Ir para conteúdo
Entre para seguir isso  
kimdeal2000

não consigo excluir o MyStart do meu computador

Mensagem Recomendada

bom galera, to com um problema muito chato aqui, que já quebrei muito a cabeça tentando resolver mas até agora não consegui...

Não sei como (minha irmã também usa o mesmo computador que eu) foi instalado no meu computador um tal de INCREDIMAIL (um programa de email), e junto à instalação deste programa veio um tal de MyStart como padrão de busca.

Eu consegui desinstalar o Incredimail no Painel de Controle, porém o My Start, não aparece entre os programas do computador, portanto não consigo apagá-lo.

O problema é que esse My Start virou o Programa de Buscas oficial do meu computador, antes tudo que eu queria pesquisar automaticamente dirigia pro Google, agora vai tudo para esse My Start, que é o pior programa de buscas que já vi na minha vida....

eu uso o mozilla firefox como navegador, e ele default tem uma super vantagem de ao digitar somente o nome do site no browser, ele ir direto para o site, ou se não identificar o site, pesquisa pelo google..

perdi essa vantagem pois agora vai tudo para o My Start, que é simplesmente horrível!!!

agora toda vez que eu digito alguma coisa no browser, que não seja um endereço completo, ele faz uma busca no MyStart (chatíssimo)

como eu poderia eliminar de vez isso? Será que é impossível tirar esse MyStart? Não consigo acreditar nisso! Estou arrasada... Procuro informações pelas páginas da web e nao consigo nenhuma informação...

como faço para o mozilla voltar ao seu padrão!?

alguém pode me ajudar?

POR FAVOR!! Estou desesperada!!!

agradeço desde já a atenção, desejo a todos tudo de bom...

KimDeal

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para podermos ajudá-lo, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, clicando no BOTÃO RESPONDER e aguarde novas instruções.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Amigo! Muito Obrigada pela orientação! Li o tópico completamente e efetuei todos os passos. Estou enviando meu Log em anexo, que ficou em formato de Bloco de Anotações, não sei porquê.

Gostaria de saber uma coisa: enquanto o log não é analisado por alguém competente, o que faço com o HiJack aberto com os resultados do scan? Não achei isso nas orientações... Deixo ele aberto no meu PC? Me perdoe, sou mto leiga...

Muito Obrigada mesmo por sua ajuda, vcs são incríveis! Um abraço

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:33:08, on 29/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\windows\Explorer.EXE

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\spoolsv.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Google Updater] "C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [status] present

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210002061175

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: Gerenciador do Google Desktop 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9fccd75c592ec) (gupdate1c9fccd75c592ec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--

End of file - 11319 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pode fechar o HijackThis..

Continuando a verificação..

Baixe OTL by OldTimer, e salve na sua Área de Trabalho.

Feche todas as janelas e execute a Ferramenta.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em execadmin.png.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

    Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar
    CREATERESTOREPOINT
    netsvcs
    msconfig
    safebootminimal
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.* /s
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    %userprofile%\configurações locais\dados de aplicativos\*.exe
    %userprofile%\configurações locais\dados de aplicativos\*.txt
    %userprofile%\configurações locais\dados de aplicativos\*.ini
    %userprofile%\configurações locais\dados de aplicativos\*.dat /30
    %userprofile%\configurações locais\dados de aplicativos\*.dll
    %userprofile%\*.exe
    %userprofile%\.txt
    %userprofile%\.ini
    %userprofile%\.dat /30
    %userprofile%\.dll
    %windir%\tasks\*.* /s
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.com
    %systemroot%\*.scr
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar
    Clique no botão Verificar
    Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a ) a fazer isso.
    O exame demora um pouco, tenha paciência.
    Quando terminar, dois Blocos de notas serão exibidos: OTL.txt e Extras.txt
    Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.
    Copie todo o conteúdo do OTL.txt e cole na sua próxima resposta.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

Desculpe em responder, é que fui trabalhar e só pude fazer agora... =)

Muito obrigada mesmo pela sua boa vontade, não tenho palavras para agradecer, é incrível como alguém que nem conhece o outro pode se colocar para ajudar simplesmente pelo fato de estar fazendo o bem ao próximo... Se no mundo mais pessoas fossem assim, com certeza estaríamos todos melhores...

Como você me orientou, estou colando abaixo os dois blocos do OTL.Txt, um é o OTL.Txt e o outro veio como Extras.txt:

OTL logfile created on: 30/9/2011 16:16:51 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Silvia\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1023,23 Mb Total Physical Memory | 252,12 Mb Available Physical Memory | 24,64% Memory free

2,41 Gb Paging File | 1,79 Gb Available in Paging File | 74,49% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,04 Gb Total Space | 85,94 Gb Free Space | 57,66% Space Free | Partition Type: NTFS

Drive D: | 162,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SILVIA-B6CF1AA6 | User Name: Silvia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\ARQUIV~1\GbPlugin\GbpSv.exe

PRC - [2011/09/30 15:34:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silvia\Desktop\OTL.exe

PRC - [2011/09/08 09:54:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

PRC - [2011/07/04 08:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/06/02 03:24:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\1.3.21.57\GoogleCrashHandler.exe

PRC - [2010/01/15 09:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009/10/24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2009/07/04 14:30:41 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

PRC - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Modules (No Company Name) ==========

MOD - [2011/09/30 06:26:13 | 001,579,520 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11093000\algo.dll

MOD - [2011/09/29 18:56:54 | 001,579,520 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11092902\algo.dll

MOD - [2011/09/29 14:00:00 | 000,212,640 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11093000\aswRep.dll

MOD - [2011/09/29 14:00:00 | 000,212,640 | ---- | M] () -- C:\Arquivos de programas\Alwil Software\Avast5\defs\11092902\aswRep.dll

MOD - [2011/09/27 14:10:46 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCoreGecko6.dll

MOD - [2011/09/08 09:54:57 | 001,846,232 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\mozjs.dll

MOD - [2011/08/17 20:40:09 | 000,103,424 | ---- | M] () -- C:\Arquivos de programas\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll

MOD - [2011/06/21 11:49:26 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2010/09/22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2009/02/27 19:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

MOD - [2008/04/13 23:20:33 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2007/08/21 13:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [unknown | Running] -- -- (GbpSv)

SRV - File not found [unknown | Stopped] -- -- (avg8wd)

SRV - File not found [Auto | Stopped] -- -- (avg8emc)

SRV - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! antivírus)

SRV - [2010/01/15 09:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - [2011/07/04 08:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/07/04 08:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/07/04 08:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/07/04 08:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/07/04 08:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/07/04 08:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/07/04 08:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2008/04/13 16:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 15:55:58 | 000,014,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)

DRV - [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2004/08/03 19:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2003/12/09 12:43:36 | 000,045,568 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\SiSRaid.sys -- (SiSRaid)

DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "MyStart Search"

FF - prefs.js..browser.startup.homepage: "www.google.com.br"

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.14.5

FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/mb68/?loc=ff_address_bar&u=92260080570736548&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Arquivos de programas\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Dados de aplicativos\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/08 11:42:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 22:04:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/09/08 09:54:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/06/21 11:50:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/16 22:04:20 | 000,000,000 | ---D | M]

[2008/11/01 10:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Extensions

[2011/09/28 17:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions

[2011/03/11 15:57:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/01 14:16:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/08/30 09:01:31 | 000,000,000 | ---D | M] (Adicional de Seguranca CAIXA) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

[2011/08/04 20:13:40 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

[2011/09/28 17:54:39 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}

[2011/09/22 21:18:52 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\Silvia\Dados de aplicativos\Mozilla\Firefox\Profiles\k5rhk5p9.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011/06/14 14:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/11/04 08:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/17 07:00:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/11 10:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2009/06/04 20:20:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/09/08 09:54:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

[2011/06/14 18:48:13 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2011/06/14 18:48:13 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2011/06/14 18:48:13 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2011/06/14 18:48:13 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\10.0.648.133\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\10.0.648.133\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\10.0.648.133\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Arquivos de programas\DivX\DivX Content Uploader\npUpload.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Arquivos de programas\DivX\DivX Player\npDivxPlayerPlugin.dll

CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Arquivos de programas\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Arquivos de programas\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

CHR - plugin: Picasa (Enabled) = C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\3.0.50106.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/18 16:11:31 | 000,001,375 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns 3.adobe.com-

O1 - Hosts: 127.0.0.1 3dns 2.adobe.com-

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 ativar sea.adobe.com-

O1 - Hosts: 127.0.0.1 WWIS-dubc1 vip60.adobe.com-

O1 - Hosts: 127.0.0.1 ativar sjc0.adobe.com-

O1 - Hosts: 127.0.0.1 WWIS-dubc1 vip60.adobe.com-

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll File not found

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll File not found

O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - No CLSID value found.

O3 - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll ()

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [Google Updater] C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe (Google)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk = C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: status = present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O15 - HKCU\..Trusted Domains: caixa.gov.br ([]https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: localhost ([]http in Intranet local)

O15 - HKCU\..Trusted Domains: programapar.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210002061175 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.92 201.17.0.82 201.17.0.44

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E21BC63E-C6F4-449C-AA85-E824E6E3FB06}: DhcpNameServer = 201.17.0.92 201.17.0.82 201.17.0.44

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL) -C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehabn.dll) - C:\ARQUIV~1\GbPlugin\gbiehabn.dll File not found

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll File not found

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehcef.dll) - File not found

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll ()

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll File not found

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll File not found

O29 - HKLM SecurityProviders - (digiwet.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/10/19 14:55:47 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\AutoRun\command - "" = E:\ekugb3.bat

O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\explore\Command - "" = E:\ekugb3.bat

O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\open\Command - "" = E:\ekugb3.bat

O33 - MountPoints2\{2c2fb664-1ada-11dd-9b92-0011d896c775}\Shell - "" = AutoRun

O33 - MountPoints2\{2c2fb664-1ada-11dd-9b92-0011d896c775}\Shell\Auto\command - "" = E:\MicrosoftPowerPoint.exe

O33 - MountPoints2\{2c2fb664-1ada-11dd-9b92-0011d896c775}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

O33 - MountPoints2\{d2e884e2-1ab2-11dd-9b84-0011d896c775}\Shell - "" = AutoRun

O33 - MountPoints2\{d2e884e2-1ab2-11dd-9b84-0011d896c775}\Shell\Auto\command - "" = E:\MicrosoftPowerPoint.exe

O33 - MountPoints2\{d2e884e2-1ab2-11dd-9b84-0011d896c775}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sdauxservice - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe (PC Tools)

SafeBootMin: sdcoreservice - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe (PC Tools)

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 90 Days ==========

[2011/09/30 15:34:44 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Silvia\Desktop\OTL.exe

[2011/09/29 18:30:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe

[2011/09/29 18:27:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Silvia\Recent

[2011/09/29 18:22:41 | 002,563,808 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Silvia\Desktop\ccsetup310_slim.exe

[2011/09/23 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Sony Corporation

[2011/09/23 21:30:48 | 000,000,000 | ---D | C] -- C:\windows\Logs

[2011/09/23 21:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\PMB

[2011/09/23 21:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Corporation

[2011/09/23 21:28:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Sony

[2011/09/22 21:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\Conduit

[2011/09/22 21:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\IM

[2011/09/22 21:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\IM

[2011/09/22 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\DealPly

[2011/09/22 21:18:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DealPly

[2011/09/22 21:18:00 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\FoxTabPDFConverter

[2011/09/18 16:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/09/18 16:16:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Adobe Download Assistant

[2011/09/18 16:16:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

[2011/09/18 15:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvia\Desktop\FACE

[2009/05/11 11:25:59 | 000,607,640 | ---- | C] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\jre-6u13-windows-i586-p-iftw.exe

[2008/11/04 19:34:54 | 001,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Arquivos de programas\install_flash_player.exe

[2008/08/13 20:13:15 | 015,915,008 | ---- | C] (VSO-Software ) -- C:\Arquivos de programas\vsoConvertXtoDVD3_setup.exe

[2008/05/25 00:02:31 | 022,300,968 | ---- | C] (Skype Technologies S.A.) -- C:\Arquivos de programas\SkypeSetup.exe

[2008/05/05 16:33:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Silvia\Dados de aplicativos\pcouffin.sys

[2008/04/29 12:22:09 | 001,045,504 | ---- | C] (Laryon) -- C:\Arquivos de programas\ScanRn.exe

[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/09/30 15:34:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silvia\Desktop\OTL.exe

[2011/09/30 15:30:34 | 000,000,592 | ---- | M] () -- C:\windows\tasks\Norton Security Scan for Silvia.job

[2011/09/30 15:29:01 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/09/30 10:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job

[2011/09/30 03:29:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/09/29 18:30:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe

[2011/09/29 18:24:03 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/09/29 18:22:42 | 002,563,808 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Silvia\Desktop\ccsetup310_slim.exe

[2011/09/29 14:32:51 | 000,002,262 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2011/09/29 14:30:03 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2011/09/29 14:29:57 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/26 15:33:50 | 000,000,282 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job

[2011/09/23 21:30:25 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ajuda do PMB.lnk

[2011/09/23 21:30:25 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk

[2011/09/23 21:30:25 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk

[2011/09/19 12:26:30 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/09/18 16:31:17 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Silvia\.recently-used.xbel

[2011/09/18 16:16:32 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk

[2011/09/18 16:16:09 | 000,054,920 | -H-- | M] () -- C:\windows\System32\mlfcache.dat

[2011/09/03 01:05:51 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini

[2011/08/25 17:19:16 | 000,276,560 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/07/30 13:32:48 | 000,003,018 | ---- | M] () -- C:\windows\System32\CONFIG.NT

[2011/07/28 20:13:56 | 000,007,383 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\logoUcam.gif

[2011/07/28 20:12:54 | 000,005,748 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\logo_AVM.JPG

[2011/07/25 22:43:37 | 000,012,392 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\logo funny.jpg

[2011/07/14 15:56:40 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Receitanet Java 2010.02a.lnk

[2011/07/14 15:53:17 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Silvia\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk

[2011/07/04 08:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2011/07/04 08:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe

[2011/07/04 08:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys

[2011/07/04 08:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys

[2011/07/04 08:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys

[2011/07/04 08:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswmon2.sys

[2011/07/04 08:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswmon.sys

[2011/07/04 08:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys

[2011/07/04 08:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aavmker4.sys

[2011/07/04 08:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys

[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/29 18:24:03 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/09/23 21:30:25 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ajuda do PMB.lnk

[2011/09/23 21:30:25 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk

[2011/09/23 21:30:25 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\PMB.lnk

[2011/09/23 21:30:25 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk

[2011/09/22 21:18:18 | 000,098,304 | ---- | C] () -- C:\windows\System32\redmonnt.dll

[2011/09/18 16:31:17 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Silvia\.recently-used.xbel

[2011/09/18 16:16:32 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Download Assistant.lnk

[2011/09/18 16:16:32 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk

[2011/09/18 16:16:09 | 000,054,920 | -H-- | C] () -- C:\windows\System32\mlfcache.dat

[2011/07/28 20:13:56 | 000,007,383 | ---- | C] () -- C:\Documents and Settings\Silvia\Desktop\logoUcam.gif

[2011/07/28 20:12:54 | 000,005,748 | ---- | C] () -- C:\Documents and Settings\Silvia\Desktop\logo_AVM.JPG

[2011/07/25 22:43:36 | 000,012,392 | ---- | C] () -- C:\Documents and Settings\Silvia\Desktop\logo funny.jpg

[2011/07/14 15:56:40 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Receitanet Java 2010.02a.lnk

[2011/05/21 21:37:31 | 000,083,017 | ---- | C] () -- C:\Arquivos de programas\ScanRnUninstal.exe

[2010/12/16 21:53:35 | 000,187,902 | ---- | C] () -- C:\windows\hpwins27.dat

[2010/12/16 21:53:35 | 000,000,385 | ---- | C] () -- C:\windows\hpwmdl27.dat

[2010/11/03 00:37:38 | 000,161,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2010/10/01 21:11:30 | 000,126,003 | ---- | C] () -- C:\windows\HPHins12.dat.temp

[2010/10/01 21:11:30 | 000,014,916 | ---- | C] () -- C:\windows\hphmdl12.dat.temp

[2010/09/14 23:30:22 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll

[2009/12/20 22:42:18 | 000,000,330 | ---- | C] () -- C:\windows\primopdf.ini

[2009/07/04 14:28:49 | 001,092,248 | ---- | C] () -- C:\Arquivos de programas\Google Updater.exe

[2009/05/11 11:34:42 | 011,953,619 | ---- | C] () -- C:\Arquivos de programas\IRPF2009v1.1.zip

[2009/05/11 00:20:12 | 012,155,056 | ---- | C] () -- C:\Arquivos de programas\IRPF2009win32v1.1.rar

[2009/05/10 23:20:46 | 000,000,079 | ---- | C] () -- C:\windows\WININIT.INI

[2009/05/10 22:52:35 | 012,154,971 | ---- | C] () -- C:\Arquivos de programas\IRPF2009win32v1.1.exe

[2009/05/08 12:44:55 | 067,940,129 | ---- | C] () -- C:\Arquivos de programas\avgP8.5.rar

[2009/04/01 19:47:37 | 000,069,632 | ---- | C] () -- C:\windows\System32\MSJCE.dll

[2009/04/01 19:47:11 | 002,547,613 | ---- | C] () -- C:\Arquivos de programas\ReceitanetJava2009.01_setup_win32.exe

[2009/04/01 19:44:47 | 012,118,575 | ---- | C] () -- C:\Arquivos de programas\IRPF2009win32v1.0.exe

[2009/02/10 21:38:08 | 000,000,042 | ---- | C] () -- C:\windows\System32\erromil32.dll

[2009/02/10 21:35:49 | 000,002,638 | ---- | C] () -- C:\windows\System32\assuntos.dll

[2009/02/10 21:35:26 | 000,000,004 | ---- | C] () -- C:\windows\System32\total.dll

[2009/02/10 21:35:24 | 000,045,121 | ---- | C] () -- C:\windows\System32\logs.dll

[2009/02/10 21:35:24 | 000,020,543 | ---- | C] () -- C:\windows\System32\frases.dll

[2009/02/10 21:35:20 | 000,000,033 | ---- | C] () -- C:\windows\System32\errox32.dll

[2008/11/01 10:35:17 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini

[2008/11/01 10:35:15 | 000,755,027 | ---- | C] () -- C:\windows\System32\xvidcore.dll

[2008/11/01 10:35:15 | 000,159,839 | ---- | C] () -- C:\windows\System32\xvidvfw.dll

[2008/11/01 10:35:14 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll

[2008/11/01 10:10:32 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2008/10/31 08:52:47 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat

[2008/09/25 21:31:59 | 000,000,067 | ---- | C] () -- C:\windows\Easy DVD Creator.INI

[2008/08/13 20:16:24 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\vso_ts_preview.xml

[2008/05/25 13:40:33 | 119,232,319 | ---- | C] () -- C:\Arquivos de programas\BrOo_2.4.0_Win32Intel_install_pt-BR.exe

[2008/05/25 00:08:50 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat

[2008/05/22 14:53:18 | 002,915,697 | ---- | C] () -- C:\Arquivos de programas\wrar371br.exe

[2008/05/22 10:26:43 | 003,309,160 | ---- | C] () -- C:\Arquivos de programas\eMule0.49a-Installer1.exe

[2008/05/09 20:33:16 | 000,002,132 | ---- | C] () -- C:\windows\photoimpression.ini

[2008/05/09 20:33:16 | 000,000,600 | ---- | C] () -- C:\windows\videoimp.ini

[2008/05/09 20:33:09 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll

[2008/05/09 20:32:28 | 000,000,021 | ---- | C] () -- C:\windows\arcsuite.ini

[2008/05/06 20:11:44 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Silvia\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/05 16:47:20 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini

[2008/05/05 16:33:45 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\inst.exe

[2008/05/05 16:33:45 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\pcouffin.cat

[2008/05/05 16:33:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Silvia\Dados de aplicativos\pcouffin.inf

[2008/05/05 12:42:07 | 000,000,560 | ---- | C] () -- C:\windows\ODBC.INI

[2008/05/05 12:42:06 | 000,000,063 | ---- | C] () -- C:\windows\mdm.ini

[2008/05/05 12:41:58 | 000,000,000 | ---- | C] () -- C:\windows\NSREX.INI

[2008/05/05 12:31:48 | 000,157,696 | ---- | C] () -- C:\windows\System32\unrar.dll

[2008/05/05 12:31:46 | 000,019,968 | ---- | C] () -- C:\windows\System32\cpuinf32.dll

[2008/05/05 11:48:52 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat

[2008/05/05 11:43:22 | 000,021,844 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

[2008/05/05 08:36:11 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI

[2008/05/05 08:34:58 | 000,276,560 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2008/04/13 23:20:25 | 000,026,112 | ---- | C] () -- C:\windows\System32\dot3api.dll

[2008/04/13 23:20:25 | 000,019,456 | ---- | C] () -- C:\windows\System32\dimsntfy.dll

[2007/09/28 14:56:22 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll

[2007/09/28 14:53:06 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll

[2007/07/11 19:30:09 | 000,769,536 | ---- | C] () -- C:\Arquivos de programas\ScanRnServer.exe

[2007/07/11 19:30:09 | 000,032,730 | ---- | C] () -- C:\Arquivos de programas\languages.ini

[2004/08/03 23:57:52 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin

[2004/08/03 20:03:14 | 000,014,592 | ---- | C] () -- C:\windows\System32\drivers\ndisuio.sys

[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat

[2003/12/26 07:58:36 | 000,135,168 | ---- | C] () -- C:\windows\System32\Property.dll

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

[2001/10/28 09:07:18 | 000,471,022 | ---- | C] () -- C:\windows\System32\perfh016.dat

[2001/10/28 09:07:18 | 000,435,260 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2001/10/28 09:07:18 | 000,301,776 | ---- | C] () -- C:\windows\System32\perfi016.dat

[2001/10/28 09:07:18 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2001/10/28 09:07:18 | 000,079,980 | ---- | C] () -- C:\windows\System32\perfc016.dat

[2001/10/28 09:07:18 | 000,068,156 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2001/10/28 09:07:18 | 000,035,178 | ---- | C] () -- C:\windows\System32\perfd016.dat

[2001/10/28 09:07:18 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2001/10/28 09:07:08 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat

[2001/10/28 09:06:58 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2001/10/28 09:06:58 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin

[2001/10/28 09:06:32 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat

[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin

[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat

[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/24 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2011/06/14 18:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas

[2008/10/31 07:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2011/09/22 21:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IM

[2010/07/06 11:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2008/11/01 13:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

[2011/09/22 21:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\BrOffice.org2

[2008/08/13 10:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\BSplayer

[2008/08/11 20:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\BSplayer Pro

[2011/09/18 16:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/09/18 16:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\gtk-2.0

[2010/10/26 16:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Image Zone Express

[2008/05/22 21:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\LG Electronics

[2010/09/14 23:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\OpenCandy

[2011/05/21 21:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\PrimoPDF

[2010/09/14 23:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Uniblue

[2010/03/03 00:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\uTorrent

[2008/11/27 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silvia\Dados de aplicativos\Vso

[2011/09/26 15:33:50 | 000,000,282 | ---- | M] () -- C:\windows\Tasks\RegistryBooster.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008/04/14 09:00:00 | 000,261,936 | R--- | M] () -- C:\$LDR$

[2010/07/17 18:48:14 | 000,019,623 | ---- | M] () -- C:\84_1444-pobres14.JPG

[2009/06/04 20:55:08 | 000,000,275 | RHS- | M] () -- C:\BOOT.BAK

[2010/07/06 11:52:40 | 000,000,207 | ---- | M] () -- C:\boot.bak.txt

[2010/10/19 09:00:39 | 000,000,159 | -HS- | M] () -- C:\boot.ini

[2010/10/15 18:11:11 | 000,000,160 | ---- | M] () -- C:\boot2.ini

[2008/04/14 09:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2008/05/05 11:46:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/09/29 14:29:57 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/29 18:30:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe

[2011/09/29 18:33:08 | 000,011,321 | ---- | M] () -- C:\hijackthis.log

[2008/05/05 11:46:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/05/05 11:46:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 09:00:00 | 000,251,696 | RHS- | M] () -- C:\ntldr

[2011/09/29 14:29:57 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

[2008/09/25 22:34:46 | 000,040,465 | ---- | M] () -- C:\StarBurn.log

[2010/08/01 22:30:24 | 000,000,000 | ---- | M] () -- C:\Tech_Vista.log

[2008/05/18 23:51:42 | 000,467,756 | R--- | M] () -- C:\txtsetup.sif

[2009/02/13 16:28:59 | 000,000,055 | ---- | M] () -- C:\tyuwq22.err

< %systemdrive%\drivers\*.* /s >

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

[2011/07/04 08:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aavmker4.sys

[2011/07/04 08:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswFsBlk.sys

[2011/07/04 08:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswmon.sys

[2011/07/04 08:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswmon2.sys

[2011/07/04 08:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswRdr.sys

[2011/07/04 08:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswSnx.sys

[2011/07/04 08:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswSP.sys

[2011/07/04 08:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\windows\system32\drivers\aswTdi.sys

< %PROGRAMFILES%\*.* >

[2009/05/08 12:49:06 | 067,940,129 | ---- | M] () -- C:\Arquivos de programas\avgP8.5.rar

[2008/05/25 13:40:36 | 119,232,319 | ---- | M] () -- C:\Arquivos de programas\BrOo_2.4.0_Win32Intel_install_pt-BR.exe

[2008/05/22 10:26:55 | 003,309,160 | ---- | M] () -- C:\Arquivos de programas\eMule0.49a-Installer1.exe

[2009/07/04 14:28:50 | 001,092,248 | ---- | M] () -- C:\Arquivos de programas\Google Updater.exe

[2008/11/04 19:34:54 | 001,851,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\install_flash_player.exe

[2009/05/11 11:35:07 | 011,953,619 | ---- | M] () -- C:\Arquivos de programas\IRPF2009v1.1.zip

[2009/04/01 19:45:01 | 012,118,575 | ---- | M] () -- C:\Arquivos de programas\IRPF2009win32v1.0.exe

[2009/05/10 23:07:10 | 012,154,971 | ---- | M] () -- C:\Arquivos de programas\IRPF2009win32v1.1.exe

[2009/05/11 00:20:25 | 012,155,056 | ---- | M] () -- C:\Arquivos de programas\IRPF2009win32v1.1.rar

[2009/05/11 11:25:59 | 000,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\jre-6u13-windows-i586-p-iftw.exe

[2010/12/11 03:20:11 | 000,032,730 | ---- | M] () -- C:\Arquivos de programas\languages.ini

[2009/04/01 19:47:16 | 002,547,613 | ---- | M] () -- C:\Arquivos de programas\ReceitanetJava2009.01_setup_win32.exe

[2008/01/21 13:00:46 | 001,045,504 | ---- | M] (Laryon) -- C:\Arquivos de programas\ScanRn.exe

[2007/04/21 07:30:46 | 000,769,536 | ---- | M] () -- C:\Arquivos de programas\ScanRnServer.exe

[2011/05/21 21:37:32 | 000,083,017 | ---- | M] () -- C:\Arquivos de programas\ScanRnUninstal.exe

[2008/05/25 00:02:40 | 022,300,968 | ---- | M] (Skype Technologies S.A.) -- C:\Arquivos de programas\SkypeSetup.exe

[2008/08/13 20:13:15 | 015,915,008 | ---- | M] (VSO-Software ) -- C:\Arquivos de programas\vsoConvertXtoDVD3_setup.exe

[2008/05/22 14:53:18 | 002,915,697 | ---- | M] () -- C:\Arquivos de programas\wrar371br.exe

< %userprofile%\configurações locais\dados de aplicativos\*.exe >

< %userprofile%\configurações locais\dados de aplicativos\*.txt >

< %userprofile%\configurações locais\dados de aplicativos\*.ini >

[2011/06/16 19:38:53 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Silvia\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >

< %userprofile%\configurações locais\dados de aplicativos\*.dll >

< %userprofile%\*.exe >

< %userprofile%\.txt >

< %userprofile%\.ini >

< %userprofile%\.dat /30 >

< %userprofile%\.dll >

< %windir%\tasks\*.* /s >

[2001/10/28 09:07:04 | 000,000,065 | RH-- | M] () -- C:\windows\tasks\desktop.ini

[2011/09/30 10:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job

[2011/09/30 03:29:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/09/30 15:29:01 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/09/30 15:30:34 | 000,000,592 | ---- | M] () -- C:\windows\tasks\Norton Security Scan for Silvia.job

[2011/09/26 15:33:50 | 000,000,282 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job

[2011/09/29 14:31:54 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2008/05/05 11:46:04 | 000,000,067 | -HS- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.com >

[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont

[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\*.scr >

[2011/07/04 08:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2010/04/16 23:21:08 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR

[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 30/9/2011 16:16:51 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Silvia\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1023,23 Mb Total Physical Memory | 252,12 Mb Available Physical Memory | 24,64% Memory free

2,41 Gb Paging File | 1,79 Gb Available in Paging File | 74,49% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,04 Gb Total Space | 85,94 Gb Free Space | 57,66% Space Free | Partition Type: NTFS

Drive D: | 162,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SILVIA-B6CF1AA6 | User Name: Silvia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe" = C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe" = C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\Silvia\Meus documentos\Minhas imagens\utorrent-1.8-rc6.upx.exe" = C:\Documents and Settings\Silvia\Meus documentos\Minhas imagens\utorrent-1.8-rc6.upx.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1EB9ED31-184D-4034-A4E1-10223BAF40A8}" = BrOffice.org 2.4

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216012F0}" = Java 6 Update 12

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 24

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.0.26

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant

"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer

"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.6 - Português

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile

"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C50BF854-E881-434F-9C67-5A73EBB58F06}" = Windows Live Toolbar

"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps

"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ArcSoft Camera Suite" = ArcSoft Camera Suite

"avast" = avast! Free antivírus

"BS.Player ControlBar" = BS.Player ControlBar

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CCleaner" = CCleaner

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"CSCLIB" = Canon Camera Support Core Library

"DealPly" = DealPly

"DVD Shrink_is1" = DVD Shrink 3.2

"Easy DVD Creator_is1" = Easy DVD Creator 1.7.1

"eMule" = eMule

"EOS Utility" = Canon Utilities EOS Utility

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 6.0.2 (x86 pt-BR)" = Mozilla Firefox 6.0.2 (x86 pt-BR)

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"Nero - Burning Rom!UninstallKey" = Nero 6 Demo

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NSS" = Norton Security Scan

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"Receitanet Java 2010.02a" = Receitanet Java 2010.02a

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Shop for HP Supplies" = Shop for HP Supplies

"Spyware Doctor" = Spyware Doctor 6.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FoxTab PDF Converter" = FoxTab PDF Converter

"ScanRn/ScanRnServer" = ScanRn/ScanRnServer

"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ System Events ]

Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7001

Description = O serviço AVG Free8 E-mail Scanner depende do serviço AVG Free8 WatchDog,

mas não foi possível iniciá-lo devido ao seguinte erro: %%2

Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023

Description = O serviço Central de Segurança terminou com o erro: %%193

Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: AvgLdx86 AvgMfx86 AvgTdiX

Error - 29/9/2011 13:32:49 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023

Description = O serviço Central de Segurança terminou com o erro: %%193

Error - 29/9/2011 13:32:50 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023

Description = O serviço Conexões de rede terminou com o erro: %%193

Error - 29/9/2011 13:33:19 | Computer Name = SILVIA-B6CF1AA6 | Source = DCOM | ID = 10010

Description = O servidor {BA126AD1-2166-11D1-B1D0-00805FC1270E} não se registrou

com o DCOM dentro do tempo limite requerido.

Error - 29/9/2011 13:33:20 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023

Description = O serviço Conexões de rede terminou com o erro: %%193

Error - 29/9/2011 13:33:50 | Computer Name = SILVIA-B6CF1AA6 | Source = DCOM | ID = 10010

Description = O servidor {BA126AD1-2166-11D1-B1D0-00805FC1270E} não se registrou

com o DCOM dentro do tempo limite requerido.

Error - 29/9/2011 13:44:04 | Computer Name = SILVIA-B6CF1AA6 | Source = Service Control Manager | ID = 7023

Description = O serviço Conexões de rede terminou com o erro: %%193

Error - 29/9/2011 13:44:34 | Computer Name = SILVIA-B6CF1AA6 | Source = DCOM | ID = 10010

Description = O servidor {BA126AD1-2166-11D1-B1D0-00805FC1270E} não se registrou

com o DCOM dentro do tempo limite requerido.

< End of report >

MUITO OBRIGADA!!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, vamos acabar com o problema...

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "MyStart Search"

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.14.5

FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/mb68/?loc=ff_address_bar&u=92260080570736548&search="

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehcef.dll) - File not found

O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\AutoRun\command - "" = E:\ekugb3.bat

O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\explore\Command - "" = E:\ekugb3.bat

O33 - MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\Shell\open\Command - "" = E:\ekugb3.bat

:reg

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\

01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\

00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Commands

[createrestorepoint]

[purity]

[emptytemp]

Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em execadmin.png.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão BotaoConsertar.png

O Programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo Log do Hijackthis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!! Me perdoe por demorar tanto a voltar aqui, eu fiquei internada, com pneumonia, mas agora já estou bem melhor, em casa. Muito Obrigada mesmo por você estar me ajudando desta forma, não tenho nem palavras para agradecer. Eu vou colar aqui o que você pediu, mas eu queria te dizer que mesmo assim o tal do "incredimail / my start" continua aqui, como site de buscas padrão do meu computador, e o pior é que é um site de buscas horrível, horrível, antes qualquer coisa que eu pesquisasse caía direto no google, nem precisava digitar o site do google, agora tenho que trocar toda hora, realmente não sei o que é isso... =(

Primeiro vou colar o log do OTL:

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!

Prefs.js: "MyStart Search" removed from browser.search.defaultenginename

Prefs.js: "MyStart Search" removed from browser.search.selectedEngine

Prefs.js: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12 removed from extensions.enabledItems

Prefs.js: smartwebprinting@hp.com:4.5 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems

Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems

Prefs.js: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.14.5 removed from extensions.enabledItems

Prefs.js: "http://mystart.incre...70736548=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.

File E:\ekugb3.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.

File E:\ekugb3.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ef306c-8b61-11dd-9c95-0011d896c775}\ not found.

File E:\ekugb3.bat not found.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!

========== COMMANDS ==========

Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 197501 bytes

->FireFox cache emptied: 53524 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56509 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 128478 bytes

User: Marcela

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Silvia

->Temp folder emptied: 230999633 bytes

->Temporary Internet Files folder emptied: 15760987 bytes

->Java cache emptied: 100411717 bytes

->FireFox cache emptied: 109604591 bytes

->Google Chrome cache emptied: 20250090 bytes

->Flash cache emptied: 58564 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134162 bytes

%systemroot%\System32 .tmp files removed: 102809 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3457735 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 461,00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10142011_130235

Files\Folders moved on Reboot...

File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

AGORA VOU COLOCAR O NOVO HIJACK:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:29:05, on 14/10/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\windows\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

C:\windows\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Google Updater] "C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [status] present

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210002061175

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\ARQUIV~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: Gerenciador do Google Desktop 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9fccd75c592ec) (gupdate1c9fccd75c592ec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--

End of file - 11206 bytes

Então é isso. Desculpa a demora, é mto ruim ficar doente, só quando a gente fica doente é que percebe como é bom ter saúde, mtas vezes a gente nem percebe né.... Obrigada, beijos!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×