Relatorio do ComboFix

[Dani.]

[RenatoMejias]

Cada caso é um caso, não adianta olhar o caso dos outros e achar que vai se aplicar a você.

Leia o tópico abaixo e siga os procedimetos iniciais:

http://scriptbrasil.com.br/forum/index.php?showtopic=86007

[Dani.]

Esse é o log do Hijackthis...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:06:12, on 21/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMConfig.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Windows\ctfmom.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMProcess.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\cmd.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\TEMP\Rar$EX00.843\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KMCONFIG] C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [] C:\Windows\ctfmom.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B3C56D1C-1994-4011-A35B-0E60787EC7E9}: NameServer = 200.165.135.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFEB086E-1F7E-45AD-8377-1711AC27CA54}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--

End of file - 9192 bytes

[RenatoMejias]

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\Windows\ctfmom.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

[Dani.]

Copiei o nome do arquivo e apareceu q ele não existe!

[RenatoMejias]

Você configurou o Windows para mostrar todos os arquivos?

[Dani.]

Sim. Pra ter certeza fiz novamente a configuração e fui no virustotal.com, coloquei o nome do arquivo e apraceu novamente a mensagem "Arquivo não encontrado. Verifique se o nome do arquivo correto foi especificado".

[RenatoMejias]

1. Faça o download do DDS e salve no desktop.

Links Alternativos

Link2

• Temporariamente desative seus programas de proteção.
• Duplo clique em dds.scr.
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
• Salve os resultados e cole-os no seu tópico.

[Dani.]

dds.txt:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrador at 9:05:09,42 on seg 03/05/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1368 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 100503-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

svchost.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMConfig.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMProcess.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [Google Update] "c:\documents and settings\administrador\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [bluebirds] c:\documents and settings\administrador\bluebirds\BlueBirds.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [ink Monitor] c:\arquivos de programas\epson\ink monitor\InkMonitor.exe

mRun: [EPSON Stylus CX3700 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [KMCONFIG] c:\arquivos de programas\keyboard & mouse driver\StartAutorun.exe KMConfig.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>] c:\windows\ctfmom.exe

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

TCP: {B3C56D1C-1994-4011-A35B-0E60787EC7E9} = 200.165.135.155

TCP: {FFEB086E-1F7E-45AD-8377-1711AC27CA54} = 200.165.132.155 200.149.55.140

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

se: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-16 114768]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-10-20 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-10-20 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-10-20 185089]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-16 20560]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2009-9-16 138680]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-20 56816]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\arquivos de programas\keyboard & mouse driver\KMWDSrv.exe [2008-6-23 208896]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2010-2-6 2208]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-9-16 1358720]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2009-9-16 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2009-9-16 352920]

=============== Created Last 30 ================

2010-04-25 19:19:01 0 d-----w- c:\arquivos de programas\Microsoft Visual Studio 8

2010-04-25 19:18:26 0 d-----w- c:\windows\SHELLNEW

2010-04-18 22:38:40 0 d-sha-r- C:\cmdcons

2010-04-18 22:34:59 98816 ----a-w- c:\windows\sed.exe

2010-04-18 22:34:59 77312 ----a-w- c:\windows\MBR.exe

2010-04-18 22:34:59 261632 ----a-w- c:\windows\PEV.exe

2010-04-18 22:34:59 161792 ----a-w- c:\windows\SWREG.exe

2010-04-18 22:34:55 0 d-----w- C:\ComboFix

2010-04-18 21:21:51 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-05-03 06:24:45 80470 ----a-w- c:\windows\system32\perfc016.dat

2010-05-03 06:24:45 471546 ----a-w- c:\windows\system32\perfh016.dat

2010-03-11 12:32:05 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:32:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:31:59 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-09 11:10:39 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-28 22:35:12 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-02-16 19:07:12 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07:12 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34:55 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-04 13:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-02-04 13:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-02-04 13:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-02-04 13:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2009-09-16 12:19:52 32768 --sha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009091620090917\index.dat

2008-04-13 22:21:12 1695232 --sha-w- c:\windows\vistamizer\old\msmsgs.exe

============= FINISH: 9:05:24,18 ===============

attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 16/9/2009 09:19:01

System Uptime: 5/3/2010 03:20:21 (1422 hours ago)

Motherboard: DIGITRON | | G31T-M7

Processor: Processador Intel Pentium III Xeon | CPU 1 | 2926/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 247,355 GiB free.

D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP148: 2/2/2010 19:14:32 - Ponto de verificação do sistema

RP149: 5/2/2010 22:52:44 - Software Distribution Service 3.0

RP150: 8/2/2010 14:34:46 - Ponto de verificação do sistema

RP151: 9/2/2010 16:09:29 - Ponto de verificação do sistema

RP152: 10/2/2010 16:40:49 - Ponto de verificação do sistema

RP153: 10/2/2010 22:56:01 - Software Distribution Service 3.0

RP154: 16/2/2010 19:31:54 - Ponto de verificação do sistema

RP155: 19/2/2010 00:38:21 - Ponto de verificação do sistema

RP156: 20/2/2010 12:36:52 - Ponto de verificação do sistema

RP157: 23/2/2010 18:57:10 - Ponto de verificação do sistema

RP158: 24/2/2010 00:12:48 - Software Distribution Service 3.0

RP159: 25/2/2010 21:30:52 - Ponto de verificação do sistema

RP160: 27/2/2010 19:05:57 - Ponto de verificação do sistema

RP161: 28/2/2010 19:27:50 - Ponto de verificação do sistema

RP162: 28/2/2010 19:31:59 - Installed VistaMizer

RP163: 1/3/2010 21:55:44 - Ponto de verificação do sistema

RP164: 2/3/2010 23:24:22 - Ponto de verificação do sistema

RP165: 4/3/2010 00:13:22 - Ponto de verificação do sistema

RP166: 5/3/2010 02:01:36 - Ponto de verificação do sistema

RP167: 6/3/2010 13:18:33 - Ponto de verificação do sistema

RP168: 7/3/2010 21:58:36 - Ponto de verificação do sistema

RP169: 8/3/2010 22:01:33 - Ponto de verificação do sistema

RP170: 10/3/2010 00:39:12 - Ponto de verificação do sistema

RP171: 11/3/2010 00:54:32 - Ponto de verificação do sistema

RP172: 11/3/2010 03:00:16 - Software Distribution Service 3.0

RP173: 12/3/2010 12:06:04 - Software Distribution Service 3.0

RP174: 13/3/2010 19:49:09 - Ponto de verificação do sistema

RP175: 14/3/2010 21:59:21 - Ponto de verificação do sistema

RP176: 15/3/2010 22:21:52 - Ponto de verificação do sistema

RP177: 16/3/2010 23:02:23 - Ponto de verificação do sistema

RP178: 17/3/2010 23:36:06 - Ponto de verificação do sistema

RP179: 18/3/2010 19:28:36 - DirectX instalado

RP180: 22/3/2010 14:26:50 - Ponto de verificação do sistema

RP181: 22/3/2010 16:01:59 - Software Distribution Service 3.0

RP182: 23/3/2010 16:02:38 - Ponto de verificação do sistema

RP183: 24/3/2010 03:00:13 - Software Distribution Service 3.0

RP184: 25/3/2010 03:50:12 - Ponto de verificação do sistema

RP185: 26/3/2010 04:11:33 - Ponto de verificação do sistema

RP186: 26/3/2010 12:36:17 - combofix

RP187: 28/3/2010 14:48:40 - Configured Platform

RP188: 28/3/2010 15:24:06 - Configured Microsoft Office Enterprise 2007

RP189: 28/3/2010 15:31:32 - Driver de impressão Send To Microsoft OneNote Driver instalado

RP190: 29/3/2010 15:45:25 - Ponto de verificação do sistema

RP191: 29/3/2010 18:52:47 - Removed Microsoft Office Enterprise 2007

RP192: 29/3/2010 19:04:57 - Installed Microsoft Office Enterprise 2007

RP193: 29/3/2010 19:10:49 - Driver de impressão Send To Microsoft OneNote Driver instalado

RP194: 29/3/2010 23:39:06 - Software Distribution Service 3.0

RP195: 31/3/2010 00:05:41 - Ponto de verificação do sistema

RP196: 31/3/2010 03:01:29 - Software Distribution Service 3.0

RP197: 1/4/2010 19:52:11 - Ponto de verificação do sistema

RP198: 2/4/2010 20:20:45 - Ponto de verificação do sistema

RP199: 3/4/2010 20:47:53 - Ponto de verificação do sistema

RP200: 4/4/2010 03:00:17 - Software Distribution Service 3.0

RP201: 4/4/2010 10:38:50 - Software Distribution Service 3.0

RP202: 4/4/2010 17:25:04 - Software Distribution Service 3.0

RP203: 4/4/2010 18:13:37 - Software Distribution Service 3.0

RP204: 5/4/2010 19:06:34 - Ponto de verificação do sistema

RP205: 7/4/2010 17:45:17 - Ponto de verificação do sistema

RP206: 8/4/2010 23:17:59 - Ponto de verificação do sistema

RP207: 11/4/2010 17:10:50 - Ponto de verificação do sistema

RP208: 12/4/2010 19:39:50 - Ponto de verificação do sistema

RP209: 13/4/2010 19:48:32 - Software Distribution Service 3.0

RP210: 13/4/2010 23:35:43 - Software Distribution Service 3.0

RP211: 14/4/2010 01:03:57 - Software Distribution Service 3.0

RP212: 16/4/2010 11:23:09 - Ponto de verificação do sistema

RP213: 17/4/2010 16:13:34 - Ponto de verificação do sistema

RP214: 18/4/2010 17:16:56 - Ponto de verificação do sistema

RP215: 18/4/2010 18:18:47 - ComboFix

RP216: 18/4/2010 18:21:15 - Operação de restauração

RP217: 20/4/2010 12:05:21 - Ponto de verificação do sistema

RP218: 21/4/2010 16:56:08 - Ponto de verificação do sistema

RP219: 23/4/2010 20:49:11 - Ponto de verificação do sistema

RP220: 24/4/2010 00:17:57 - Removed Microsoft Office Enterprise 2007

RP221: 24/4/2010 00:25:27 - Installed Microsoft Office Enterprise 2007

RP222: 24/4/2010 00:51:43 - Installed Microsoft Office Enterprise 2007

RP223: 24/4/2010 01:32:46 - Installed Microsoft Office Enterprise 2007

RP224: 25/4/2010 02:16:48 - Ponto de verificação do sistema

RP225: 25/4/2010 03:00:15 - Software Distribution Service 3.0

RP226: 25/4/2010 15:31:22 - Installed Microsoft Office Enterprise 2007

RP227: 25/4/2010 15:38:20 - Driver de impressão Send To Microsoft OneNote Driver instalado

RP228: 25/4/2010 15:56:27 - Removed Microsoft Office Enterprise 2007

RP229: 25/4/2010 16:17:47 - Installed Microsoft Office Enterprise 2007

RP230: 25/4/2010 16:23:04 - Driver de impressão Send To Microsoft OneNote Driver instalado

RP231: 26/4/2010 03:00:17 - Software Distribution Service 3.0

RP232: 26/4/2010 23:31:25 - Software Distribution Service 3.0

RP233: 28/4/2010 01:18:57 - Ponto de verificação do sistema

RP234: 29/4/2010 01:27:47 - Ponto de verificação do sistema

RP235: 30/4/2010 02:23:37 - Ponto de verificação do sistema

RP236: 1/5/2010 02:31:42 - Ponto de verificação do sistema

RP237: 2/5/2010 03:00:20 - Software Distribution Service 3.0

RP238: 3/5/2010 03:00:25 - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2 - Português

ArcSoft PhotoImpression 5

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows Internet Explorer 7 (KB974455)

Atualização de Segurança para Windows Internet Explorer 7 (KB976325)

Atualização de Segurança para Windows Internet Explorer 7 (KB978207)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371-v2)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971468)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB971961)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973525)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975561)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977165)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978251)

Atualização de Segurança para Windows XP (KB978262)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979683)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB981349)

Atualização para Windows Internet Explorer 7 (KB976749)

Atualização para Windows Internet Explorer 7 (KB980182)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

avast! Antivirus

Avira AntiVir Personal - Free Antivirus

BS.Player FREE

DVD Shrink 3.2

eMule

EPSON Reference Guide

EPSON Scan

Ferramenta de Carregamento do Windows Live

Free MSN Emoticons Pack 1

Google Chrome

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

Hotfix para Windows XP (KB976098-v2)

Hotfix para Windows XP (KB979306)

Ink Monitor

Intel® Graphics Media Accelerator Driver

K-Lite Mega Codec Pack 5.1.0

Keyboard & Mouse Driver

Messenger Plus! Live

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

OGA Notifier 2.0.0048.0

Platform

PowerDVD

RemoveIT Pro v4 - SE

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB980470)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Segoe UI

Software para Impressoras EPSON

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB981715)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Outlook 2007 Junk Email Filter (kb981433)

VIA Gerenciador de dispositivo de plataforma

VistaMizer 3.3.0.0

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

WinZip

XP Codec Pack

==== End Of File ===========================

[RenatoMejias]

Exclua o executável do ComboFix e baixe-o novamente, depois execute-o.

Poste o log gerado.

[Dani.]

ComboFix 10-05-03.03 - Administrador 07/05/2010 20:08:14.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1508 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Meus documentos\Downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 100506-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\WindowsUpdate

c:\windows\obs.txt

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-07 to 2010-05-07 ))))))))))))))))))))))))))))

.

2010-04-25 19:20 . 2010-04-25 19:20 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-04-25 19:19 . 2010-04-25 19:19 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 8

2010-04-25 19:18 . 2010-04-25 19:21 -------- d-----w- c:\windows\SHELLNEW

2010-04-25 19:17 . 2010-04-25 19:17 -------- d-----r- C:\MSOCache

2010-04-18 21:21 . 2010-04-18 21:21 -------- d-----w- c:\windows\system32\wbem\Repository

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-07 23:04 . 1782-01-19 03:14 471546 ----a-w- c:\windows\system32\perfh016.dat

2010-05-07 23:04 . 1782-01-19 03:14 80470 ----a-w- c:\windows\system32\perfc016.dat

2010-05-04 02:38 . 2010-03-19 00:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GetRightToGo

2010-05-03 06:04 . 2009-10-10 21:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-02 06:02 . 2009-10-10 21:15 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-04-25 18:59 . 2009-11-10 21:04 -------- d-----w- c:\arquivos de programas\MSBuild

2010-04-05 00:52 . 2009-09-16 13:25 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-03-28 18:22 . 2010-03-23 03:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer

2010-03-28 17:51 . 2009-09-16 12:49 -------- d-----w- c:\arquivos de programas\VIA

2010-03-23 03:46 . 2010-03-23 03:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer Pro

2010-03-23 03:46 . 2010-03-23 03:46 -------- d-----w- c:\arquivos de programas\Webteh

2010-03-22 23:39 . 2010-01-20 13:33 -------- d-----w- c:\arquivos de programas\eMule

2010-03-22 19:04 . 2010-03-22 19:04 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-03-22 17:52 . 2010-03-28 18:18 697690 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer\AC3 Filter\unins000.exe

2010-03-18 16:35 . 2010-02-28 02:33 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead

2010-03-15 01:07 . 2010-03-15 01:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2010-03-11 22:11 . 2010-03-11 22:11 -------- d-----w- c:\arquivos de programas\Microsoft

2010-03-11 22:11 . 2009-09-18 00:15 -------- d-----w- c:\arquivos de programas\Windows Live

2010-03-11 12:32 . 2008-10-28 16:18 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:32 . 2008-10-28 16:18 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:31 . 2008-10-28 16:17 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-09 11:10 . 2008-04-13 21:20 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-28 22:35 . 2008-04-13 21:20 219648 ----a-w- c:\windows\system32\uxtheme.dll

2010-02-24 13:11 . 2008-04-13 14:17 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-23 20:01 . 2010-03-23 03:59 1185871 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer\FFDShow\unins000.exe

2010-02-23 19:00 . 2010-03-23 04:00 42288 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer\Haali media splitter\uninstall.exe

2010-02-16 19:07 . 2008-04-13 21:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2008-04-13 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2008-04-13 21:20 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2008-04-13 14:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-02-07 01:01 . 2010-02-07 01:01 2208 ----a-w- c:\windows\system32\drivers\nxsIO32.sys

2008-04-13 22:21 . 2010-02-28 22:34 1695232 --sha-w- c:\windows\VistaMizer\old\msmsgs.exe

.

------- Sigcheck -------

[-] 2008-04-13 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-13 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-13 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-04-13 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2008-04-13 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll

[-] 2008-04-13 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-13 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll

[-] 2008-04-13 . F1A3E95588DB92660C8C6DAA9101D49B . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-13 . F1A3E95588DB92660C8C6DAA9101D49B . 1554432 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe

[-] 2009-01-16 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-13 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-13 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-04-18_22.43.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-07 23:00 . 2010-05-07 23:00 16384 c:\windows\Temp\Perflib_Perfdata_564.dat

- 2010-04-18 22:43 . 2010-04-18 22:43 53248 c:\windows\Temp\catchme.dll

+ 2010-05-07 23:11 . 2010-05-07 23:11 53248 c:\windows\Temp\catchme.dll

+ 2010-04-25 19:23 . 2008-11-10 14:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll

- 2010-03-29 22:10 . 2008-11-10 14:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll

- 2010-03-29 22:10 . 2008-11-10 14:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll

+ 2010-04-25 19:23 . 2008-11-10 14:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll

- 1782-01-19 03:14 . 2010-04-18 21:26 68156 c:\windows\system32\perfc009.dat

+ 1782-01-19 03:14 . 2010-05-07 23:04 68156 c:\windows\system32\perfc009.dat

+ 2006-11-17 21:22 . 2006-11-17 21:22 35648 c:\windows\system32\FM20PTB.DLL

+ 2010-04-25 19:18 . 2010-04-25 19:18 48128 c:\windows\Installer\80b9a8.msi

+ 2010-04-25 19:23 . 2010-05-03 06:04 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2010-03-29 22:09 . 2010-03-29 22:09 12096 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 12096 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 12080 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 12080 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 64288 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 64288 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 12112 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 12112 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 11544 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 11544 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 12104 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 12104 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 20280 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 20280 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 12096 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 12096 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL

+ 2010-04-25 19:20 . 2010-04-25 19:20 12096 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 12096 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 39624 c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 39624 c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 72472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 72472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 39704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 39704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 39712 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 39712 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 60200 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 60200 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 39728 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 39728 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 43840 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 43840 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll

+ 2010-05-02 06:02 . 2010-05-02 06:02 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll

+ 2010-04-25 19:20 . 2010-04-25 19:20 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 88896 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 88896 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2010-04-25 19:20 . 2010-04-25 19:20 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 16712 c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 16712 c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 31560 c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 31560 c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL

+ 2010-04-25 19:19 . 2010-04-25 19:19 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources.dll

+ 2010-04-25 19:19 . 2010-04-25 19:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources.dll

+ 2010-04-25 19:19 . 2010-04-25 19:19 4608 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.resources.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

- 2010-03-29 22:10 . 2008-11-10 14:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll

+ 2010-04-25 19:23 . 2008-11-10 14:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll

+ 2010-04-25 19:23 . 2008-11-10 14:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll

- 2010-03-29 22:10 . 2008-11-10 14:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll

+ 1782-01-19 03:14 . 2010-05-07 23:04 435260 c:\windows\system32\perfh009.dat

- 1782-01-19 03:14 . 2010-04-18 21:26 435260 c:\windows\system32\perfh009.dat

+ 2009-09-16 09:05 . 2010-04-25 21:08 270192 c:\windows\system32\FNTCACHE.DAT

- 2009-09-16 09:05 . 2010-03-29 22:18 270192 c:\windows\system32\FNTCACHE.DAT

+ 2010-04-25 19:19 . 2010-04-25 19:19 502272 c:\windows\Installer\80b9c7.msi

+ 2010-04-25 19:19 . 2010-04-25 19:19 506880 c:\windows\Installer\80b9c2.msi

+ 2010-04-25 19:19 . 2010-04-25 19:19 513024 c:\windows\Installer\80b9bc.msi

+ 2010-04-25 19:19 . 2010-04-25 19:19 505856 c:\windows\Installer\80b9b7.msi

+ 2009-05-26 21:53 . 2009-05-26 21:53 579072 c:\windows\Installer\378304f.msp

+ 2010-05-02 06:00 . 2010-05-02 06:00 217864 c:\windows\Installer\{90120000-006E-0416-0000-0000000FF1CE}\misc.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2010-04-04 06:03 . 2010-04-04 06:03 350064 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL

+ 2010-05-02 06:03 . 2010-05-02 06:03 350064 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL

- 2010-04-04 06:03 . 2010-04-04 06:03 118176 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.6425\IPOMINT.DLL

+ 2010-05-02 06:03 . 2010-05-02 06:03 118176 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.6425\IPOMINT.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 781104 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 781104 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 248632 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 248632 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 416544 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 416544 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 118112 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 118112 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 609104 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 609104 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 150320 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 150320 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 330520 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 330520 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 105248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 105248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 211736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 211736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 367400 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 367400 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

- 2010-04-04 20:26 . 2010-04-04 20:26 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

+ 2010-05-03 06:02 . 2010-05-03 06:02 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2010-05-02 06:03 . 2010-05-02 06:03 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

- 2010-03-29 22:09 . 2010-03-29 22:09 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

+ 2010-04-25 19:21 . 2010-04-25 19:21 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 232248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 232248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

+ 2010-05-03 06:03 . 2010-05-03 06:03 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

- 2010-04-04 20:27 . 2010-04-04 20:27 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 146232 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 146232 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 404296 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 404296 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll

- 2010-04-04 06:03 . 2010-04-04 06:03 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2010-05-02 06:02 . 2010-05-02 06:02 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

+ 2010-04-25 19:20 . 2010-04-25 19:20 1641984 c:\windows\Installer\80b9de.msi

+ 2010-04-25 19:20 . 2010-04-25 19:20 1655296 c:\windows\Installer\80b9d9.msi

+ 2010-04-25 19:20 . 2010-04-25 19:20 1655296 c:\windows\Installer\80b9d3.msi

+ 2010-04-25 19:19 . 2010-04-25 19:19 1654272 c:\windows\Installer\80b9cd.msi

+ 2010-04-25 19:19 . 2010-04-25 19:19 2347008 c:\windows\Installer\80b9b2.msi

+ 2010-04-25 19:18 . 2010-04-25 19:18 1649152 c:\windows\Installer\80b9ad.msi

+ 2010-04-25 19:18 . 2010-04-25 19:18 1643008 c:\windows\Installer\80b9a2.msi

+ 2010-04-25 19:18 . 2010-04-25 19:18 2025472 c:\windows\Installer\80b99c.msi

+ 2010-04-25 19:18 . 2010-04-25 19:18 1751040 c:\windows\Installer\80b996.msi

+ 2010-04-25 19:18 . 2010-04-25 19:18 2415616 c:\windows\Installer\80b991.msi

+ 2010-02-21 04:03 . 2010-02-21 04:03 4472832 c:\windows\Installer\37830e0.msp

+ 2009-04-24 15:30 . 2009-04-24 15:30 2583552 c:\windows\Installer\37830c4.msp

+ 2009-08-05 10:49 . 2009-08-05 10:49 3457024 c:\windows\Installer\37830ac.msp

+ 2009-04-24 15:28 . 2009-04-24 15:28 4450816 c:\windows\Installer\3783094.msp

+ 2009-07-27 07:31 . 2009-07-27 07:31 3738624 c:\windows\Installer\378307c.msp

+ 2010-02-04 20:24 . 2010-02-04 20:24 9122304 c:\windows\Installer\3783066.msp

+ 2009-10-16 10:09 . 2009-10-16 10:09 2518016 c:\windows\Installer\378303a.msp

+ 2010-02-21 04:00 . 2010-02-21 04:00 8480768 c:\windows\Installer\3783024.msp

+ 2010-02-21 04:02 . 2010-02-21 04:02 4195840 c:\windows\Installer\378300d.msp

+ 2009-08-18 16:08 . 2009-08-18 16:08 1373696 c:\windows\Installer\3782ff2.msp

+ 2009-04-24 15:29 . 2009-04-24 15:29 9013760 c:\windows\Installer\3782fa2.msp

+ 2009-04-04 12:08 . 2009-04-04 12:08 1878016 c:\windows\Installer\269fc1f.msp

+ 2009-04-04 20:10 . 2009-04-04 20:10 7888384 c:\windows\Installer\269fc18.msp

+ 2009-04-04 20:10 . 2009-04-04 20:10 9926144 c:\windows\Installer\269fc0f.msp

+ 2009-02-25 22:08 . 2009-02-25 22:08 8311808 c:\windows\Installer\1e6ba55.msp

+ 2010-03-12 02:59 . 2010-03-12 02:59 5031424 c:\windows\Installer\1e6ba40.msp

- 2010-03-29 22:10 . 2010-04-14 04:04 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-04-25 19:23 . 2010-05-03 06:04 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2010-03-29 22:10 . 2010-04-14 04:04 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-04-25 19:21 . 2010-04-25 19:21 1276720 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL

- 2010-03-29 22:08 . 2010-03-29 22:08 1276720 c:\windows\Installer\$PatchCache$\Managed0002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL

- 2010-04-04 06:03 . 2010-04-04 06:03 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2010-05-02 06:03 . 2010-05-02 06:03 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

- 2010-03-29 22:08 . 2010-03-29 22:08 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

- 2010-03-29 22:09 . 2010-03-29 22:09 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll

+ 2010-04-25 19:21 . 2010-04-25 19:21 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll

+ 2010-04-25 19:23 . 2010-04-25 19:23 18181632 c:\windows\Installer\80b9e4.msi

+ 2008-08-11 14:49 . 2008-08-11 14:49 22457344 c:\windows\Installer\64ddfa0.msp

+ 2010-03-22 19:03 . 2010-03-22 19:03 11732992 c:\windows\Installer\37830f6.msp

+ 2009-08-18 15:50 . 2009-08-18 15:50 12022272 c:\windows\Installer\3782fdd.msp

+ 2009-04-04 12:08 . 2009-04-04 12:08 20197888 c:\windows\Installer\269fa93.msp

+ 2009-04-04 12:07 . 2009-04-04 12:07 14066688 c:\windows\Installer\269fa87.msp

+ 2008-09-24 15:05 . 2008-09-24 15:05 16381440 c:\windows\Installer\1e6ba6b.msp

+ 2009-04-04 20:08 . 2009-04-04 20:08 343058432 c:\windows\Installer\269fc05.msp

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-02-28 135664]

"bluebirds"="c:\documents and settings\Administrador\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-05-14 33624064]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]

"EPSON Stylus CX3700 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACL.EXE" [2005-02-07 98304]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"KMCONFIG"="c:\arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe" [2008-05-30 212992]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 142360]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-22 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/9/2009 10:30 114768]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/10/2009 17:52 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/9/2009 10:30 20560]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe [23/6/2008 21:28 208896]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [6/2/2010 22:01 2208]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/9/2009 09:49 1358720]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-05-07 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {B3C56D1C-1994-4011-A35B-0E60787EC7E9} = 200.165.135.155

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-HijackThis - c:\windows\TEMP\Rar$EX00.016\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-07 20:11

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(748)

c:\windows\system32\setupapi.dll

c:\windows\system32\psbase.dll

.

Tempo para conclusão: 2010-05-07 20:12:06

ComboFix-quarantined-files.txt 2010-05-07 23:12

ComboFix2.txt 2010-04-18 22:45

Pré-execução: 9 pasta(s) 267.054.280.704 bytes disponíveis

Pós execução: 12 pasta(s) 267.054.219.264 bytes disponíveis

- - End Of File - - 4883E134D1BD7845F23472575E1D59AA

Teria algum problema se eu voltar a configuração do windows para não mostrar todos os arquivos?

[RenatoMejias]

Pode voltar a ocultar arquivos protegidos.

Leia atentamente toda a instrução abaixo antes de executar o programa.

Faça download do Kaspersky Removal Tool e salve em seu desktop.

• Instale o programa normalmente, seguindo todas as instruções.
• Uma pasta chamada Virus Removal Tool será criada no desktop.
• Na tela do programa clique nas opções:
  • Meu computador
  • Hidden Startup objects
  • Disk boot sectors
  • System Memory
• Clique no botão Start Scan.
• Seja paciente, o scan é demorado!
• Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.
• Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:
  • Desinfection (quando possível)
  • Delete
  • Skip
• Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
• Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
  • Autoscan
  • Group by result
  • All Events
• Expanda Autoscan clicando no sinal ao lado de +
• Expanda Result: Detected.
• Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.
• Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.
• Abra o Bloco de Notas e cole (ctrl + v)
• Dê um nome para o arquivo e salve numa pasta de sua preferência.
• Feche o resultado clicando no botão Exit.
• Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.
• Reinicie o computador quando for pedido.
• Poste o conteúdo desse arquivo em sua próxima resposta.

OBSERVAÇÃO1:

Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

• verde
  :
  baixo risco
• amarelo
  :
  médio risco
• vermelho
  :
  alto risco

Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em

Skip

.

OBSERVAÇÃO2:

Se no resultado final do scan apenas tiver

Result:

OK

, não precisa gerar um relatório, apenas informe deste.

OBSERVAÇÃO3:

Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:

c:\

QooBox

. Caso isto aconteça escolha a opção

Skip

, pois a mesma pertence ao

ComboFix

e será removida quando o mesmo for desinstalado.

[Dani.]

Autoscan: completed 1 minute ago (events: 154639, objects: 151666, time: 00:46:55)

Result: OK (events: 148177)

Result: Detected (events: 3)

Result: Archive (events: 5014)

Result: Packed (events: 1438)

Result: Deleted (events: 2)

14/5/2010 23:05:34 C:\System Volume Information\_restore{AB37E865-4D2D-4D67-A610-CEA4767B0101}\RP241\A0067436.exe

14/5/2010 23:08:00 C:\WINDOWS\system32\Tools\Hide.exe

Result: Backed up (events: 2)

Result: Not processed (events: 1)

Result: Task started (events: 1)

Result: Task completed (events: 1)

[Dani.]

Desconsidere o post anterior. Copiei a parte errada!

Esta é a parte correta:

consAutoscan: completed 1 minute ago (events: 154617, objects: 151635, time: 00:44:24)

Result: OK (events: 148150)

Result: Detected (events: 2)

14/5/2010 23:44:39 C:\System Volume Information\_restore{AB37E865-4D2D-4D67-A610-CEA4767B0101}\RP189\A0049656.exe Information

14/5/2010 23:57:30 C:\System Volume Information\_restore{AB37E865-4D2D-4D67-A610-CEA4767B0101}\RP247\A0069819.exe

Result: Archive (events: 5024)

Result: Packed (events: 1436)

Result: Deleted (events: 1)

Result: Backed up (events: 1)

Result: Not processed (events: 1)

Result: Task started (events: 1)

Result: Task completed (events: 1)

Obs: O primeiro arquivo mostrava um "i" dentro de uma bola azul. O segundo arquivo uma "!" dentro de um triângulo amarelo

[RenatoMejias]

Os arquivos apontados como infecção estão na restauração do sistema. Isso será apagado com os procedimentos finais.

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

Faça download do OTCleanIt by OldTimer

• Salve no seu desktop (área/ambiente de trabalho).
• Duplo-clique no icone do OTC.
• Clique no botão "Cleanup"
• Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

• Abra o programa e clique em Executar Limpeza;
• Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

[Dani.]

Meu pc ainda tem um problema. O Windows Live Messeger não inicia mas automaticamente. Sempre aparece uma janela com a mensagem "Um componente do Messenger não funciona e precisa ser reiniciado". O que pode ser isso?

[RenatoMejias]

Já tentou reinstalar o Live Messenger para ver se resolve o problema?

[MayzaFrança]

[vinno]

EU AINDA CONTINUO COM PAGINAS ABRINDO SOZINHAS o que FAZER ?

ComboFix 15-04-19.01 - Ronald 25/04/2015 20:08:43.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2701 [GMT -4:00]

Running from: c:\users\Ronald\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\ShopperPro

c:\program files (x86)\ShopperPro\config.json

c:\program files (x86)\ShopperPro\database1_0_0.json

c:\program files (x86)\ShopperPro\FireFox\content\overlay.xul

c:\program files (x86)\ShopperPro\FireFox\content\shopperpro_128.png

c:\program files (x86)\ShopperPro\FireFox\install.rdf

c:\program files (x86)\ShopperPro\JSDriver\1460.0.0.0\config.json

c:\program files (x86)\ShopperPro\JSDriver\1460.0.0.0\database1_0_0.json

c:\program files (x86)\ShopperPro\manifest.json

c:\programdata\ShopperPro

c:\programdata\ShopperPro\config.json

c:\programdata\ShopperPro\database1_0_0.json

c:\programdata\Tbccint

c:\programdata\Tbccint\Multi\CT1561552\configutaion.json

c:\programdata\Tbccint\Multi\CT1561552\SetupIcon.ico

c:\programdata\Tbccint\Multi\CT1561552\UninstallerUI.exe

c:\users\Ronald\AppData\Local\Tbccint

c:\users\Ronald\AppData\Local\Tbccint\Community Alerts\Alert.dll

.

.

((((((((((((((((((((((((( Files Created from 2015-03-26 to 2015-04-26 )))))))))))))))))))))))))))))))

.

.

2015-04-26 00:16 . 2015-04-26 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-04-25 05:06 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8196927-181B-405A-9D46-A8A30F65F03B}\mpengine.dll

2015-04-22 01:23 . 2015-04-22 01:23 -------- d-----w- c:\users\Default\AppData\Roaming\AVAST Software

2015-04-21 23:53 . 2015-04-21 23:53 -------- d-----w- c:\program files (x86)\mp3DirectCut

2015-04-16 20:03 . 2015-04-16 20:03 -------- d-----w- c:\users\Ronald\AppData\Roaming\Dev-Cpp

2015-04-16 20:01 . 2015-04-16 20:01 -------- d-----w- c:\program files (x86)\Dev-Cpp

2015-04-16 03:04 . 2015-04-16 03:04 -------- d-----w- c:\program files\CCleaner

2015-04-15 18:53 . 2015-04-15 18:53 -------- d-s---w- c:\windows\system32\CompatTel

2015-04-15 18:53 . 2015-04-15 18:53 -------- d-----w- c:\windows\system32\appraiser

2015-04-14 22:47 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll

2015-04-14 22:45 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys

2015-04-14 22:41 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys

2015-04-14 22:41 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll

2015-04-14 22:41 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll

2015-04-14 22:17 . 2015-04-14 22:16 364472 ----a-w- c:\windows\system32\aswBoot.exe

2015-04-14 22:16 . 2015-04-14 22:16 43112 ----a-w- c:\windows\avastSS.scr

2015-04-14 22:15 . 2015-04-14 22:15 449896 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys

2015-04-14 22:09 . 2015-04-14 22:09 -------- d-----w- c:\programdata\Radio

2015-04-09 10:12 . 2015-04-09 10:13 -------- d-----w- c:\program files (x86)\Scratch

2015-04-08 01:37 . 2015-04-09 02:07 -------- d-----w- c:\programdata\T122078ED

2015-04-06 03:46 . 2015-04-06 03:51 -------- d-----w- c:\program files (x86)\AirDroid

2015-04-04 19:10 . 2015-04-25 19:16 -------- d-----w- c:\program files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9

2015-04-04 07:01 . 2015-04-04 07:01 -------- d-s---w- c:\windows\system32\GWX

2015-04-04 07:01 . 2015-04-04 07:01 -------- d-s---w- c:\windows\SysWow64\GWX

2015-04-03 15:49 . 2015-04-03 15:49 -------- d-----w- c:\program files (x86)\Apoio

2015-04-02 02:43 . 2015-04-04 08:16 -------- d-----w- c:\program files\shopperz

2015-04-02 02:43 . 2015-04-03 17:51 -------- d-----w- c:\program files\PopDeals

2015-03-28 03:16 . 2015-04-08 01:37 -------- d-----w- c:\programdata\NetEngine

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-04-14 22:42 . 2014-08-28 06:25 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2015-04-14 22:42 . 2014-08-28 06:25 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-04-14 22:16 . 2014-08-28 06:03 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2015-04-14 22:16 . 2014-08-28 06:03 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys

2015-04-14 22:16 . 2014-08-28 06:03 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2015-04-14 22:16 . 2014-08-28 06:03 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2015-04-14 22:16 . 2014-08-28 06:03 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys

2015-04-14 22:16 . 2014-08-28 06:03 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2015-04-14 22:16 . 2014-08-28 06:03 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2015-04-14 22:16 . 2014-08-28 06:03 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2015-04-14 22:16 . 2014-09-23 21:23 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2015-03-24 20:59 . 2014-08-28 06:09 35344 ----a-w- c:\windows\system32\drivers\npf.sys

2015-03-24 20:59 . 2014-08-28 06:09 73728 ----a-w- c:\windows\system32\wltrynt.dll

2015-03-24 20:59 . 2014-08-28 06:09 4659712 ----a-w- c:\windows\system32\bcmttls.dll

2015-03-24 20:59 . 2014-08-28 06:09 445 ----a-w- c:\windows\system32\vcredist_x64.bat

2015-03-24 20:59 . 2014-08-28 06:09 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe

2015-03-24 20:59 . 2014-08-28 06:09 1047552 ----a-w- c:\windows\system32\BCMLogon.dll

2015-03-24 20:59 . 2014-08-28 06:09 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe

2015-03-24 20:59 . 2014-08-28 06:09 446 ----a-w- c:\windows\SysWow64\vcredist_x64.bat

2015-03-24 20:59 . 2014-08-28 06:09 22592 ----a-w- c:\windows\system32\drivers\bcm42rly.sys

2015-03-24 20:59 . 2014-08-28 06:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2015-03-17 04:56 . 2015-04-14 22:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2015-03-15 19:34 . 2015-01-07 00:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2015-02-26 03:25 . 2015-03-11 21:05 3204096 ----a-w- c:\windows\system32\win32k.sys

2015-02-24 08:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe

2015-02-20 04:41 . 2015-03-11 21:07 41984 ----a-w- c:\windows\system32\lpk.dll

2015-02-20 04:40 . 2015-03-11 21:07 100864 ----a-w- c:\windows\system32\fontsub.dll

2015-02-20 04:40 . 2015-03-11 21:07 14336 ----a-w- c:\windows\system32\dciman32.dll

2015-02-20 04:40 . 2015-03-11 21:07 46080 ----a-w- c:\windows\system32\atmlib.dll

2015-02-20 04:13 . 2015-03-11 21:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2015-02-20 04:13 . 2015-03-11 21:07 10240 ----a-w- c:\windows\SysWow64\dciman32.dll

2015-02-20 04:13 . 2015-03-11 21:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2015-02-20 04:12 . 2015-03-11 21:07 25600 ----a-w- c:\windows\SysWow64\lpk.dll

2015-02-20 03:29 . 2015-03-11 21:07 372224 ----a-w- c:\windows\system32\atmfd.dll

2015-02-20 03:09 . 2015-03-11 21:07 299008 ----a-w- c:\windows\SysWow64\atmfd.dll

2015-02-13 05:22 . 2015-03-11 21:05 14177280 ----a-w- c:\windows\system32\shell32.dll

2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

2015-02-04 03:16 . 2015-03-11 21:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2015-02-04 02:54 . 2015-03-11 21:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2015-02-03 03:34 . 2015-03-11 21:06 693176 ----a-w- c:\windows\system32\winload.efi

2015-02-03 03:34 . 2015-03-11 21:06 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys

2015-02-03 03:33 . 2015-03-11 21:06 616360 ----a-w- c:\windows\system32\winresume.efi

2015-02-03 03:31 . 2015-03-11 21:06 14632960 ----a-w- c:\windows\system32\wmp.dll

2015-02-03 03:31 . 2015-03-11 21:06 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll

2015-02-03 03:31 . 2015-03-11 21:06 229376 ----a-w- c:\windows\system32\wintrust.dll

2015-02-03 03:31 . 2015-03-11 21:05 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll

2015-02-03 03:31 . 2015-03-11 21:05 215552 ----a-w- c:\windows\system32\ubpm.dll

2015-02-03 03:31 . 2015-03-11 21:06 5120 ----a-w- c:\windows\system32\msdxm.ocx

2015-02-03 03:31 . 2015-03-11 21:06 5120 ----a-w- c:\windows\system32\dxmasf.dll

2015-02-03 03:31 . 2015-03-11 21:06 63488 ----a-w- c:\windows\system32\setbcdlocale.dll

2015-02-03 03:31 . 2015-03-11 21:06 1574400 ----a-w- c:\windows\system32\quartz.dll

2015-02-03 03:31 . 2015-03-11 21:06 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll

2015-02-03 03:31 . 2015-03-11 21:06 371712 ----a-w- c:\windows\system32\qdvd.dll

2015-02-03 03:31 . 2015-03-11 21:06 188416 ----a-w- c:\windows\system32\pcasvc.dll

2015-02-03 03:31 . 2015-03-11 21:06 37376 ----a-w- c:\windows\system32\pcadm.dll

2015-02-03 03:31 . 2015-03-11 21:06 9728 ----a-w- c:\windows\system32\spwmp.dll

2015-02-03 03:31 . 2015-03-11 21:06 641024 ----a-w- c:\windows\system32\msscp.dll

2015-02-03 03:31 . 2015-03-11 21:06 325632 ----a-w- c:\windows\system32\msnetobj.dll

2015-02-03 03:31 . 2015-03-11 21:06 11264 ----a-w- c:\windows\system32\msmmsp.dll

2015-02-03 03:31 . 2015-03-11 21:06 432128 ----a-w- c:\windows\system32\mfplat.dll

2015-02-03 03:31 . 2015-03-11 21:06 4121600 ----a-w- c:\windows\system32\mf.dll

2015-02-03 03:31 . 2015-03-11 21:06 206848 ----a-w- c:\windows\system32\mfps.dll

2015-02-03 03:30 . 2015-03-11 21:06 631808 ----a-w- c:\windows\system32\evr.dll

2015-02-03 03:30 . 2015-03-11 21:06 284672 ----a-w- c:\windows\system32\EncDump.dll

2015-02-03 03:30 . 2015-03-11 21:07 1202176 ----a-w- c:\windows\system32\drmv2clt.dll

2015-02-03 03:30 . 2015-03-11 21:06 497664 ----a-w- c:\windows\system32\drmmgrtn.dll

2015-02-03 03:30 . 2015-03-11 21:06 1480192 ----a-w- c:\windows\system32\crypt32.dll

2015-02-03 03:30 . 2015-03-11 21:06 1069056 ----a-w- c:\windows\system32\cryptui.dll

2015-02-03 03:30 . 2015-03-11 21:06 82432 ----a-w- c:\windows\system32\cryptsp.dll

2015-02-03 03:30 . 2015-03-11 21:06 140288 ----a-w- c:\windows\system32\cryptnet.dll

2015-02-03 03:30 . 2015-03-11 21:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll

2015-02-03 03:30 . 2015-03-11 21:07 842240 ----a-w- c:\windows\system32\blackbox.dll

2015-02-03 03:30 . 2015-03-11 21:06 680960 ----a-w- c:\windows\system32\audiosrv.dll

2015-02-03 03:30 . 2015-03-11 21:06 440832 ----a-w- c:\windows\system32\AudioEng.dll

2015-02-03 03:30 . 2015-03-11 21:06 296448 ----a-w- c:\windows\system32\AudioSes.dll

2015-02-03 03:30 . 2015-03-11 21:06 32256 ----a-w- c:\windows\system32\appidsvc.dll

2015-02-03 03:30 . 2015-03-11 21:06 58880 ----a-w- c:\windows\system32\appidapi.dll

2015-02-03 03:30 . 2015-03-11 21:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe

2015-02-03 03:30 . 2015-03-11 21:06 9728 ----a-w- c:\windows\system32\pcalua.exe

2015-02-03 03:30 . 2015-03-11 21:06 11264 ----a-w- c:\windows\system32\pcawrk.exe

2015-02-03 03:30 . 2015-03-11 21:06 24576 ----a-w- c:\windows\system32\mfpmp.exe

2015-02-03 03:30 . 2015-03-11 21:06 126464 ----a-w- c:\windows\system32\audiodg.exe

2015-02-03 03:30 . 2015-03-11 21:06 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe

2015-02-03 03:30 . 2015-03-11 21:06 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe

2015-02-03 03:30 . 2015-03-11 21:06 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2015-02-03 03:29 . 2015-03-11 21:06 8704 ----a-w- c:\windows\system32\pcaevts.dll

2015-02-03 03:28 . 2015-03-11 21:06 2048 ----a-w- c:\windows\system32\mferror.dll

2015-02-03 03:19 . 2015-03-11 21:06 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys

2015-02-03 03:12 . 2015-03-11 21:06 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll

2015-02-03 03:12 . 2015-03-11 21:06 179200 ----a-w- c:\windows\SysWow64\wintrust.dll

2015-02-03 03:12 . 2015-03-11 21:05 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2015-02-03 03:12 . 2015-03-11 21:05 171520 ----a-w- c:\windows\SysWow64\ubpm.dll

2015-02-03 03:12 . 2015-03-11 21:06 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx

2015-02-03 03:12 . 2015-03-11 21:06 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll

2015-02-03 03:12 . 2015-03-11 21:06 1329664 ----a-w- c:\windows\SysWow64\quartz.dll

2015-02-03 03:12 . 2015-03-11 21:06 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2015-02-03 03:12 . 2015-03-11 21:06 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll

2015-02-03 03:12 . 2015-03-11 21:06 8192 ----a-w- c:\windows\SysWow64\spwmp.dll

2015-02-03 03:12 . 2015-03-11 21:06 504320 ----a-w- c:\windows\SysWow64\msscp.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-14 5512912]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-11 335232]

.

c:\users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Windows Explorer.lnk - c:\users\Ronald\AppData\Roaming\jjjgu\dllmonitor.exe "c:\users\Ronald\AppData\Roaming\jjjgu\hdeipmok.js" [2015-4-9 168960]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Windows Explorer.lnk - c:\users\Ronald\AppData\Roaming\jjjgu\dllmonitor.exe "c:\users\Ronald\AppData\Roaming\jjjgu\hdeipmok.js" [2015-4-9 168960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"RequireSignedAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe

.

R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]

R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;tsusbhub [x]

S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 ccnfd_1_10_0_5;ccnfd_1_10_0_5;c:\windows\system32\drivers\ccnfd_1_10_0_5.sys;c:\windows\SYSNATIVE\drivers\ccnfd_1_10_0_5.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 GyFxRYxepe;GyFxRYxepe;c:\programdata\nmcgUEJwgJK\GyFxRYxepe.exe;c:\programdata\nmcgUEJwgJK\GyFxRYxepe.exe [x]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S2 Service Mgr InternetProgram;Service Mgr InternetProgram;c:\programdata\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe;c:\programdata\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe [x]

S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-04-16 03:43 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25 22:42]

.

2015-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 06:04]

.

2015-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 06:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2015-04-14 22:16 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-28 12343400]

"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2015-03-24 7138816]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-20 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-20 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-20 440600]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://q.search-simple.com/?affID=bl_ad5adb6d-818a-47d9-8046-27de505d4820

mStart Page = https://www.google.com/?trackid=sp-006

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

mSearch Bar = https://www.google.com/?trackid=sp-006

uInternet Settings,ProxyOverride = <-loopback>

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 200.189.88.52 200.189.88.39 201.6.4.116

FF - ProfilePath - c:\users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\zyprb519.default-1428289877863\

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - hxxp://login.lataminternet.com/search.php?q=

FF - prefs.js: keyword.URL - hxxp://login.lataminternet.com/search.php?q=

FF - user.js: browser.startup.homepage - hxxp://login.lataminternet.com/search.php?q=);user_pref(keyword.URL, http://login.lataminternet.com/search.php?q=

.

- - - - ORPHANS REMOVED - - - -

.

Notify-SDWinLogon - SDWinLogon.dll

ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va025]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va025"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.17"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2015-04-25 20:18:59

ComboFix-quarantined-files.txt 2015-04-26 00:18

.

Pre-Run: 294.642.581.504 bytes disponíveis

Post-Run: 294.455.619.584 bytes disponíveis

.

- - End Of File - - 080D6ABFC8C563C0FEBBD984AE710448

A36C5E4F47E84449FF07ED3517B43A31

[virusnao]

Considere usar outros programas, não tem jeito. Baixe todas as versões trials dos softwares de antivírus e faça a análise. Tente também o Registry Life, ele remove algumas entradas inválidas do registro e compacta melhorando consideravelmente o sistema.