Jump to content



Foto

não consigo excluir o MyStart do meu computador



Existem 7 respostas neste tópico

#1 kimdeal2000    

kimdeal2000
  • Participante
  • 4 mensagens

Publicado 29 September 2011 - 04:45 PM

bom galera, to com um problema muito chato aqui, que já quebrei muito a cabeça tentando resolver mas até agora não consegui...

Não sei como (minha irmã também usa o mesmo computador que eu) foi instalado no meu computador um tal de INCREDIMAIL (um programa de email), e junto à instalação deste programa veio um tal de MyStart como padrão de busca.

Eu consegui desinstalar o Incredimail no Painel de Controle, porém o My Start, não aparece entre os programas do computador, portanto não consigo apagá-lo.

O problema é que esse My Start virou o Programa de Buscas oficial do meu computador, antes tudo que eu queria pesquisar automaticamente dirigia pro Google, agora vai tudo para esse My Start, que é o pior programa de buscas que já vi na minha vida....

eu uso o mozilla firefox como navegador, e ele default tem uma super vantagem de ao digitar somente o nome do site no browser, ele ir direto para o site, ou se não identificar o site, pesquisa pelo google..
perdi essa vantagem pois agora vai tudo para o My Start, que é simplesmente horrível!!!

agora toda vez que eu digito alguma coisa no browser, que não seja um endereço completo, ele faz uma busca no MyStart (chatíssimo)

como eu poderia eliminar de vez isso? Será que é impossível tirar esse MyStart? Não consigo acreditar nisso! Estou arrasada... Procuro informações pelas páginas da web e nao consigo nenhuma informação...

como faço para o mozilla voltar ao seu padrão!?

alguém pode me ajudar?

POR FAVOR!! Estou desesperada!!!

agradeço desde já a atenção, desejo a todos tudo de bom...

KimDeal


#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65377 mensagens

Publicado 29 September 2011 - 05:16 PM

Para podermos ajudá-lo, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame,
aqui mesmo neste Tópico, clicando no BOTÃO RESPONDER e aguarde novas instruções.


MillionMPV.gif

#3 kimdeal2000    

kimdeal2000
  • Participante
  • 4 mensagens

Publicado 29 September 2011 - 06:48 PM

Olá Amigo! Muito Obrigada pela orientação! Li o tópico completamente e efetuei todos os passos. Estou enviando meu Log em anexo, que ficou em formato de Bloco de Anotações, não sei porquê.
Gostaria de saber uma coisa: enquanto o log não é analisado por alguém competente, o que faço com o HiJack aberto com os resultados do scan? Não achei isso nas orientações... Deixo ele aberto no meu PC? Me perdoe, sou mto leiga...

Muito Obrigada mesmo por sua ajuda, vcs são incríveis! Um abraço

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:08, on 29/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\windows\Explorer.EXE
C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe
C:\windows\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/...S01?FORM=TOOLBR
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Updater] "C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210002061175
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: Gerenciador do Google Desktop 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9fccd75c592ec) (gupdate1c9fccd75c592ec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--
End of file - 11319 bytes

#4 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65377 mensagens

Publicado 29 September 2011 - 07:42 PM

Pode fechar o HijackThis..

Continuando a verificação..

Baixe OTL by OldTimer, e salve na sua Área de Trabalho.

Feche todas as janelas e execute a Ferramenta.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Posted Image.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

    Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

    CREATERESTOREPOINT
    netsvcs
    msconfig
    safebootminimal
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.* /s
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    %userprofile%\configurações locais\dados de aplicativos\*.exe
    %userprofile%\configurações locais\dados de aplicativos\*.txt
    %userprofile%\configurações locais\dados de aplicativos\*.ini
    %userprofile%\configurações locais\dados de aplicativos\*.dat /30
    %userprofile%\configurações locais\dados de aplicativos\*.dll
    %userprofile%\*.exe
    %userprofile%\.txt
    %userprofile%\.ini
    %userprofile%\.dat /30
    %userprofile%\.dll
    %windir%\tasks\*.* /s
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.com
    %systemroot%\*.scr
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments


    Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

    Clique no botão Verificar

    Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a ) a fazer isso.

    O exame demora um pouco, tenha paciência.

    Quando terminar, dois Blocos de notas serão exibidos: OTL.txt e Extras.txt
    Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

    Copie todo o conteúdo do OTL.txt e cole na sua próxima resposta.

MillionMPV.gif

#5 kimdeal2000    

kimdeal2000
  • Participante
  • 4 mensagens

Publicado 30 September 2011 - 04:32 PM

Olá!
Desculpe em responder, é que fui trabalhar e só pude fazer agora... =)
Muito obrigada mesmo pela sua boa vontade, não tenho palavras para agradecer, é incrível como alguém que nem conhece o outro pode se colocar para ajudar simplesmente pelo fato de estar fazendo o bem ao próximo... Se no mundo mais pessoas fossem assim, com certeza estaríamos todos melhores...
Como você me orientou, estou colando abaixo os dois blocos do OTL.Txt, um é o OTL.Txt e o outro veio como Extras.txt:


OTL logfile created on: 30/9/2011 16:16:51 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Silvia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1023,23 Mb Total Physical Memory | 252,12 Mb Available Physical Memory | 24,64% Memory free
2,41 Gb Paging File | 1,79 Gb Available in Paging File | 74,49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 85,94 Gb Free Space | 57,66% Space Free | Partition Type: NTFS
Drive D: | 162,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SILVIA-B6CF1AA6 | User Name: Silvia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\ARQUIV~1\GbPlugin\GbpSv.exe
PRC - [2011/09/30 15:34:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silvia\Desktop\OTL.exe
PRC - [2011/09/08 09:54:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 08:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/02 03:24:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/07/04 14:30:41 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/30 06:26:13 | 001,579,520 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11093000\algo.dll
MOD - [2011/09/29 18:56:54 | 001,579,520 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11092902\algo.dll
MOD - [2011/09/29 14:00:00 | 000,212,640 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11093000\aswRep.dll
MOD - [2011/09/29 14:00:00 | 000,212,640 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11092902\aswRep.dll
MOD - [2011/09/27 14:10:46 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCoreGecko6.dll
MOD - [2011/09/08 09:54:57 | 001,846,232 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\mozjs.dll
MOD - [2011/08/17 20:40:09 | 000,103,424 | ---- | M] () -- C:\Arquivos de programas\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/06/21 11:49:26 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/09/22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009/02/27 19:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB
MOD - [2008/04/13 23:20:33 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll
MOD - [2007/08/21 13:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Unknown | Running] -- -- (GbpSv)
SRV - File not found [Unknown | Stopped] -- -- (avg8wd)
SRV - File not found [Auto | Stopped] -- -- (avg8emc)
SRV - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! antivírus)
SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 08:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 08:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 08:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 08:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 08:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 08:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 08:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/04/13 16:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 15:55:58 | 000,014,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/08/03 19:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/12/09 12:43:36 | 000,045,568 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\SiSRaid.sys -- (SiSRaid)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.google.com.br"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.14.5
FF - prefs.js..keyword.URL: "http://mystart.incre...736548&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Arquivos de programas\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Dados de aplicativos\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/08 11:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 22:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/09/08 09:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/06/21 11:50:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 22:04:20 | 000,000,000 | ---D | M]

[2008/11/01 10:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Extensions
[2011/09/28 17:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions
[2011/03/11 15:57:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 14:16:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/30 09:01:31 | 000,000,000 | ---D | M] (Adicional de Seguranca CAIXA) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
[2011/08/04 20:13:40 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2011/09/28 17:54:39 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/09/22 21:18:52 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/06/14 14:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2010/11/04 08:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/17 07:00:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 10:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/06/04 20:20:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 09:54:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/14 18:48:13 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2011/06/14 18:48:13 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2011/06/14 18:48:13 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/06/14 18:48:13 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\10.0.648.133\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\10.0.648.133\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\10.0.648.133\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Arquivos de programas\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Arquivos de programas\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Arquivos de programas\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Arquivos de programas\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\3.0.50106.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/18 16:11:31 | 000,001,375 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns 3.adobe.com-
O1 - Hosts: 127.0.0.1 3dns 2.adobe.com-
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ativar sea.adobe.com-
O1 - Hosts: 127.0.0.1 WWIS-dubc1 vip60.adobe.com-
O1 - Hosts: 127.0.0.1 ativar sjc0.adobe.com-
O1 - Hosts: 127.0.0.1 WWIS-dubc1 vip60.adobe.com-
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll File not found
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll File not found
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Google Updater] C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk = C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: status = present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: localhost ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: programapar.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1210002061175 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsec...GbPluginABN.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.92 201.17.0.82 201.17.0.44
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E21BC63E-C6F4-449C-AA85-E824E6E3FB06}: DhcpNameServer = 201.17.0.92 201.17.0.82 201.17.0.44
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL) -C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehabn.dll) - C:\ARQUIV~1\GbPlugin\gbiehabn.dll File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll File not found
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehcef.dll) - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll ()
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll File not found
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll File not found
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/19 14:55:47 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\AutoRun\command - "" = E:\ekugb3.bat
O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\explore\Command - "" = E:\ekugb3.bat
O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\open\Command - "" = E:\ekugb3.bat
O33 - MountPoints2\{2c2fb664-1ada-11dd-9b92-0011d896c775}\Shell - "" = AutoRun
O33 - MountPoints2\{2c2fb664-1ada-11dd-9b92-0011d896c775}\Shell\Auto\command - "" = E:\MicrosoftPowerPoint.exe
O33 - MountPoints2\{2c2fb664-1ada-11dd-9b92-0011d896c775}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
O33 - MountPoints2\{d2e884e2-1ab2-11dd-9b84-0011d896c775}\Shell - "" = AutoRun
O33 - MountPoints2\{d2e884e2-1ab2-11dd-9b84-0011d896c775}\Shell\Auto\command - "" = E:\MicrosoftPowerPoint.exe
O33 - MountPoints2\{d2e884e2-1ab2-11dd-9b84-0011d896c775}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 90 Days ==========

[2011/09/30 15:34:44 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Silvia\Desktop\OTL.exe
[2011/09/29 18:30:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/09/29 18:27:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Silvia\Recent
[2011/09/29 18:22:41 | 002,563,808 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Silvia\Desktop\ccsetup310_slim.exe
[2011/09/23 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Sony Corporation
[2011/09/23 21:30:48 | 000,000,000 | ---D | C] -- C:\windows\Logs
[2011/09/23 21:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\PMB
[2011/09/23 21:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Corporation
[2011/09/23 21:28:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Sony
[2011/09/22 21:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\Conduit
[2011/09/22 21:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\IM
[2011/09/22 21:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\IM
[2011/09/22 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\DealPly
[2011/09/22 21:18:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DealPly
[2011/09/22 21:18:00 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\FoxTabPDFConverter
[2011/09/18 16:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/18 16:16:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Adobe Download Assistant
[2011/09/18 16:16:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe AIR
[2011/09/18 15:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Desktop\FACE
[2009/05/11 11:25:59 | 000,607,640 | ---- | C] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\jre-6u13-windows-i586-p-iftw.exe
[2008/11/04 19:34:54 | 001,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Arquivos de programas\install_flash_player.exe
[2008/08/13 20:13:15 | 015,915,008 | ---- | C] (VSO-Software ) -- C:\Arquivos de programas\vsoConvertXtoDVD3_setup.exe
[2008/05/25 00:02:31 | 022,300,968 | ---- | C] (Skype Technologies S.A.) -- C:\Arquivos de programas\SkypeSetup.exe
[2008/05/05 16:33:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Silvia\Dados de aplicativos\pcouffin.sys
[2008/04/29 12:22:09 | 001,045,504 | ---- | C] (Laryon) -- C:\Arquivos de programas\ScanRn.exe
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/09/30 15:34:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silvia\Desktop\OTL.exe
[2011/09/30 15:30:34 | 000,000,592 | ---- | M] () -- C:\windows\tasks\Norton Security Scan for Silvia.job
[2011/09/30 15:29:01 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/30 10:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2011/09/30 03:29:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/29 18:30:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/09/29 18:24:03 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/29 18:22:42 | 002,563,808 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Silvia\Desktop\ccsetup310_slim.exe
[2011/09/29 14:32:51 | 000,002,262 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/09/29 14:30:03 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/09/29 14:29:57 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 15:33:50 | 000,000,282 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job
[2011/09/23 21:30:25 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ajuda do PMB.lnk
[2011/09/23 21:30:25 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/09/23 21:30:25 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/09/19 12:26:30 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/18 16:31:17 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Silvia\.recently-used.xbel
[2011/09/18 16:16:32 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2011/09/18 16:16:09 | 000,054,920 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2011/09/03 01:05:51 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2011/08/25 17:19:16 | 000,276,560 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/07/30 13:32:48 | 000,003,018 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2011/07/28 20:13:56 | 000,007,383 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\logoUcam.gif
[2011/07/28 20:12:54 | 000,005,748 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\logo_AVM.JPG
[2011/07/25 22:43:37 | 000,012,392 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\logo funny.jpg
[2011/07/14 15:56:40 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Receitanet Java 2010.02a.lnk
[2011/07/14 15:53:17 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2011/07/04 08:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/07/04 08:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/07/04 08:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/07/04 08:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/07/04 08:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/07/04 08:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswmon2.sys
[2011/07/04 08:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswmon.sys
[2011/07/04 08:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/07/04 08:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aavmker4.sys
[2011/07/04 08:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/29 18:24:03 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/23 21:30:25 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ajuda do PMB.lnk
[2011/09/23 21:30:25 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/09/23 21:30:25 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\PMB.lnk
[2011/09/23 21:30:25 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk
[2011/09/22 21:18:18 | 000,098,304 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2011/09/18 16:31:17 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Silvia\.recently-used.xbel
[2011/09/18 16:16:32 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Download Assistant.lnk
[2011/09/18 16:16:32 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2011/09/18 16:16:09 | 000,054,920 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/07/28 20:13:56 | 000,007,383 | ---- | C] () -- C:\Documents and Settings\Silvia\Desktop\logoUcam.gif
[2011/07/28 20:12:54 | 000,005,748 | ---- | C] () -- C:\Documents and Settings\Silvia\Desktop\logo_AVM.JPG
[2011/07/25 22:43:36 | 000,012,392 | ---- | C] () -- C:\Documents and Settings\Silvia\Desktop\logo funny.jpg
[2011/07/14 15:56:40 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Receitanet Java 2010.02a.lnk
[2011/05/21 21:37:31 | 000,083,017 | ---- | C] () -- C:\Arquivos de programas\ScanRnUninstal.exe
[2010/12/16 21:53:35 | 000,187,902 | ---- | C] () -- C:\windows\hpwins27.dat
[2010/12/16 21:53:35 | 000,000,385 | ---- | C] () -- C:\windows\hpwmdl27.dat
[2010/11/03 00:37:38 | 000,161,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2010/10/01 21:11:30 | 000,126,003 | ---- | C] () -- C:\windows\HPHins12.dat.temp
[2010/10/01 21:11:30 | 000,014,916 | ---- | C] () -- C:\windows\hphmdl12.dat.temp
[2010/09/14 23:30:22 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2009/12/20 22:42:18 | 000,000,330 | ---- | C] () -- C:\windows\primopdf.ini
[2009/07/04 14:28:49 | 001,092,248 | ---- | C] () -- C:\Arquivos de programas\Google Updater.exe
[2009/05/11 11:34:42 | 011,953,619 | ---- | C] () -- C:\Arquivos de programas\IRPF2009v1.1.zip
[2009/05/11 00:20:12 | 012,155,056 | ---- | C] () -- C:\Arquivos de programas\IRPF2009win32v1.1.rar
[2009/05/10 23:20:46 | 000,000,079 | ---- | C] () -- C:\windows\WININIT.INI
[2009/05/10 22:52:35 | 012,154,971 | ---- | C] () -- C:\Arquivos de programas\IRPF2009win32v1.1.exe
[2009/05/08 12:44:55 | 067,940,129 | ---- | C] () -- C:\Arquivos de programas\avgP8.5.rar
[2009/04/01 19:47:37 | 000,069,632 | ---- | C] () -- C:\windows\System32\MSJCE.dll
[2009/04/01 19:47:11 | 002,547,613 | ---- | C] () -- C:\Arquivos de programas\ReceitanetJava2009.01_setup_win32.exe
[2009/04/01 19:44:47 | 012,118,575 | ---- | C] () -- C:\Arquivos de programas\IRPF2009win32v1.0.exe
[2009/02/10 21:38:08 | 000,000,042 | ---- | C] () -- C:\windows\System32\erromil32.dll
[2009/02/10 21:35:49 | 000,002,638 | ---- | C] () -- C:\windows\System32\assuntos.dll
[2009/02/10 21:35:26 | 000,000,004 | ---- | C] () -- C:\windows\System32\total.dll
[2009/02/10 21:35:24 | 000,045,121 | ---- | C] () -- C:\windows\System32\logs.dll
[2009/02/10 21:35:24 | 000,020,543 | ---- | C] () -- C:\windows\System32\frases.dll
[2009/02/10 21:35:20 | 000,000,033 | ---- | C] () -- C:\windows\System32\errox32.dll
[2008/11/01 10:35:17 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2008/11/01 10:35:15 | 000,755,027 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2008/11/01 10:35:15 | 000,159,839 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2008/11/01 10:35:14 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2008/11/01 10:10:32 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/10/31 08:52:47 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2008/09/25 21:31:59 | 000,000,067 | ---- | C] () -- C:\windows\Easy DVD Creator.INI
[2008/08/13 20:16:24 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\vso_ts_preview.xml
[2008/05/25 13:40:33 | 119,232,319 | ---- | C] () -- C:\Arquivos de programas\BrOo_2.4.0_Win32Intel_install_pt-BR.exe
[2008/05/25 00:08:50 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2008/05/22 14:53:18 | 002,915,697 | ---- | C] () -- C:\Arquivos de programas\wrar371br.exe
[2008/05/22 10:26:43 | 003,309,160 | ---- | C] () -- C:\Arquivos de programas\eMule0.49a-Installer1.exe
[2008/05/09 20:33:16 | 000,002,132 | ---- | C] () -- C:\windows\photoimpression.ini
[2008/05/09 20:33:16 | 000,000,600 | ---- | C] () -- C:\windows\videoimp.ini
[2008/05/09 20:33:09 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2008/05/09 20:32:28 | 000,000,021 | ---- | C] () -- C:\windows\arcsuite.ini
[2008/05/06 20:11:44 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/05 16:47:20 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/05/05 16:33:45 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\inst.exe
[2008/05/05 16:33:45 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\pcouffin.cat
[2008/05/05 16:33:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\pcouffin.inf
[2008/05/05 12:42:07 | 000,000,560 | ---- | C] () -- C:\windows\ODBC.INI
[2008/05/05 12:42:06 | 000,000,063 | ---- | C] () -- C:\windows\mdm.ini
[2008/05/05 12:41:58 | 000,000,000 | ---- | C] () -- C:\windows\NSREX.INI
[2008/05/05 12:31:48 | 000,157,696 | ---- | C] () -- C:\windows\System32\unrar.dll
[2008/05/05 12:31:46 | 000,019,968 | ---- | C] () -- C:\windows\System32\cpuinf32.dll
[2008/05/05 11:48:52 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2008/05/05 11:43:22 | 000,021,844 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2008/05/05 08:36:11 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
[2008/05/05 08:34:58 | 000,276,560 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2008/04/13 23:20:25 | 000,026,112 | ---- | C] () -- C:\windows\System32\dot3api.dll
[2008/04/13 23:20:25 | 000,019,456 | ---- | C] () -- C:\windows\System32\dimsntfy.dll
[2007/09/28 14:56:22 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007/09/28 14:53:06 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2007/07/11 19:30:09 | 000,769,536 | ---- | C] () -- C:\Arquivos de programas\ScanRnServer.exe
[2007/07/11 19:30:09 | 000,032,730 | ---- | C] () -- C:\Arquivos de programas\languages.ini
[2004/08/03 23:57:52 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2004/08/03 20:03:14 | 000,014,592 | ---- | C] () -- C:\windows\System32\drivers\ndisuio.sys
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2003/12/26 07:58:36 | 000,135,168 | ---- | C] () -- C:\windows\System32\Property.dll
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2001/10/28 09:07:18 | 000,471,022 | ---- | C] () -- C:\windows\System32\perfh016.dat
[2001/10/28 09:07:18 | 000,435,260 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/10/28 09:07:18 | 000,301,776 | ---- | C] () -- C:\windows\System32\perfi016.dat
[2001/10/28 09:07:18 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/10/28 09:07:18 | 000,079,980 | ---- | C] () -- C:\windows\System32\perfc016.dat
[2001/10/28 09:07:18 | 000,068,156 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/10/28 09:07:18 | 000,035,178 | ---- | C] () -- C:\windows\System32\perfd016.dat
[2001/10/28 09:07:18 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/10/28 09:07:08 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2001/10/28 09:06:58 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/10/28 09:06:58 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/10/28 09:06:32 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/24 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software
[2011/06/14 18:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas
[2008/10/31 07:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2011/09/22 21:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IM
[2010/07/06 11:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2008/11/01 13:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk
[2011/09/22 21:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\BrOffice.org2
[2008/08/13 10:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\BSplayer
[2008/08/11 20:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\BSplayer Pro
[2011/09/18 16:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/18 16:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\gtk-2.0
[2010/10/26 16:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Image Zone Express
[2008/05/22 21:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\LG Electronics
[2010/09/14 23:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\OpenCandy
[2011/05/21 21:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\PrimoPDF
[2010/09/14 23:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Uniblue
[2010/03/03 00:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\uTorrent
[2008/11/27 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Vso
[2011/09/26 15:33:50 | 000,000,282 | ---- | M] () -- C:\windows\Tasks\RegistryBooster.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/14 09:00:00 | 000,261,936 | R--- | M] () -- C:\$LDR$
[2010/07/17 18:48:14 | 000,019,623 | ---- | M] () -- C:\84_1444-pobres14.JPG
[2009/06/04 20:55:08 | 000,000,275 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/06 11:52:40 | 000,000,207 | ---- | M] () -- C:\boot.bak.txt
[2010/10/19 09:00:39 | 000,000,159 | -HS- | M] () -- C:\boot.ini
[2010/10/15 18:11:11 | 000,000,160 | ---- | M] () -- C:\boot2.ini
[2008/04/14 09:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008/05/05 11:46:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/09/29 14:29:57 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/29 18:30:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2011/09/29 18:33:08 | 000,011,321 | ---- | M] () -- C:\hijackthis.log
[2008/05/05 11:46:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/05 11:46:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 09:00:00 | 000,251,696 | RHS- | M] () -- C:\ntldr
[2011/09/29 14:29:57 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/09/25 22:34:46 | 000,040,465 | ---- | M] () -- C:\StarBurn.log
[2010/08/01 22:30:24 | 000,000,000 | ---- | M] () -- C:\Tech_Vista.log
[2008/05/18 23:51:42 | 000,467,756 | R--- | M] () -- C:\txtsetup.sif
[2009/02/13 16:28:59 | 000,000,055 | ---- | M] () -- C:\tyuwq22.err

< %systemdrive%\drivers\*.* /s >

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2011/07/04 08:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aavmker4.sys
[2011/07/04 08:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswFsBlk.sys
[2011/07/04 08:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswmon.sys
[2011/07/04 08:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswmon2.sys
[2011/07/04 08:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswRdr.sys
[2011/07/04 08:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswSnx.sys
[2011/07/04 08:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswSP.sys
[2011/07/04 08:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswTdi.sys

< %PROGRAMFILES%\*.* >
[2009/05/08 12:49:06 | 067,940,129 | ---- | M] () -- C:\Arquivos de programas\avgP8.5.rar
[2008/05/25 13:40:36 | 119,232,319 | ---- | M] () -- C:\Arquivos de programas\BrOo_2.4.0_Win32Intel_install_pt-BR.exe
[2008/05/22 10:26:55 | 003,309,160 | ---- | M] () -- C:\Arquivos de programas\eMule0.49a-Installer1.exe
[2009/07/04 14:28:50 | 001,092,248 | ---- | M] () -- C:\Arquivos de programas\Google Updater.exe
[2008/11/04 19:34:54 | 001,851,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\install_flash_player.exe
[2009/05/11 11:35:07 | 011,953,619 | ---- | M] () -- C:\Arquivos de programas\IRPF2009v1.1.zip
[2009/04/01 19:45:01 | 012,118,575 | ---- | M] () -- C:\Arquivos de programas\IRPF2009win32v1.0.exe
[2009/05/10 23:07:10 | 012,154,971 | ---- | M] () -- C:\Arquivos de programas\IRPF2009win32v1.1.exe
[2009/05/11 00:20:25 | 012,155,056 | ---- | M] () -- C:\Arquivos de programas\IRPF2009win32v1.1.rar
[2009/05/11 11:25:59 | 000,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\jre-6u13-windows-i586-p-iftw.exe
[2010/12/11 03:20:11 | 000,032,730 | ---- | M] () -- C:\Arquivos de programas\languages.ini
[2009/04/01 19:47:16 | 002,547,613 | ---- | M] () -- C:\Arquivos de programas\ReceitanetJava2009.01_setup_win32.exe
[2008/01/21 13:00:46 | 001,045,504 | ---- | M] (Laryon) -- C:\Arquivos de programas\ScanRn.exe
[2007/04/21 07:30:46 | 000,769,536 | ---- | M] () -- C:\Arquivos de programas\ScanRnServer.exe
[2011/05/21 21:37:32 | 000,083,017 | ---- | M] () -- C:\Arquivos de programas\ScanRnUninstal.exe
[2008/05/25 00:02:40 | 022,300,968 | ---- | M] (Skype Technologies S.A.) -- C:\Arquivos de programas\SkypeSetup.exe
[2008/08/13 20:13:15 | 015,915,008 | ---- | M] (VSO-Software ) -- C:\Arquivos de programas\vsoConvertXtoDVD3_setup.exe
[2008/05/22 14:53:18 | 002,915,697 | ---- | M] () -- C:\Arquivos de programas\wrar371br.exe

< %userprofile%\configurações locais\dados de aplicativos\*.exe >

< %userprofile%\configurações locais\dados de aplicativos\*.txt >

< %userprofile%\configurações locais\dados de aplicativos\*.ini >
[2011/06/16 19:38:53 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Silvia\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >

< %userprofile%\configurações locais\dados de aplicativos\*.dll >

< %userprofile%\*.exe >

< %userprofile%\.txt >

< %userprofile%\.ini >

< %userprofile%\.dat /30 >

< %userprofile%\.dll >

< %windir%\tasks\*.* /s >
[2001/10/28 09:07:04 | 000,000,065 | RH-- | M] () -- C:\windows\tasks\desktop.ini
[2011/09/30 10:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2011/09/30 03:29:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/30 15:29:01 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/30 15:30:34 | 000,000,592 | ---- | M] () -- C:\windows\tasks\Norton Security Scan for Silvia.job
[2011/09/26 15:33:50 | 000,000,282 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job
[2011/09/29 14:31:54 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/05/05 11:46:04 | 000,000,067 | -HS- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\*.scr >
[2011/07/04 08:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2010/04/16 23:21:08 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 30/9/2011 16:16:51 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Silvia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1023,23 Mb Total Physical Memory | 252,12 Mb Available Physical Memory | 24,64% Memory free
2,41 Gb Paging File | 1,79 Gb Available in Paging File | 74,49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 85,94 Gb Free Space | 57,66% Space Free | Partition Type: NTFS
Drive D: | 162,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SILVIA-B6CF1AA6 | User Name: Silvia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Arquivos de programas\AVG\AVG8\avgemc.exe" = C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Arquivos de programas\AVG\AVG8\avgupd.exe" = C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Silvia\Meus documentos\Minhas imagens\utorrent-1.8-rc6.upx.exe" = C:\Documents and Settings\Silvia\Meus documentos\Minhas imagens\utorrent-1.8-rc6.upx.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EB9ED31-184D-4034-A4E1-10223BAF40A8}" = BrOffice.org 2.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012F0}" = Java™ 6 Update 12
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.0.26
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.6 - Português
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C50BF854-E881-434F-9C67-5A73EBB58F06}" = Windows Live Toolbar
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcSoft Camera Suite" = ArcSoft Camera Suite
"avast" = avast! Free antivírus
"BS.Player ControlBar" = BS.Player ControlBar
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CSCLIB" = Canon Camera Support Core Library
"DealPly" = DealPly
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy DVD Creator_is1" = Easy DVD Creator 1.7.1
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 6.0.2 (x86 pt-BR)" = Mozilla Firefox 6.0.2 (x86 pt-BR)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Receitanet Java 2010.02a" = Receitanet Java 2010.02a
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 6.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Converter" = FoxTab PDF Converter
"ScanRn/ScanRnServer" = ScanRn/ScanRnServer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7001
Description = O serviço AVG Free8 E-mail Scanner depende do serviço AVG Free8 WatchDog,
mas não foi possível iniciá-lo devido ao seguinte erro: %%2

Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023
Description = O serviço Central de Segurança terminou com o erro: %%193

Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: AvgLdx86 AvgMfx86 AvgTdiX

Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023
Description = O serviço Central de Segurança terminou com o erro: %%193

Error - 29/9/2011 13:32:50 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023
Description = O serviço Conexões de rede terminou com o erro: %%193

Error - 29/9/2011 13:33:19 | Computer Name = SILVIA-B6CF1AA6 | Source = DCOM | ID = 10010
Description = O servidor {BA126AD1-2166-11D1-B1D0-00805FC1270E} não se registrou
com o DCOM dentro do tempo limite requerido.

Error - 29/9/2011 13:33:20 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023
Description = O serviço Conexões de rede terminou com o erro: %%193

Error - 29/9/2011 13:33:50 | Computer Name = SILVIA-B6CF1AA6 | Source = DCOM | ID = 10010
Description = O servidor {BA126AD1-2166-11D1-B1D0-00805FC1270E} não se registrou
com o DCOM dentro do tempo limite requerido.

Error - 29/9/2011 13:44:04 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023
Description = O serviço Conexões de rede terminou com o erro: %%193

Error - 29/9/2011 13:44:34 | Computer Name = SILVIA-B6CF1AA6 | Source = DCOM | ID = 10010
Description = O servidor {BA126AD1-2166-11D1-B1D0-00805FC1270E} não se registrou
com o DCOM dentro do tempo limite requerido.


< End of report >


MUITO OBRIGADA!!!!

#6 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65377 mensagens

Publicado 30 September 2011 - 04:57 PM

Ok, vamos acabar com o problema...

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:


:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.14.5
FF - prefs.js..keyword.URL: "http://mystart.incre...70736548="
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehcef.dll) - File not found
O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\AutoRun\command - "" = E:\ekugb3.bat
O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\explore\Command - "" = E:\ekugb3.bat
O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\open\Command - "" = E:\ekugb3.bat

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\
01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\
00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Commands
[createrestorepoint]
[purity]
[emptytemp]


Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Posted Image.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Posted Image

O Programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo Log do Hijackthis.
MillionMPV.gif

#7 kimdeal2000    

kimdeal2000
  • Participante
  • 4 mensagens

Publicado 14 October 2011 - 01:32 PM

Olá!! Me perdoe por demorar tanto a voltar aqui, eu fiquei internada, com pneumonia, mas agora já estou bem melhor, em casa. Muito Obrigada mesmo por você estar me ajudando desta forma, não tenho nem palavras para agradecer. Eu vou colar aqui o que você pediu, mas eu queria te dizer que mesmo assim o tal do "incredimail / my start" continua aqui, como site de buscas padrão do meu computador, e o pior é que é um site de buscas horrível, horrível, antes qualquer coisa que eu pesquisasse caía direto no google, nem precisava digitar o site do google, agora tenho que trocar toda hora, realmente não sei o que é isso... =(

Primeiro vou colar o log do OTL:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12 removed from extensions.enabledItems
Prefs.js: smartwebprinting@hp.com:4.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.14.5 removed from extensions.enabledItems
Prefs.js: "http://mystart.incre...70736548=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.
File E:\ekugb3.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.
File E:\ekugb3.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.
File E:\ekugb3.bat not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 197501 bytes
->FireFox cache emptied: 53524 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56509 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 128478 bytes

User: Marcela

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Silvia
->Temp folder emptied: 230999633 bytes
->Temporary Internet Files folder emptied: 15760987 bytes
->Java cache emptied: 100411717 bytes
->FireFox cache emptied: 109604591 bytes
->Google Chrome cache emptied: 20250090 bytes
->Flash cache emptied: 58564 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134162 bytes
%systemroot%\System32 .tmp files removed: 102809 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3457735 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 461,00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10142011_130235

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




AGORA VOU COLOCAR O NOVO HIJACK:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:29:05, on 14/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\windows\Explorer.EXE
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\windows\system32\spoolsv.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe
C:\windows\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/...S01?FORM=TOOLBR
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Updater] "C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210002061175
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: Gerenciador do Google Desktop 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9fccd75c592ec) (gupdate1c9fccd75c592ec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--
End of file - 11206 bytes



Então é isso. Desculpa a demora, é mto ruim ficar doente, só quando a gente fica doente é que percebe como é bom ter saúde, mtas vezes a gente nem percebe né.... Obrigada, beijos!

#8 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65377 mensagens

Publicado 14 October 2011 - 05:57 PM

A informação acima é de que foi removida, mas como você diz que não foi, nada mais a fazer, senão um backup e reinstalação do Sistema.

Boa sorte!!
MillionMPV.gif