:11:48 | 000,000,512 | ---- | M] () -- C:\Users\Reciclare\Desktop\Dump_Hdd1_DR1.mbr
[2013/02/06 23:11:47 | 000,000,512 | ---- | M] () -- C:\Users\Reciclare\Desktop\Dump_Hdd0_DR0.mbr
[2013/02/06 22:12:26 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job
[2013/02/06 09:18:41 | 000,445,095 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/06 09:13:08 | 000,445,095 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130206-091841.backup
[2013/02/05 17:17:22 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013/02/02 00:18:53 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/02/01 15:49:08 | 000,809,436 | ---- | M] () -- C:\Users\Reciclare\Desktop\Fidelity 2013.pdf
[2013/02/01 15:48:57 | 000,663,858 | ---- | M] () -- C:\Users\Reciclare\Desktop\Fidelity Lider 2013.pdf
[2013/01/31 20:23:38 | 000,920,679 | ---- | M] () -- C:\Users\Reciclare\Desktop\Allis 2013.pdf
[2013/01/31 20:13:56 | 000,920,718 | ---- | M] () -- C:\Users\Reciclare\Desktop\Provider SP 2013.pdf
[2013/01/31 16:02:35 | 000,723,513 | ---- | M] () -- C:\Users\Reciclare\Desktop\Caelum 2013b.pdf
[2013/01/28 17:03:37 | 000,942,250 | ---- | M] () -- C:\Users\Reciclare\Desktop\West Garden 2013.pdf
[2013/01/28 14:25:44 | 001,122,006 | ---- | M] () -- C:\Users\Reciclare\Desktop\ABB 2013.pdf
[2013/01/16 10:47:54 | 000,843,525 | ---- | M] () -- C:\Users\Reciclare\Desktop\Caelum 2013.pdf
[2013/01/13 18:46:30 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/01/09 22:39:28 | 000,506,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/07 08:06:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/06 23:11:19 | 000,000,512 | ---- | C] () -- C:\Users\Reciclare\Desktop\Dump_Hdd1_DR1.mbr
[2013/02/06 23:11:17 | 000,000,512 | ---- | C] () -- C:\Users\Reciclare\Desktop\Dump_Hdd0_DR0.mbr
[2013/02/05 17:17:22 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013/02/02 00:18:54 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/02/02 00:18:53 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/02/01 15:49:06 | 000,809,436 | ---- | C] () -- C:\Users\Reciclare\Desktop\Fidelity 2013.pdf
[2013/02/01 15:48:52 | 000,663,858 | ---- | C] () -- C:\Users\Reciclare\Desktop\Fidelity Lider 2013.pdf
[2013/01/31 20:23:36 | 000,920,679 | ---- | C] () -- C:\Users\Reciclare\Desktop\Allis 2013.pdf
[2013/01/31 20:13:51 | 000,920,718 | ---- | C] () -- C:\Users\Reciclare\Desktop\Provider SP 2013.pdf
[2013/01/31 16:02:33 | 000,723,513 | ---- | C] () -- C:\Users\Reciclare\Desktop\Caelum 2013b.pdf
[2013/01/28 17:03:35 | 000,942,250 | ---- | C] () -- C:\Users\Reciclare\Desktop\West Garden 2013.pdf
[2013/01/28 14:25:38 | 001,122,006 | ---- | C] () -- C:\Users\Reciclare\Desktop\ABB 2013.pdf
[2013/01/16 10:47:51 | 000,843,525 | ---- | C] () -- C:\Users\Reciclare\Desktop\Caelum 2013.pdf
[2013/01/15 11:23:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/13 18:46:30 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/24 23:20:05 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2012/04/18 11:13:06 | 000,060,304 | ---- | C] () -- C:\Users\Reciclare\g2mdlhlpx.exe
[2012/01/18 07:52:16 | 000,007,605 | ---- | C] () -- C:\Users\Reciclare\AppData\Local\Resmon.ResmonCfg
[2012/01/12 12:15:54 | 000,003,584 | ---- | C] () -- C:\Users\Reciclare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/27 15:06:23 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/09/15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/08/09 16:08:09 | 000,004,320 | ---- | C] () -- C:\Users\Reciclare\AppData\Local\Q$_140062.PTB_SoftGridUserSettings_S-1-5-21-2761178708-1980018019-591794831-1000_settings.cp.temp
[2011/08/01 13:29:09 | 000,471,135 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2011/08/01 13:29:09 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/06/01 17:44:19 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/05/17 19:01:51 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/04/19 11:15:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/08 10:08:55 | 000,001,849 | ---- | C] () -- C:\Users\Reciclare\AppData\Roaming\GhostObjGAFix.xml
[2011/03/11 16:10:47 | 000,118,784 | ---- | C] () -- C:\Windows\System32\dbexpint.dll
[2011/03/03 16:48:41 | 000,031,988 | ---- | C] () -- C:\Users\Reciclare\AppData\Roaming\Valores Separados por Vírgulas (Windows).ADR
[2011/02/22 17:50:36 | 000,166,637 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011/02/21 13:43:03 | 000,038,371 | ---- | C] () -- C:\Users\Reciclare\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 19:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== ZeroAccess Check ==========

[2005/02/11 09:09:58 | 000,063,918 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Core.u
[2005/02/11 09:10:14 | 000,514,147 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Editor.u
[2005/02/11 09:10:10 | 002,306,560 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Engine.u
[2007/01/19 11:24:04 | 000,011,144 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\ExampleVehicles.u
[2005/02/11 09:10:10 | 000,015,443 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Fire.u
[2005/02/11 09:10:18 | 000,203,444 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Gameplay.u
[2005/02/11 09:10:24 | 000,323,680 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\GUI.u
[2005/02/11 09:10:16 | 000,074,098 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\IpDrv.u
[2005/02/16 08:08:20 | 000,144,314 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\RTInterface.u
[2005/02/11 09:10:24 | 000,015,367 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Runtime.u
[2009/05/05 12:33:30 | 000,042,510 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\RVBase.u
[2009/05/05 12:33:32 | 000,027,589 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\RVInterface.u
[2005/02/11 09:10:14 | 000,012,087 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\UnrealEd.u
[2005/02/11 09:10:16 | 000,028,102 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\UWeb.u
[2007/01/19 11:24:04 | 000,039,166 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2761178708-1980018019-591794831-1000\$R2IZ6N0\Centesimo\Portifólio Centésimo\simulador\System\Vehicles.u
[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/05 16:40:11 | 000,000,000 | -HSD | M] -- C:\Users\Reciclare\AppData\Roaming\.#
[2013/02/02 00:07:15 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\0B1T1L2V1T1J1L
[2011/05/20 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\CTdeveloping
[2012/08/18 21:41:40 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Dropbox
[2011/02/18 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\EssentialPIM
[2013/01/03 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\MediaMonkey
[2012/05/22 18:41:44 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\MusicBrainz
[2011/03/18 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Neoretix
[2013/02/05 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Nokia
[2013/02/05 16:31:38 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Nokia Suite
[2012/08/27 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Octoshape
[2011/03/15 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\OpenOffice.org
[2012/01/12 11:59:34 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\PC Suite
[2011/08/18 12:56:58 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\SoftGrid Client
[2011/04/18 12:39:30 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\TeamViewer
[2012/04/13 16:26:31 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Thinstall
[2011/08/16 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Thunderbird
[2011/06/01 15:10:19 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\TP
[2012/06/27 15:42:19 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Unity
[2013/02/05 09:42:47 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\uTorrent
[2012/08/09 14:02:49 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\webex
[2012/04/04 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\Windows Live Writer
[2011/09/16 13:41:28 | 000,000,000 | ---D | M] -- C:\Users\Reciclare\AppData\Roaming\XNote Stopwatch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2013/02/06 23:19:38 | 000,001,086 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/02/06 23:20:34 | 000,001,078 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2013/02/06 14:10:08 | 000,001,735 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/02/06 23:21:33 | 000,001,139 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/02/07 08:02:29 | 000,001,203 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2013/02/07 15:22:02 | 000,001,263 | ---- | M] () -- C:\AdwCleaner[S4].txt
[2009/06/10 19:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 23:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/06/10 19:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/02/07 16:37:22 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 17:50:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/17 17:50:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/02/07 16:37:23 | 2075,041,792 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.* /s >

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/12/15 01:09:41 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/12/15 01:10:05 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_point32_01011.Wdf

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 19:31:19 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.com >
[2009/07/14 02:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 02:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 02:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 02:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\*.scr >
[2012/10/30 20:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/08 19:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %PROGRAMFILES%\*.* >
[2009/07/14 02:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %LOCALAPPDATA%\*.exe >

< %LOCALAPPDATA%\*.txt >

< %LOCALAPPDATA%\*.ini >
[2012/01/12 12:15:54 | 000,003,584 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %LOCALAPPDATA%\*.dll >

< %LOCALAPPDATA%\*.dat >
[2012/11/14 16:30:32 | 000,145,264 | ---- | M] () -- C:\Users\Reciclare\AppData\Local\GDIPFONTCACHEV1.DAT

< %USERPROFILE%\*.exe >
[2012/04/18 11:13:09 | 000,060,304 | ---- | M] () -- C:\Users\Reciclare\g2mdlhlpx.exe

< %USERPROFILE%\*.txt >

< %USERPROFILE%\*.ini >
[2011/02/18 14:17:34 | 000,000,020 | -HS- | M] () -- C:\Users\Reciclare\ntuser.ini

< %USERPROFILE%\*.dll >

< %USERPROFILE%\*.dat /30 >
[2013/02/07 17:13:11 | 011,272,192 | -HS- | M] () -- C:\Users\Reciclare\ntuser.dat

< %appdata%\*.* >
[2011/09/16 11:53:51 | 000,001,849 | ---- | M] () -- C:\Users\Reciclare\AppData\Roaming\GhostObjGAFix.xml
[2011/09/27 15:10:50 | 000,038,371 | ---- | M] () -- C:\Users\Reciclare\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/04/03 15:28:58 | 000,031,988 | ---- | M] () -- C:\Users\Reciclare\AppData\Roaming\Valores Separados por Vírgulas (Windows).ADR

< %windir%\tasks\*.* /s >
[2013/02/07 16:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/06 22:12:26 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job
[2013/02/07 15:53:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job
[2013/02/07 16:09:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core.job
[2013/02/07 17:09:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA.job
[2013/02/07 16:37:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/12/31 08:05:11 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\tasks\*.* >
[2013/01/15 12:17:50 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2013/02/06 22:34:04 | 000,004,182 | ---- | M] () -- C:\Windows\system32\tasks\avast! Emergency Update
[2012/09/08 19:48:32 | 000,003,560 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core
[2012/09/08 19:48:33 | 000,003,928 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA
[2012/09/15 17:04:45 | 000,003,680 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000Core
[2012/09/15 17:04:46 | 000,004,076 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2761178708-1980018019-591794831-1000UA
[2011/07/18 14:59:46 | 000,003,040 | ---- | M] () -- C:\Windows\system32\tasks\Microsoft_Hardware_Launch_IPoint_exe
[2012/11/02 23:41:50 | 000,003,142 | ---- | M] () -- C:\Windows\system32\tasks\MirageAgent
[2011/04/20 11:43:00 | 000,003,960 | ---- | M] () -- C:\Windows\system32\tasks\RecoveryCDWin7
[2011/03/14 15:00:31 | 000,002,866 | ---- | M] () -- C:\Windows\system32\tasks\{1D35374A-611E-4A93-9F3F-B27121BF1796}
[2011/04/18 12:40:18 | 000,003,152 | ---- | M] () -- C:\Windows\system32\tasks\{6B4330E9-0620-4764-AF4E-15077E1F9F7E}
[2011/03/11 14:37:00 | 000,002,968 | ---- | M] () -- C:\Windows\system32\tasks\{9CC9E54C-10A3-4B12-9F53-E63B3AC09047}

< %PROGRAMFILES%\Internet Explorer\*.* >
[2011/03/15 14:59:18 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2011/03/15 14:59:18 | 000,002,535 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc
[2011/03/15 14:59:18 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iecleanup.exe
[2011/03/15 14:59:18 | 000,307,200 | ---- | M] () -- C:\Program Files\Internet Explorer\iediagcmd.exe
[2012/11/14 00:01:45 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2011/03/15 14:59:17 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe
[2011/03/15 14:59:17 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
[2012/11/13 23:52:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2012/11/13 23:51:48 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
[2010/11/05 00:20:53 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb
[2009/07/13 23:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll
[2012/11/16 14:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/11/14 00:00:20 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2011/03/15 14:59:15 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2011/03/15 14:59:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2011/03/15 14:59:18 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2009/06/10 19:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll
[2011/03/15 14:59:17 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll
[2009/06/10 19:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2012/11/16 14:33:24 | 000,149,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >
"DefaultScope" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}]

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >
"DefaultScope" = {85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}
"DownloadRetries" = 0
"Version" = 3
"UpgradeTime" = 41 A4 00 0B F8 E3 CB 01 [binary data]
"ShowSearchSuggestionsInAddressGlobal" = 1
"DoNotAskAgain" = 22find.comgoogle.com [binary data]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{50C66BD2-77A6-4A03-B0B3-8CC24BEC80E3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85F25619-22A2-4E6E-A9DF-2ACA7E2821B4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A1376AA6-468F-4666-8172-D9E2D0E55E11}]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 35 0F 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 DB D3 3D A5 62 05 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A B8 18 65 2F 74 3F 57 FF F1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 76 29 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 DB D3 3D A5 62 05 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A B8 18 65 2F 74 3F 57 FF F1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"Conexão de Banda Larga" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >
"SynTPEnh" = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -- [2011/10/14 05:36:24 | 002,299,176 | ---- | M] (Synaptics Incorporated)
"RTHDVCPL" = C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s -- [2010/01/29 20:59:00 | 005,110,304 | ---- | M] (Realtek Semiconductor)
"RtkOSD" = C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe -- [2010/01/12 22:32:22 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.)
"HP Quick Launch" = C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe -- [2010/01/18 15:03:20 | 000,572,416 | ---- | M] (Hewlett-Packard Company)
"Adobe ARM" = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [2012/12/03 05:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [2012/12/19 12:39:05 | 000,041,208 | ---- | M] (Adobe Systems Incorporated)
"WirelessAssistant" = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -- [2009/07/23 12:04:42 | 000,498,744 | ---- | M] (Hewlett-Packard)
"CertificateRegistration" = aetcrss1.exe -- [2010/07/20 14:02:32 | 000,151,552 | ---- | M] (A.E.T. Europe B.V.)
"IgfxTray" = C:\Windows\system32\igfxtray.exe -- [2011/02/11 20:26:32 | 000,137,752 | ---- | M] (Intel Corporation)
"HotKeysCmds" = C:\Windows\system32\hkcmd.exe -- [2011/02/11 20:26:26 | 000,171,032 | ---- | M] (Intel Corporation)
"Persistence" = C:\Windows\system32\igfxpers.exe -- [2011/02/11 20:26:30 | 000,172,568 | ---- | M] (Intel Corporation)
"GrooveMonitor" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" -- [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation)
"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software)
"HP Software Update" = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe -- [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard)
"VX1000" = C:\Windows\vVX1000.exe -- [2009/06/30 22:23:54 | 000,762,208 | ---- | M] (Microsoft Corporation)
"NSU_agent" = "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" -- [2012/02/28 16:53:48 | 000,190,768 | ---- | M] ()
"MSC" = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -- [2012/09/12 18:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation)
"SunJavaUpdateSched" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -- [2012/09/17 13:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.)
"IntelliType Pro" = "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" -- [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation)
"IntelliPoint" = "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" -- [2012/11/02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation)
"SDTray" = "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" -- [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >

< HKCU\Software\Microsoft\Internet Explorer\Downloads >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< MD5 for: 22FIND.LNK >
[2013/02/02 00:31:09 | 000,002,297 | ---- | M] () MD5=1E4DCBECE7EED56146FEFFF88B5E62FF -- C:\Users\Reciclare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk

< MD5 for: 22FIND.XML >
[2013/02/02 00:31:07 | 000,000,745 | ---- | M] () MD5=41D592560A6AB61210F0B0511031D9F1 -- C:\Program Files\Mozilla Firefox\searchplugins\22find.xml
[2013/02/02 00:31:07 | 000,000,745 | ---- | M] () MD5=41D592560A6AB61210F0B0511031D9F1 -- C:\Program Files\Mozilla Firefox\updated\searchplugins\22find.xml

< MD5 for: 22FIND[1].COM >
[2013/02/06 23:37:06 | 000,000,085 | ---- | M] () MD5=E41D01C2A279F73C442EE91025CBAD07 -- C:\Users\Reciclare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q6O4I9Q\22find[1].com

< MD5 for: 22FIND_COM[1].HTM >
[2013/02/06 13:33:03 | 000,036,712 | ---- | M] () MD5=87D10C6B56D02A6397C8A24DE3ACE7DC -- C:\Users\Reciclare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q6O4I9Q\22find_com[1].htm
[2013/02/06 14:00:36 | 000,036,712 | ---- | M] () MD5=87D10C6B56D02A6397C8A24DE3ACE7DC -- C:\Users\Reciclare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\443WII0W\22find_com[1].htm

< MD5 for: SERVICES >
[2011/03/11 16:11:03 | 000,017,508 | ---- | M] () MD5=3AB9C804748FE6F4B9332C892EE43E1B -- C:\Windows\System32\drivers\etc\services
[2011/04/15 16:27:14 | 000,000,059 | ---- | M] () MD5=4464581BE20A7D0DE975855A3299C0CD -- C:\Windows\services
[2009/06/10 19:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.DAT >
[2013/02/02 22:47:04 | 000,001,508 | ---- | M] () MD5=687B06F8F906AE9FC4D92F16F19356C0 -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/05/21 15:12:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui
[2010/05/21 15:12:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui

< MD5 for: SERVICES.ISC >
[2009/06/10 19:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services.isc

< MD5 for: SERVICES.LNK >
[2009/07/14 02:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 02:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 02:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2011/08/01 13:39:08 | 000,063,207 | ---- | M] () MD5=E3EA0CDC5B5CA7B421BD775AAD60F9DA -- C:\ProgramData\HP\Installer\Temp\services.log
[2011/08/01 13:39:08 | 000,063,207 | ---- | M] () MD5=E3EA0CDC5B5CA7B421BD775AAD60F9DA -- C:\Users\All Users\HP\Installer\Temp\services.log
[2011/08/01 13:39:08 | 000,063,207 | ---- | M] () MD5=E3EA0CDC5B5CA7B421BD775AAD60F9DA -- C:\Users\Todos os Usuários\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >
[2009/06/10 19:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 19:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/06/10 19:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 19:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/05/21 15:12:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2010/05/21 15:12:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 18:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 18:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs

< End of report >

OTL Extras logfile created on: 07/02/2013 16:56:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reciclare\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,30 Gb Available Physical Memory | 15,51% Memory free
3,87 Gb Paging File | 1,47 Gb Available in Paging File | 38,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,35 Gb Total Space | 158,20 Gb Free Space | 55,06% Space Free | Partition Type: NTFS
Drive D: | 10,45 Gb Total Space | 1,77 Gb Free Space | 16,93% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 95,22 Mb Free Space | 95,85% Space Free | Partition Type: FAT32
Drive H: | 3,84 Gb Total Space | 0,00 Gb Free Space | 0,13% Space Free | Partition Type: FAT32

Computer Name: RECICLARE-PC | User Name: Reciclare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28D26C38-FBC8-4A40-8355-CAEC68EA3DE0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{327936E8-C549-4B65-97D5-C9EE58DEA002}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{362E3E50-0DC2-4BFE-AA4E-8CEF5E6AB828}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{406F82CC-DFAB-48F9-A639-8D5072B5094E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{48C22BC4-4C03-47D2-97FB-8F2A2B05200E}" = rport=139 | protocol=6 | dir=out | app=system |
"{4D10409A-227F-44AB-B0DB-E33A9F68AA83}" = rport=445 | protocol=6 | dir=out | app=system |
"{5EDD5037-BD59-468E-BD9D-C37857446972}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{64FFC6E1-7739-4A24-B8B1-116DD2C9163D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75328F97-26D2-402C-AC11-77357FD56C52}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E46718E-8CD8-402E-8112-1080844CFBBD}" = lport=137 | protocol=17 | dir=in | app=system |
"{88FD1011-379B-40B4-BEF0-64559B8E4414}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89FE4A72-29D5-4B4F-AF00-FCB1953B394E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91F271C4-2A7E-4040-8ECA-4A5BC76C9E1D}" = lport=139 | protocol=6 | dir=in | app=system |
"{94635A09-5732-4295-BA1F-90968A94BB4D}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D3CB37E-0147-4DA3-987C-ED65FC11A43A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B05EBC-E3A5-42C0-8D40-590BFCA24DDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0E0BC3C-267D-4A30-8329-653DD5711DF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BF21A774-509C-4C37-9EC6-AE925E37C607}" = rport=137 | protocol=17 | dir=out | app=system |
"{C44721DB-30F1-49CE-86F0-F1FA9D425051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA05343E-0435-4EE1-B91A-E142B0EF61B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB12DEB7-AA9A-4AE9-B23B-C0D0A8411B52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6C39787-B6F8-4D6E-9556-FE1313C46909}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DAAE9ACE-2AC1-4E80-8CD7-FF60A2A46388}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4E43D24-FC6E-4D18-8A23-9C5307EF1767}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E936E19E-E6D3-429C-92FB-F2C724B3C090}" = lport=445 | protocol=6 | dir=in | app=system |
"{F3511814-6281-48FD-BE1C-63385634338A}" = rport=138 | protocol=17 | dir=out | app=system |
"{FDDCFCE1-97CE-4D04-BD25-4CDEDA44D0E0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E8FB4-B01B-4C09-91CC-506F03293DBF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0707ECD4-4787-41A2-89FD-9DCD4D6BE6FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{100FAEE9-4924-4E70-8CE1-9DFE3C03A32F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3279AA80-A329-4CE2-82B4-F7872971A6F0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3725C24A-C657-449F-8C28-BA539ABBAAB9}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{38FB998A-C6B2-4788-8CEC-C1DFB5D3D6EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{3C935127-ED4B-4FE6-9EDC-21CA6CE5ABA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{3CA76DC9-9EDD-45A8-9F28-EE059B2D1103}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3CB262CD-92F3-43EF-8429-6A86F9B1ACFC}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{47235843-4203-4D8E-8F6D-28918318AEFF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{511FE878-FE78-467F-B29B-3A96D124DAEA}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{5C0BD64D-9B02-44AE-A8CF-909805D42C43}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5CAB2D4B-93F1-4346-9DED-EAA085147DDF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{65FB0E1F-E222-4F30-A881-4006C7AA7536}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C842BEB-4C60-4A6A-994B-94AAB19D8DBB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6E124BA5-0630-4299-9FDE-44DD100744BD}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{74EA954C-58AB-43FB-ABDF-9F1F09EA4567}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{77C972C1-A815-4381-9941-AF99566C0FA7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7A54764B-7DEE-4BBC-B425-D2191CFDCCE5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7D7C051F-2E22-40AE-BC69-E8C00835A485}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DDA47C6-1A38-4E38-9007-4855B745F9F2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{7E660637-D469-436E-9083-E27D16F0C106}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{89D049E1-A300-4172-86C2-107E154271F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A4B2723-6BD3-4B3C-9DC6-4263D789C55D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93036786-DEB1-478E-BB81-E3FFA85F221A}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{9BC1C1B4-D58B-468D-84FF-CE939FB8A958}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9D554B75-E900-4310-B87E-12F2AA0DADD2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{A062DF0A-FCD0-4699-8B49-632BD3356579}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{A61602A4-8D83-4DF2-BA49-A092C0FBC943}" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\roaming\dropbox\bin\dropbox.exe |
"{A9E1F5C2-7AFD-40FC-943C-EB574CE1ABFB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AAF4086E-5D51-4D3C-9F6F-1975ADB84283}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD1748BC-0FA8-4562-865B-6F23C4E110C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{B14E52E2-CE79-4627-A0AD-83527CD3EB81}" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\roaming\dropbox\bin\dropbox.exe |
"{B1E967DA-6B2C-4FDC-9825-E180B218D3D2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B5F2D805-8675-4692-BF28-B6ACED030DE1}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{BBB73017-B51A-4584-B1CC-41C536065B25}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{C0DCB899-A807-468B-A12E-175BF4E13795}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C805420C-DE09-4AF6-BDF2-A7C361B1A65F}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{CEA0551D-ACB4-4EA4-B19E-D4CC3153F9B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D3A8B220-BD55-4087-958A-C63C3A10F3FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{DF0449B2-7830-428A-861A-5E5690BBE0EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{E09D364C-63F7-4D7D-9BFB-AC4830D686BB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E1A0315F-EED9-4440-994D-A210F51303BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E2F00B92-C04F-4AA6-BF84-E89D37BC0707}" = dir=in | app=c:\users\reciclare\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E3DF903F-B981-49E9-A40D-241BE7E8054D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E6588EA0-B1C0-40D4-8D7F-49539B12599F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EB1BCC96-0EDC-4FE0-BC10-FF9F4764C3AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{EF93B657-3843-4F89-87FC-858427A2CF96}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1A363C2-EB19-4C65-9A05-454E471C6CC4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F454A243-96A3-499F-BB3A-37A3185D933A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FA88E264-F407-479F-8F28-9968D9EDBFAB}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{FB82C7BD-F2B7-4EAA-8753-52221AE87E68}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{05A7C890-3BF0-4FED-AF6B-3D4F1010BBB6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{260F129D-843A-4895-9FF6-DADE9019A2DA}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{2B872D05-8394-428E-8025-8A509D58DAA7}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{30BDBA25-B9CA-4231-86D4-CD7DDC9EAB92}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{3CB16BF4-DFFB-4696-A93C-D932E7BD5F28}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5EBD8007-BBC9-4ED4-9FA4-3F61E970DC4D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{62FB1711-AB6B-4BCA-AE62-08ECB4B3D78A}C:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{6D893407-1571-4161-8E72-02C7A9420409}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{ABD7526B-1CAA-4B65-9814-60D6C44D10C2}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B30AF153-2521-456D-8DE9-F9CD213BA7FE}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B5286CB7-A151-4A27-B4A9-19762CFB0529}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"TCP Query User{DCA6E261-CE08-43A8-AB70-60BC8E8C9D95}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DE841C01-917A-44EA-B893-8E5415641141}F:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |
"TCP Query User{E979B03C-BBBF-4293-AA34-1BEFCAE9A722}F:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |
"UDP Query User{029F6430-EACF-4D23-B65F-4005A9A09075}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{040FA116-D02A-4573-A075-4E3A96BE7094}F:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |
"UDP Query User{2262F6EA-2455-448D-B0DC-FDED347BE549}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{237D30F8-96F9-4EBF-8D5B-86D409392EC6}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{3664EAF4-3056-4E04-B2AC-3D5542B6DC6C}F:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=f:\easysetupassistant\easysetupassistant.exe |
"UDP Query User{3FABCFAF-52C5-45C2-90E9-C5EA450C76F0}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{492B5E47-9C02-490B-BCD4-D53A525D59EA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6D7E6119-783D-409E-BE60-42E90146A114}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{8FEDC893-003C-4584-8F8B-FBD556717B3A}C:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{976183F7-3B5C-4D83-A242-703081B0A463}C:\users\reciclare\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\reciclare\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{B740D595-12B1-40EC-A7C6-15D9812FD239}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C04999F7-0C9A-425B-836F-256F10C77007}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{DDC508BB-053F-41C1-B034-DB19FBDAC398}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{FCBDAD1E-2AD9-4474-9EA3-B3C6A96796D5}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15B43B38-838A-4391-BFCA-4812A8F9C0CB}_is1" = Colgate Server versão 1.0
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{17D95DC6-0FF1-40CF-9C09-B7C8B314D45B}" = PDF Text Reader
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java™ 6 Update 39
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5C0F5746-65D7-4C6A-B371-F84E3CE33F19}_is1" = Tomatoon on The Roads versão 1.4
"{5C3E37A9-B7A7-4CDD-8A87-EB6701AFD571}" = HP User Guides 0179
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6347401C-C260-4B30-9816-8F5A1419CC49}" = SafeSign
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84374A47-1DF5-4013-90D4-1288819869B1}" = Central de Mouse e Teclado da Microsoft
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAA4C7D4-9EB0-41EC-A3C9-63C120C43508}_is1" = TubeHunter Ultra 4.31
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB714421-5538-49D2-B29D-991DAEA3CDDC}_is1" = Pisando no Tomatoon versão 1.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Backup das pastas particulares do Microsoft Outlook
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E29D8938-2E48-498C-832D-9663DCABD55F}" = Visual Basic for Applications ® Core - Portuguese (Brazil)
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F50E691C-FAA1-45E3-A04C-DC3604D496CE}" = HP Quick Launch
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Pacote de Driver do Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArtCRM_is1" = ArtCRM 4.3
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 4.1)
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EssentialPIM" = EssentialPIM
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.3)
"FBDBServer_2_0_is1" = Firebird 2.0.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterBase" = InterBase
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft Mouse and Keyboard Center" = Central de Mouse e Teclado da Microsoft
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 18.0.2 (x86 pt-BR)" = Mozilla Firefox 18.0.2 (x86 pt-BR)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Shop for HP Supplies" = Shop for HP Supplies
"Star Trek Online" = Star Trek Online
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XNote Stopwatch" = XNote Stopwatch

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Emissor de Nota Fiscal Eletrônica (NF-e) 2.0" = Emissor de Nota Fiscal Eletrônica (NF-e) 2.0
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Spybot - Search & Destroy Packages" = Spybot - Search & Destroy Packages
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 13:18:53 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

Error - 07/02/2013 14:38:25 | Computer Name = Reciclare-PC | Source = aetsprov | ID = 0
Description =

[ Hewlett-Packard Events ]
Error - 31/01/2013 08:54:26 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:26 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:27 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:28 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:28 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:54:30 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 31/01/2013 08:55:28 | Computer Name = Reciclare-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Referência de objeto não definida para uma instância de
um objeto. StackTrace: em HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: pt-BR RAM:
1978 Ram Utilization: 70 TargetSite: Void loadActiveCheckResult(Boolean)

[ OSession Events ]
Error - 14/09/2011 11:08:04 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 156
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/05/2012 15:52:42 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8031
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 31/05/2012 08:49:10 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 278
seconds with 60 seconds of active time. This session ended with a crash.

Error - 13/06/2012 08:18:43 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 89
seconds with 60 seconds of active time. This session ended with a crash.

Error - 19/06/2012 14:31:28 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5654
seconds with 900 seconds of active time. This session ended with a crash.

Error - 26/06/2012 14:41:53 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15145
seconds with 660 seconds of active time. This session ended with a crash.

Error - 25/07/2012 07:45:07 | Computer Name = Reciclare-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/02/2013 14:38:21 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço MBAMScheduler.

Error - 07/02/2013 14:38:21 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço MBAMScheduler devido ao seguinte
erro: %%1053

Error - 07/02/2013 14:38:22 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7011
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta
de uma transação do serviço HPWMISVC.

Error - 07/02/2013 14:38:52 | Computer Name = Reciclare-PC | Source = Service Control Manager | ID = 7011
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta
de uma transação do serviço HPWMISVC.


< End of report >

#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.870 posts
EES,

Foi detectado uma possível infecção por Rootkit.

Estou repassando seu problema para um especialista. Ele fará a análise e, caso seja confirmado, indicará os procedimentos a serem adotados.
Peço que aguarde para darmos andamento ao tópico.

#11
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
ok, tks!

#12
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.327 posts
Olá EES! Por favor, siga estas instruções:

1 - Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

%appdata%\.#\*.
%appdata%\.#\*.*


Execute o OTL.exe.

Clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha Colar

Feche TODAS as janelas (exceto o próprio OTL).
Onde diz Saída, marque a opção Padrão

Clique no botão Imagem Postada e em seguida clique no botão Imagem Postada

Quando terminar, um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na mesma pasta onde está o OTL.exe, ou seja, na sua área de trabalho, com o nome OTL.txt

2 - Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além da checkbox Internet Services que já vem marcada por padrão, marque as seguintes checkboxes:
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

3 - Baixe RogueKiller e salve no desktop.

Dê um duplo-clique sobre o RogueKiller.exe.

Clique no botâo Verificar. Aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os ítens antes de fazer isso.
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#13
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
Sam, obrigado pela ajuda. Seguem logs:


OTL logfile created on: 08/02/2013 12:09:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reciclare\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 48,97% Memory free
3,87 Gb Paging File | 2,07 Gb Available in Paging File | 53,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,35 Gb Total Space | 159,02 Gb Free Space | 55,34% Space Free | Partition Type: NTFS
Drive D: | 10,45 Gb Total Space | 1,77 Gb Free Space | 16,93% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 95,22 Mb Free Space | 95,85% Space Free | Partition Type: FAT32
Drive H: | 3,84 Gb Total Space | 0,00 Gb Free Space | 0,13% Space Free | Partition Type: FAT32

Computer Name: RECICLARE-PC | User Name: Reciclare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %appdata%\.#\*. >

< %appdata%\.#\*.* >

< End of report >





Farbar Service Scanner Version: 30-01-2013
Ran by Reciclare (administrator) on 08-02-2013 at 12:12:08
Running from "C:\Users\Reciclare\Downloads"
Windows 7 Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




RogueKiller V8.4.4 [Feb 5 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Site : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : Reciclare [Privilegios de Admnistrador]
Modo : Verificar -- Data : 02/08/2013 12:16:17
| ARK || MBR |

¤¤¤ Entradas ruins : 2 ¤¤¤
[SUSP PATH] GoogleCrashHandler.exe -- C:\Users\Reciclare\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> FINALIZADO [TermProc]
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> FINALIZADO [TermProc]

¤¤¤ Entradas do Registro : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO
[HJ] HKLM\[...]\System : EnableLUA (0) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI +++++
--- User ---
[MBR] 20d7eabc04e90f6d3ac819e8d9ed1576
[BSP] f02daf6b01080651ada0bceee89c8f28 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 294245 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603023360 | Size: 10696 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 3f1bc15b73f40e3af8c8b29bc03bca3f
[BSP] c79bdcb1f4cea35f19f31f7b1f02b3cd : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Concluido : << RKreport[1]_S_02082013_02d1216.txt >>
RKreport[1]_S_02082013_02d1216.txt

ah, em tempo: agora o Firefox está reagindo de forma estranha, ficou lento, e alguns jogos que eu jogava no facebook não estão rodando........só por garantia, não estou usando o firefox tb!

#14
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.327 posts
Em qualquer pasta, clique em Organizar, depois > Opções de Pasta e Pesquisa.
Clique na aba Modo de Exibição.
Role a tela até encontrar e desmarque:

Ocultar as extensões dos tipos de arquivo conhecidos
Ocultar arquivos protegidos do sistema operacional

Marque:

Mostrar pastas e arquivos ocultos

Tecle Windows+R e na caixa Executar, digite (ou copie e cole):

%appdata%

Dê o OK. Na pasta que abrirá, veja se consegue localizar uma pasta com estes caracteres ou semelhantes: .#

Entre nela e veja que arquivos estão lá. Se puder pegue uma screen e coloque aqui na próxima resposta.

Baixe Imagem Postada e salve no desktop.

Dê um duplo clique para executar o SecurityCheck by screen317.

Na janela que abrirá pressione qualquer tecla para continuar. Aguarde enquanto a ferramenta faz o exame.

Ao final, abrirá um log, o checkup.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#15
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
Sam, me perdoe pela falta de conhecimento, mas não entendi o que fazer em organizar qquer pasta....

Em qualquer pasta, clique em Organizar, depois > Opções de Pasta e Pesquisa.
Clique na aba Modo de Exibição.
Role a tela até encontrar e desmarque:

Desculpe em te amolar com isso, mas realmente não entendi!

#16
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.327 posts

Desculpe em te amolar com isso, mas realmente não entendi!

Sem problema.

Abra qualquer pasta, e verá o menu Organizar:

Imagem Postada

Clique na seta que expandirá as opções.
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#17
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
Realmente me desculpe. Quando me liguei o que era, quase bati a cabeça na parede....risos.....efeito do carnaval q não pulo.....

A pasta .# está vazia. Fiz o procedimento (não consegui colar o screen, sorry), mas está vazia.


Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware versão 1.70.0.1100
Java™ 6 Update 39
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
Mozilla Thunderbird (6.0). Thunderbird out of Date!
Google Chrome 24.0.1312.57
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#18
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.327 posts
Delete a pasta .#. Você desativou o UAC (Controle da Conta de Usuário)?
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#19
EES

EES

    Novato

  • Novato
  • Pip
  • 30 posts
Pasta Deletada! Qto ao UAC, sinceramente não me lembro se tinha desativado ou não.

de qquer maneira, deixei ativado pra avisar sempre!

#20
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.327 posts
Ok, a pasta não teve ligação com um rootkit. Vou retornar o tópico ao CarlosTurco para prosseguir na remoção das outras infecções. :legal:

Abraço.
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!