Ir ao conteúdo
  • Cadastre-se

Makev

Membros Plenos
  • Total de itens

    37
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre Makev

  • Data de Nascimento 15/02/1986 (34 anos)

Informações gerais

  • Cidade e Estado
    Piracicaba
  1. Opa Diego, Podemos finalizar! Muito obrigado pela ajuda!
  2. Olá amigo, não foram encontradas nenhuma ameaça xD Meu PC está limpo??
  3. Opa amigo, Segue o LOG do MBAM. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2013.12.12.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16721 Jessica Marton :: JESSICA [administrador] Proteção: Permitir 12/12/2013 13:21:56 mbam-log-2013-12-12 (13-21-56).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 206419 Tempo decorrido: 3 minuto(s), 5 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 2 HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso. HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso. Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim)
  4. Opa amigo, Segue o LOG do MBAM. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2013.12.12.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16721 Jessica Marton :: JESSICA [administrador] Proteção: Permitir 12/12/2013 13:21:56 mbam-log-2013-12-12 (13-21-56).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 206419 Tempo decorrido: 3 minuto(s), 5 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 2 HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso. HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso. Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim)
  5. Olá amigo, O Windows Defender já está desativado. Como não sei exatamente que log do KAV você precisa, salvei apenas o com os problemas encontrados. Esses foram resolvidos, porém não sei se sobrou algum. Das últimas vezes sempre removia, mas voltava no próximo scan. Tipo: Desconhecido (2) eaxlB4XG.zip.part Desinfetados 10/12/2013 23:43:31 C:\Documents and Settings\Jessica Marton\AppData\Local\Temp\ eaxlB4XG.zip.part $RT11ZTZ.zip Desinfetados 10/12/2013 23:39:48 C:\$Recycle.Bin\S-1-5-21-3614186074-2504421357-1263002846-1001\ $RT11ZTZ.zip Tipo: cavalo de Troia (3) Trojan.Win32.Badur.fkts Excluídos 10/12/2013 23:45:22 C:\Documents and Settings\Jessica Marton\AppData\Local\Temp\is180804277\ cor_ar_2013514142423_portal.exe Trojan-Downloader.Win32.Dofoil.rdh Excluídos 10/12/2013 23:43:31 C:\Documents and Settings\Jessica Marton\AppData\Local\Temp\eaxlB4XG.zip.part// VoiceMail_Piracicaba.exe Trojan-Downloader.Win32.Dofoil.rdh Excluídos 10/12/2013 23:39:48 C:\$Recycle.Bin\S-1-5-21-3614186074-2504421357-1263002846-1001\$RT11ZTZ.zip// VoiceMail_Piracicaba.exe
  6. Sem problemas amigo, Segue os logs atualizados. Não deve ter nenhuma mudança, pois não utilizei o computador desde que postei os logs, mas aqui vai. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Jessica Marton at 13:23:18 on 2013-12-08 Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.4044.2586 [GMT -2:00] . AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\AdminService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\dashost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\Apvfb.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll uRun: [Facebook Update] "C:\Users\Jessica Marton\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 192.168.25.1 TCP: Interfaces\{1D716A73-595B-41BB-8D0A-CB1C72A28678} : DHCPNameServer = 192.168.25.1 TCP: Interfaces\{1D716A73-595B-41BB-8D0A-CB1C72A28678}\14E4442554 : DHCPNameServer = 200.204.0.10 200.204.0.138 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe /silent x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jessica Marton\AppData\Roaming\Mozilla\Firefox\Profiles\361ir2qe.default\ FF - prefs.js: browser.search.selectedEngine - BuscaPé FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/watch?v=Yi64risvqto FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Users\Jessica Marton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll . ============= SERVICES / DRIVERS =============== . R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-2 28504] R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2012-8-3 50448] R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2012-8-13 178448] R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2013-6-25 208384] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-23 2429544] R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-25 565760] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2012-5-25 29280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2012-7-25 29280] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-7-23 340072] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29616] S2 AVP;Serviço do Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-8-17 356128] S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\Drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920] S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\Drivers\nmwcdnsucx64.sys [2011-8-17 12800] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\Drivers\nmwcdnsux64.sys [2011-8-17 171008] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] . =============== Created Last 30 ================ . 2013-12-06 01:28:10 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin 2013-12-06 01:06:09 -------- d-----w- C:\Users\Jessica Marton\AppData\Roaming\ClassicShell 2013-12-06 01:05:57 -------- d-----w- C:\ProgramData\ClassicShell 2013-12-06 01:05:13 -------- d-----w- C:\Program Files\Classic Shell . ==================== Find3M ==================== . 2013-10-20 19:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll 2013-10-20 19:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll 2013-10-09 08:36:56 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys 2013-10-09 08:36:56 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys 2013-10-09 08:36:52 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys 2013-10-02 01:38:13 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-02 01:38:13 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2010-01-26 12:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe . ============= FINISH: 13:23:36,61 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Pro Boot Device: \Device\HarddiskVolume2 Install Date: 13/07/2013 01:32:57 System Uptime: 05/12/2013 22:59:42 (63 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core i3-2370M CPU @ 2.40GHz | N/A | 2400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 382,8 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: Description: Device ID: ACPI\SNY5001\4&3BB360A&0 Manufacturer: Name: PNP Device ID: ACPI\SNY5001\4&3BB360A&0 Service: . ==== System Restore Points =================== . RP18: 06/11/2013 03:01:04 - Scheduled Checkpoint RP19: 05/12/2013 23:04:18 - Installed Classic Shell . ==== Installed Programs ====================== . µTorrent 64 Bit HP CIO Components Installer Adobe Flash Player 11 Plugin Alps Pointing-device for VAIO Apple Mobile Device Support Apple Software Update Bonjour BufferChm Classic Shell Cockroach on Desktop 1.2 D110 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Destinations DeviceDiscovery Facebook Video Calling 1.2.0.287 Google Chrome Google Earth Plug-in Google Update Helper GPBaseService2 High-Definition Video Playback 10 HP Imaging Device Functions 14.0 HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 HP Solution Center 14.0 HP Update HPAppStudio HPPhotoGadget HPProductAssistant Intel® Processor Graphics iTunes K-Lite Mega Codec Pack 9.9.5 Kaspersky Anti-Virus 2013 Keyboard Shortcuts Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Portuguese (Brazil)) 2010 Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (Portuguese (Brazil)) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (Portuguese (Brazil)) 2010 Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010 Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 Microsoft Office Word MUI (Portuguese (Brazil)) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MozBackup 1.5.1 Mozilla Firefox 25.0.1 (x86 pt-BR) Mozilla Maintenance Service Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero Burning ROM 10 Nero Control Center 10 Nero Core Components 10 Nero Dolby Files 10 Nero Express 10 Nero Multimedia Suite 10 Nero StartSmart 10 Network64 Nokia Connectivity Cable Driver PS_AIO_07_D110_SW_Min QuickTransfer Realtek PCIE Card Reader Scan Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition SolutionCenter Status Suporte para Aplicativos Apple Toolbox TrayApp Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition VDownloader 3.9.1502 WebReg WinPcap 4.1.1 WinRAR 4.10 (64-bit) . ==== End Of File =========================== gmer.txt GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-08 13:51:48 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 WDC_WD5000BPVT-55HXZT3 rev.01.01A01 465,76GB Running: 7xbzxxy7.exe; Driver: C:\Users\JESSIC~1\AppData\Local\Temp\pwloypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001faa00 7 bytes [40, CA, 81, 01, 00, 4C, F2] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001faa08 7 bytes [01, EA, BF, FF, 00, C7, DA] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue 000007fc95143f11 6 bytes JMP 000007fd8c954810 .text C:\Windows\Explorer.EXE[3596] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameW 000007fc92382110 5 bytes JMP 000007fd8c955050 .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\slc.dll!SLIsWindowsGenuineLocal 000007fc8f72d724 7 bytes JMP 000007fd8c954980 .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\sppc.dll!SLIsGenuineLocalEx 000007fc87cbd014 5 bytes JMP 000007fc8c9549a0 .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc896c1532 4 bytes [6C, 89, FC, 07] .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc896c153a 4 bytes [6C, 89, FC, 07] .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc896c165a 4 bytes [6C, 89, FC, 07] .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc94e9177a 4 bytes JMP 000007fc94f11413 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc94e91782 4 bytes JMP 000007fc94f1141b .text C:\Program Files\Apoint\Apoint.exe[3804] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc94e9177a 4 bytes JMP 000007fc94f11413 .text C:\Program Files\Apoint\Apoint.exe[3804] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc94e91782 4 bytes JMP 000007fc94f1141b .text C:\Program Files\Apoint\ApMsgFwd.exe[3484] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 306 000007fc94e9177a 4 bytes JMP 000007fc94f11413 .text C:\Program Files\Apoint\ApMsgFwd.exe[3484] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 314 000007fc94e91782 4 bytes JMP 000007fc94f1141b .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3648] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc896c1532 4 bytes [6C, 89, FC, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3648] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc896c153a 4 bytes [6C, 89, FC, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3648] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc896c165a 4 bytes [6C, 89, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3128] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc896c1532 4 bytes [6C, 89, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3128] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc896c153a 4 bytes [6C, 89, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3128] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc896c165a 4 bytes [6C, 89, FC, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [624:648] fffff960008f75e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1626755944 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\844bf5cd7812 ---- EOF - GMER 2.1 ----
  7. Olá gente, Fui burro e cliquei em um link de e-mail com vírus, o meu Kaspersky até encontra, mas não consegue remover completamente. Poderiam por favor, me auxiliar? dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Jessica Marton at 0:35:31 on 2013-12-06 Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.4044.2417 [GMT -2:00] . AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\AdminService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\dashost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\Apvfb.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll uRun: [Facebook Update] "C:\Users\Jessica Marton\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 192.168.25.1 TCP: Interfaces\{1D716A73-595B-41BB-8D0A-CB1C72A28678} : DHCPNameServer = 192.168.25.1 TCP: Interfaces\{1D716A73-595B-41BB-8D0A-CB1C72A28678}\14E4442554 : DHCPNameServer = 200.204.0.10 200.204.0.138 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe /silent x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jessica Marton\AppData\Roaming\Mozilla\Firefox\Profiles\361ir2qe.default\ FF - prefs.js: browser.search.selectedEngine - BuscaPé FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/watch?v=Yi64risvqto FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Users\Jessica Marton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll . ============= SERVICES / DRIVERS =============== . R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-2 28504] R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2012-8-3 50448] R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2012-8-13 178448] R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2013-6-25 208384] R2 AVP;Serviço do Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-8-17 356128] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-23 2429544] R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-25 565760] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2012-5-25 29280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2012-7-25 29280] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-7-23 340072] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29616] S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\Drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920] S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\Drivers\nmwcdnsucx64.sys [2011-8-17 12800] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\Drivers\nmwcdnsux64.sys [2011-8-17 171008] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] . =============== Created Last 30 ================ . 2013-12-06 01:28:10 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin 2013-12-06 01:06:09 -------- d-----w- C:\Users\Jessica Marton\AppData\Roaming\ClassicShell 2013-12-06 01:05:57 -------- d-----w- C:\ProgramData\ClassicShell 2013-12-06 01:05:13 -------- d-----w- C:\Program Files\Classic Shell . ==================== Find3M ==================== . 2013-10-20 19:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll 2013-10-20 19:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll 2013-10-09 08:36:56 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys 2013-10-09 08:36:56 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys 2013-10-09 08:36:52 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys 2013-10-02 01:38:13 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-02 01:38:13 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2010-01-26 12:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe . ============= FINISH: 0:35:48,09 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Pro Boot Device: \Device\HarddiskVolume2 Install Date: 13/07/2013 01:32:57 System Uptime: 05/12/2013 22:59:12 (2 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core i3-2370M CPU @ 2.40GHz | N/A | 2400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 383,249 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: Description: Device ID: ACPI\SNY5001\4&3BB360A&0 Manufacturer: Name: PNP Device ID: ACPI\SNY5001\4&3BB360A&0 Service: . ==== System Restore Points =================== . RP18: 06/11/2013 03:01:04 - Scheduled Checkpoint RP19: 05/12/2013 23:04:18 - Installed Classic Shell . ==== Installed Programs ====================== . µTorrent 64 Bit HP CIO Components Installer Adobe Flash Player 11 Plugin Alps Pointing-device for VAIO Apple Mobile Device Support Apple Software Update Bonjour BufferChm Classic Shell Cockroach on Desktop 1.2 D110 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Destinations DeviceDiscovery Facebook Video Calling 1.2.0.287 Google Chrome Google Earth Plug-in Google Update Helper GPBaseService2 High-Definition Video Playback 10 HP Imaging Device Functions 14.0 HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 HP Solution Center 14.0 HP Update HPAppStudio HPPhotoGadget HPProductAssistant Intel® Processor Graphics iTunes K-Lite Mega Codec Pack 9.9.5 Kaspersky Anti-Virus 2013 Keyboard Shortcuts Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Portuguese (Brazil)) 2010 Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (Portuguese (Brazil)) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (Portuguese (Brazil)) 2010 Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010 Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 Microsoft Office Word MUI (Portuguese (Brazil)) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MozBackup 1.5.1 Mozilla Firefox 25.0.1 (x86 pt-BR) Mozilla Maintenance Service Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero Burning ROM 10 Nero Control Center 10 Nero Core Components 10 Nero Dolby Files 10 Nero Express 10 Nero Multimedia Suite 10 Nero StartSmart 10 Network64 Nokia Connectivity Cable Driver PS_AIO_07_D110_SW_Min QuickTransfer Realtek PCIE Card Reader Scan Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition SolutionCenter Status Suporte para Aplicativos Apple Toolbox TrayApp Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition VDownloader 3.9.1502 WebReg WinPcap 4.1.1 WinRAR 4.10 (64-bit) . ==== End Of File =========================== GMER.txt GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-06 00:57:06 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 WDC_WD5000BPVT-55HXZT3 rev.01.01A01 465,76GB Running: 7xbzxxy7.exe; Driver: C:\Users\JESSIC~1\AppData\Local\Temp\pwloypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\svchost.exe[1816] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fc8c431b32 4 bytes [43, 8C, FC, 07] .text C:\Windows\System32\svchost.exe[1816] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fc8c431b3a 4 bytes [43, 8C, FC, 07] .text C:\Windows\System32\svchost.exe[1884] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fc8c431b32 4 bytes [43, 8C, FC, 07] .text C:\Windows\System32\svchost.exe[1884] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fc8c431b3a 4 bytes [43, 8C, FC, 07] .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryLicenseValue 000007fc95143f11 6 bytes JMP 000007fd8c954810 .text C:\Windows\Explorer.EXE[3596] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameW 000007fc92382110 5 bytes JMP 000007fd8c955050 .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\slc.dll!SLIsWindowsGenuineLocal 000007fc8f72d724 7 bytes JMP 000007fd8c954980 .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\sppc.dll!SLIsGenuineLocalEx 000007fc87cbd014 5 bytes JMP 000007fc8c9549a0 .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc896c1532 4 bytes [6C, 89, FC, 07] .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc896c153a 4 bytes [6C, 89, FC, 07] .text C:\Windows\Explorer.EXE[3596] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc896c165a 4 bytes [6C, 89, FC, 07] .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc94e9177a 4 bytes JMP 000007fc94f11413 .text C:\Windows\System32\igfxpers.exe[1628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc94e91782 4 bytes JMP 000007fc94f1141b .text C:\Program Files\Apoint\Apoint.exe[3804] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc94e9177a 4 bytes JMP 000007fc94f11413 .text C:\Program Files\Apoint\Apoint.exe[3804] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc94e91782 4 bytes JMP 000007fc94f1141b .text C:\Program Files\Apoint\ApMsgFwd.exe[3484] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 306 000007fc94e9177a 4 bytes JMP 000007fc94f11413 .text C:\Program Files\Apoint\ApMsgFwd.exe[3484] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 314 000007fc94e91782 4 bytes JMP 000007fc94f1141b .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3648] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc896c1532 4 bytes [6C, 89, FC, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3648] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc896c153a 4 bytes [6C, 89, FC, 07] .text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3648] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc896c165a 4 bytes [6C, 89, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3128] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc896c1532 4 bytes [6C, 89, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3128] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc896c153a 4 bytes [6C, 89, FC, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3128] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc896c165a 4 bytes [6C, 89, FC, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [624:648] fffff960008f75e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1626755944 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\844bf5cd7812 ---- EOF - GMER 2.1 ----
  8. Galera, não sei que erro é esse... as imagens de alguns sites simplesmente aparecem distorcidas. Um dos sites é a netshoes... Eu já formatei o PC, desinstalei flash, silverlight e nada resolve. O mesmo erro acontece tanto no firefox como no IE. Alguem sabe o que pode ser :S:S:S Foto de como aparece pra mim.
  9. Pronto, tive que restaurar o sistema por um backup que tinha. Mas não sei se os vírus sairam. O log que estou postando foi o que o combofix gerou, porém, deu esse problema mencionado por mim acima. Usei a restauração e não sei como está agora. Em todo caso aqui está o log. ComboFix 12-01-26.03 - Avell 26/01/2012 20:10:06.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6058.3805 [GMT -2:00] Executando de: c:\users\Avell\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Avell\AppData\Roaming\inst.exe c:\users\Avell\AppData\Roaming\vso_ts_preview.xml c:\windows\system32\java.exe c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))) . . 2012-01-23 21:30 . 2012-01-23 21:30 -------- d-----w- c:\program files\iPod 2012-01-22 13:49 . 2012-01-22 13:49 -------- d-----w- c:\programdata\Kaspersky Lab 2012-01-20 20:35 . 2012-01-20 20:35 -------- d-----w- c:\users\Avell\AppData\Roaming\PACE Anti-Piracy 2012-01-20 20:35 . 2012-01-20 20:35 -------- d-----w- c:\users\Avell\AppData\Local\PACE Anti-Piracy 2012-01-20 20:35 . 2012-01-20 20:35 -------- d-----w- c:\programdata\PACE Anti-Piracy 2012-01-13 20:18 . 2012-01-13 22:39 -------- d-----w- c:\program files (x86)\Pando Networks 2012-01-11 10:16 . 2012-01-11 10:16 -------- d-----w- c:\program files (x86)\Koingo Software, Inc 2012-01-11 09:55 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 09:55 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 09:55 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 09:55 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 09:55 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 09:55 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-11 09:55 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 09:55 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-03 20:41 . 2012-01-03 20:41 -------- d-----w- c:\users\Avell\AppData\Roaming\VDownloader 2012-01-03 20:41 . 2012-01-03 20:43 -------- d-----w- c:\users\Avell\AppData\Local\VDownloader 2012-01-03 20:41 . 2012-01-03 20:41 -------- d-----w- c:\program files\WinPcap 2012-01-03 20:41 . 2010-01-26 12:11 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe 2012-01-03 20:41 . 2012-01-03 20:41 -------- d-----w- c:\program files (x86)\VDownloader 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2011-12-30 16:48 . 2012-01-24 17:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-08 14:40 . 2011-12-08 14:40 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-24 04:52 . 2011-12-13 22:13 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-23 18:00 . 2011-12-03 16:52 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-11-05 05:32 . 2011-12-13 22:13 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 04:26 . 2011-12-13 22:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-11-04 01:53 . 2011-12-13 22:14 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-11-04 01:44 . 2011-12-13 22:14 1390080 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 01:44 . 2011-12-13 22:14 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 01:34 . 2011-12-13 22:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-03 22:47 . 2011-12-13 22:14 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-11-03 22:40 . 2011-12-13 22:14 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-11-03 22:39 . 2011-12-13 22:14 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2011-11-03 22:31 . 2011-12-13 22:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-30 619352] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ VDownloader.lnk - c:\program files (x86)\VDownloader\VDownloader.exe [2012-1-3 858624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 494424] S2 Agent;Agent;c:\windows\agent_x64.exe [2011-03-21 353280] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2010-11-18 32768] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] . . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "combofix"="c:\combofix\CF31300.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.uol.com.br/ uInternet Settings,ProxyOverride = *.local IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\codb5jsb.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt) FF - prefs.js: browser.startup.homepage - www.uol.com.br FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORFÃOS REMOVIDOS - - - - . AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-1559956080-708438421-4766739-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1559956080-708438421-4766739-1000) @Denied: (2) (LocalSystem) "Progid"="ThunderbirdEML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Outros Processos em Execução ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Tempo para conclusão: 2012-01-26 20:23:00 - Máquina reiniciou ComboFix-quarantined-files.txt 2012-01-26 22:23 . Pré-execução: 147.987.914.752 bytes disponíveis Pós execução: 147.822.653.440 bytes disponíveis . - - End Of File - - B3053D9C342B836F6C1C7CF439E77805
  10. Amigo fiz o que voce falou, porém agora não abre nenhum programa no meu computador, qualquer programa que abre ele fala o seguinte: (Local do arquivo) Tentativa de operação ilegal em uma chave de Registro marcada para exclusão. O que eu faço agora????
  11. Por favor, agora esta travando o firefox também :S
  12. segue o log do kaspersky Status: Detected (events: 4) 22/01/2012 12:09:42 Detected Trojan program Trojan-Downloader.Java.Agent.lq C:\Documents and Settings\Avell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\366b81d3-5a89cc83/adobeflash.class High 22/01/2012 12:09:42 Detected Trojan program Exploit.Java.CVE-2010-0840.cq C:\Documents and Settings\Avell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\24293fe3-43cfc76d/mail/MailAgent.class High 22/01/2012 13:23:22 Detected Trojan program Trojan-Downloader.Java.Agent.lq C:\Users\Avell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\366b81d3-5a89cc83/adobeflash.class High 22/01/2012 13:23:24 Detected Trojan program Exploit.Java.CVE-2010-0840.cq C:\Users\Avell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\24293fe3-43cfc76d/mail/MailAgent.class High
  13. Olá, eu não uso o IE, porém algumas vezes é necessário usar para imprimir boletos da minha faculdade, porém as vezes que abro ele da algum erro e fica um endereço estranho na barra de endereço. Gostaria de saber se meu PC tem algum tipo de virús. Log do DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Avell at 14:27:46 on 2012-01-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6058.2904 [GMT -2:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe C:\Windows\agent_x64.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Hotkey\PowerBiosServer.exe c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE C:\PROGRAM FILES (X86)\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Koingo Software, Inc\Alarm Clock Pro\Alarm Clock Pro.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\TweetDeck\TweetDeck.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.uol.com.br/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [<NO NAME>] StartupFolder: C:\Users\Avell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VDOWNL~1.LNK - C:\Program Files (x86)\VDownloader\VDownloader.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C4A223BE-B95F-4DB8-88B7-B4E1FF7872AC} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\46C696E6B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\471617D226C60333824692 : DhcpNameServer = 10.100.17.1 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\471617D226C60383824692 : DhcpNameServer = 200.18.243.36 200.18.243.45 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\77A636 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\C416E626573705962716369636162616E61613237303 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\D416B65667723702940786F6E656 : DhcpNameServer = 200.169.117.222 200.169.117.221 TCP: Interfaces\{CBC1C5A0-878E-423B-AD30-D6DC64B961E9}\D616365646F623D27657563747 : DhcpNameServer = 201.6.2.143 201.6.2.23 192.168.33.1 TCP: Interfaces\{FBBCF517-25A9-4C7D-B1B1-F2686C351EF8} : DhcpNameServer = 189.40.226.80 189.40.224.5 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache {0347C33E-8762-4905-BF09-768834316C61} {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [(padrÆo)] AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\codb5jsb.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt) FF - prefs.js: browser.startup.homepage - www.uol.com.br FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\codb5jsb.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\plugins\npgbfnc_uni.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-4 494424] R2 Agent;Agent;C:\Windows\agent_x64.exe [2011-7-30 353280] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-31 13336] R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-3-30 2218600] R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2010-11-18 32768] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-15 2984832] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-31 2655768] R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-20 04:40:21 -------- d-----w- C:\Users\Avell\AppData\Local\{74F8857E-A625-4B6C-B333-F50E9142A952} 2012-01-20 04:40:10 -------- d-----w- C:\Users\Avell\AppData\Local\{48F3A4E6-1345-4EF8-910E-166710B9E395} 2012-01-20 04:39:58 -------- d-----w- C:\Users\Avell\AppData\Local\{C5AC6C30-9588-443B-92F8-958B1590BF82} 2012-01-20 04:39:47 -------- d-----w- C:\Users\Avell\AppData\Local\{E8A7290B-5295-4988-A466-9CF109DF2032} 2012-01-20 04:39:36 -------- d-----w- C:\Users\Avell\AppData\Local\{76653503-1313-4524-BB3D-C39B6EEFFCA5} 2012-01-20 04:39:25 -------- d-----w- C:\Users\Avell\AppData\Local\{28D13E22-634C-4C44-9D99-897F527DB671} 2012-01-19 16:39:08 -------- d-----w- C:\Users\Avell\AppData\Local\{9CB9FD52-8F83-4610-8945-17A319F3B67D} 2012-01-19 16:38:57 -------- d-----w- C:\Users\Avell\AppData\Local\{757E7B0A-37CD-41EF-B852-BEBF014F8D04} 2012-01-19 16:38:46 -------- d-----w- C:\Users\Avell\AppData\Local\{8186B813-43BC-4730-8132-204794C8EAFE} 2012-01-19 16:38:35 -------- d-----w- C:\Users\Avell\AppData\Local\{6AD0B119-E77A-48A0-AD26-239449CCA0E4} 2012-01-19 16:38:24 -------- d-----w- C:\Users\Avell\AppData\Local\{B81C96FD-6B5B-4EFF-80F4-3B04D7A15156} 2012-01-19 16:38:13 -------- d-----w- C:\Users\Avell\AppData\Local\{9ABC5FC7-F09D-49AF-9599-8D5B278E35E9} 2012-01-19 04:37:57 -------- d-----w- C:\Users\Avell\AppData\Local\{037C37B8-80A2-43BB-9F2A-3D49851CCB62} 2012-01-19 04:37:47 -------- d-----w- C:\Users\Avell\AppData\Local\{DB4BE68D-942C-4B59-9B71-04AD0830359B} 2012-01-19 04:37:36 -------- d-----w- C:\Users\Avell\AppData\Local\{117BC545-7440-4552-9686-C66F1E58564D} 2012-01-19 04:37:25 -------- d-----w- C:\Users\Avell\AppData\Local\{D7DA2680-57E9-4F86-9488-71C134DC9AB8} 2012-01-19 04:37:14 -------- d-----w- C:\Users\Avell\AppData\Local\{9C6826EA-CEE8-45C5-B8DB-EEF04C401B83} 2012-01-19 04:37:03 -------- d-----w- C:\Users\Avell\AppData\Local\{987839EF-2B40-4057-9DDA-9414A38C799A} 2012-01-18 16:36:48 -------- d-----w- C:\Users\Avell\AppData\Local\{76B6F268-E52D-4304-A412-1702CC05DCC3} 2012-01-18 16:36:38 -------- d-----w- C:\Users\Avell\AppData\Local\{7BACF6A4-2301-46AB-A7A8-4652B56741CA} 2012-01-18 16:36:27 -------- d-----w- C:\Users\Avell\AppData\Local\{DFCC7E64-9B4A-4387-8879-7878D8480F82} 2012-01-18 16:36:16 -------- d-----w- C:\Users\Avell\AppData\Local\{7F846445-943C-4127-B22C-477052707EB6} 2012-01-18 16:36:05 -------- d-----w- C:\Users\Avell\AppData\Local\{3EA43AFC-4E8E-4AE0-A6B6-A1E5454B68D8} 2012-01-18 16:35:54 -------- d-----w- C:\Users\Avell\AppData\Local\{021DD5C9-0573-4AE8-9AEB-6F2D75AFEAF0} 2012-01-18 04:35:41 -------- d-----w- C:\Users\Avell\AppData\Local\{998910DD-F1B1-43C5-9A8A-6691F4FDBD82} 2012-01-18 04:35:30 -------- d-----w- C:\Users\Avell\AppData\Local\{675925F4-DB56-4571-B65A-D41901AFF4F0} 2012-01-18 04:35:20 -------- d-----w- C:\Users\Avell\AppData\Local\{181F5895-DD27-48B3-A873-D7F2C67982FA} 2012-01-18 04:35:09 -------- d-----w- C:\Users\Avell\AppData\Local\{431CFC9B-87C7-4139-BBB4-6C6FED7DE36E} 2012-01-18 04:34:58 -------- d-----w- C:\Users\Avell\AppData\Local\{4843CAC3-D25D-4F3D-B383-E7ACED4ED76A} 2012-01-17 16:34:46 -------- d-----w- C:\Users\Avell\AppData\Local\{340BA326-EFD6-4D26-B4C1-016E30F33631} 2012-01-17 16:34:35 -------- d-----w- C:\Users\Avell\AppData\Local\{E8D1A289-3047-4684-83AC-A58833541D4B} 2012-01-17 16:34:24 -------- d-----w- C:\Users\Avell\AppData\Local\{8F399DF1-F487-44C0-BF37-B06A89E9B6CD} 2012-01-17 16:34:13 -------- d-----w- C:\Users\Avell\AppData\Local\{B49F2826-4BF6-4A46-A27D-2D6A1DF1D290} 2012-01-17 16:34:03 -------- d-----w- C:\Users\Avell\AppData\Local\{C1ED19C1-2C1A-4409-B13B-C10C1B8F4EE3} 2012-01-17 16:33:52 -------- d-----w- C:\Users\Avell\AppData\Local\{13949151-6D5D-49F5-A957-4E9C1491033F} 2012-01-17 04:33:17 -------- d-----w- C:\Users\Avell\AppData\Local\{D413928E-2EC4-4DA9-AD7A-096BDF0B4488} 2012-01-17 04:33:06 -------- d-----w- C:\Users\Avell\AppData\Local\{A2FB5B8C-701E-4103-9D77-652F2255F158} 2012-01-17 04:32:55 -------- d-----w- C:\Users\Avell\AppData\Local\{8628ED91-F3F3-4BA3-87A4-21854950152D} 2012-01-17 04:32:43 -------- d-----w- C:\Users\Avell\AppData\Local\{8034DC3E-18DC-4A93-AF61-8BCCF761494F} 2012-01-17 04:32:32 -------- d-----w- C:\Users\Avell\AppData\Local\{D4EF70D8-749F-4F1E-9920-02477A8F0F72} 2012-01-17 04:32:21 -------- d-----w- C:\Users\Avell\AppData\Local\{EB7B965B-04E4-44C2-8F96-FF247013D735} 2012-01-16 16:32:00 -------- d-----w- C:\Users\Avell\AppData\Local\{D5A92703-64BE-42E0-BAA9-DE5E6144DA29} 2012-01-16 16:31:49 -------- d-----w- C:\Users\Avell\AppData\Local\{96802E16-BB22-448F-A1B1-273D4D0AD71B} 2012-01-16 16:31:38 -------- d-----w- C:\Users\Avell\AppData\Local\{A6C66187-9A9C-4EDE-83FB-0FE1E4BACC4F} 2012-01-16 16:31:27 -------- d-----w- C:\Users\Avell\AppData\Local\{6840D58B-CF66-4856-B8EF-94EC58505A7C} 2012-01-16 16:31:15 -------- d-----w- C:\Users\Avell\AppData\Local\{74A22E0C-AB0F-4174-AEDE-F7B5E245BC60} 2012-01-16 16:31:04 -------- d-----w- C:\Users\Avell\AppData\Local\{30C7E46D-0B3E-492F-BFE0-F64B56130DC0} 2012-01-16 04:30:45 -------- d-----w- C:\Users\Avell\AppData\Local\{ECA89C85-0630-4ACF-89C6-E80D2B6E1B59} 2012-01-16 04:30:34 -------- d-----w- C:\Users\Avell\AppData\Local\{73D14EE7-F535-4F16-99E5-174A870D24E7} 2012-01-16 04:30:23 -------- d-----w- C:\Users\Avell\AppData\Local\{3DD030DD-CADE-48E5-80CA-CF1DD421EB95} 2012-01-16 04:30:12 -------- d-----w- C:\Users\Avell\AppData\Local\{F0601714-50FE-47E6-B87F-9812709F75D4} 2012-01-16 04:30:01 -------- d-----w- C:\Users\Avell\AppData\Local\{0E097638-A039-4E4D-BD4D-32178C9103D2} 2012-01-16 04:29:50 -------- d-----w- C:\Users\Avell\AppData\Local\{026E8701-9F66-4CE2-BD3A-CA6FB5792E20} 2012-01-15 16:29:26 -------- d-----w- C:\Users\Avell\AppData\Local\{2ED9D4EC-6FCB-4B38-95A1-3A31BFE2B2F7} 2012-01-15 16:29:14 -------- d-----w- C:\Users\Avell\AppData\Local\{314292CF-2091-473D-BB3F-F141CE47ADA7} 2012-01-15 16:29:01 -------- d-----w- C:\Users\Avell\AppData\Local\{08DF8BC9-4DA9-469F-9F04-FE2019D9AB42} 2012-01-15 16:28:47 -------- d-----w- C:\Users\Avell\AppData\Local\{4D6DC801-6F72-480B-90C1-C8A91DABBF7B} 2012-01-15 16:28:36 -------- d-----w- C:\Users\Avell\AppData\Local\{D11F147E-33F9-4F83-9AD2-B7BD60B4020D} 2012-01-15 16:28:22 -------- d-----w- C:\Users\Avell\AppData\Local\{4DFC5943-A778-4A40-8FC1-5EDEAD04FA7B} 2012-01-15 04:28:06 -------- d-----w- C:\Users\Avell\AppData\Local\{14336D04-B136-44BF-8D6D-6476F2475C4B} 2012-01-15 04:27:56 -------- d-----w- C:\Users\Avell\AppData\Local\{BF1CECC9-2538-4607-BF57-06E3D031EB34} 2012-01-15 04:27:34 -------- d-----w- C:\Users\Avell\AppData\Local\{21721B4F-54E7-4E12-9A7F-E59862B19B8C} 2012-01-15 04:27:23 -------- d-----w- C:\Users\Avell\AppData\Local\{98F7DE04-7934-43F0-9C4F-C4C8BE70759E} 2012-01-15 04:27:12 -------- d-----w- C:\Users\Avell\AppData\Local\{6234F7CF-17F1-4CF7-B84A-8CFCE498BEC9} 2012-01-14 16:26:58 -------- d-----w- C:\Users\Avell\AppData\Local\{3D9AF916-4515-43FF-B534-99A1A1801EBD} 2012-01-14 16:26:48 -------- d-----w- C:\Users\Avell\AppData\Local\{E7043877-D2B3-49A2-B707-B17E1DB6E0FC} 2012-01-14 04:25:52 -------- d-----w- C:\Users\Avell\AppData\Local\{54BEBF98-9DE5-4D61-AC27-B72C8ED66F03} 2012-01-14 04:25:41 -------- d-----w- C:\Users\Avell\AppData\Local\{2BC13412-0B41-4A9D-8B45-242D79BEDB31} 2012-01-14 04:25:30 -------- d-----w- C:\Users\Avell\AppData\Local\{832DD078-D440-4F04-9ACB-27C32EC26393} 2012-01-14 04:25:19 -------- d-----w- C:\Users\Avell\AppData\Local\{7E4A51EE-1229-4FC5-9C26-4C7066B681D6} 2012-01-14 04:25:09 -------- d-----w- C:\Users\Avell\AppData\Local\{56DE6FE5-236A-402A-A11C-AC196C61261F} 2012-01-14 04:24:58 -------- d-----w- C:\Users\Avell\AppData\Local\{E6DC1C20-B426-494F-A87C-2EFDD27848C0} 2012-01-13 20:18:23 -------- d-----w- C:\Program Files (x86)\Pando Networks 2012-01-13 16:24:31 -------- d-----w- C:\Users\Avell\AppData\Local\{BEDCF4D8-BFC9-4974-9C0C-4B394FE3038C} 2012-01-13 16:24:20 -------- d-----w- C:\Users\Avell\AppData\Local\{7B24B741-A056-4D19-9054-C36E5C345A5C} 2012-01-13 16:24:10 -------- d-----w- C:\Users\Avell\AppData\Local\{83785566-B386-4623-93B6-237C3AC5E986} 2012-01-13 16:23:59 -------- d-----w- C:\Users\Avell\AppData\Local\{103343EA-3B7D-4298-B2FD-BD02BF7501DF} 2012-01-13 16:23:48 -------- d-----w- C:\Users\Avell\AppData\Local\{02D81009-2010-436C-9C91-9C13B177971A} 2012-01-13 16:23:37 -------- d-----w- C:\Users\Avell\AppData\Local\{70C64B69-75E0-460B-946D-305727BC98CF} 2012-01-13 04:23:25 -------- d-----w- C:\Users\Avell\AppData\Local\{9D4CDA8C-8CF0-45F8-9BA3-F27EFEEC0515} 2012-01-13 04:23:14 -------- d-----w- C:\Users\Avell\AppData\Local\{1BDFF81B-24D0-4913-A139-24CC77D7FAC7} 2012-01-13 04:23:03 -------- d-----w- C:\Users\Avell\AppData\Local\{C7B2AC7A-90EF-4B4A-AD88-7704B465BC36} 2012-01-13 04:22:53 -------- d-----w- C:\Users\Avell\AppData\Local\{42A35F53-C220-4FF0-9FAD-FE8C7E9ECBBA} 2012-01-13 04:22:42 -------- d-----w- C:\Users\Avell\AppData\Local\{081C5096-E6E3-4089-AC92-9643342B3166} 2012-01-13 04:22:31 -------- d-----w- C:\Users\Avell\AppData\Local\{96876794-E581-41A8-80E7-AC0BE30FF472} 2012-01-12 16:22:03 -------- d-----w- C:\Users\Avell\AppData\Local\{F4150F7C-1FB3-40BC-B60A-89C2D24A35F4} 2012-01-12 16:21:52 -------- d-----w- C:\Users\Avell\AppData\Local\{81099A94-34A3-46DE-82F8-F1C62569674B} 2012-01-12 16:21:42 -------- d-----w- C:\Users\Avell\AppData\Local\{787D0E1C-494E-4E6A-8709-031A24E0154C} 2012-01-12 16:21:31 -------- d-----w- C:\Users\Avell\AppData\Local\{EA19AFF4-CB89-4AA3-A4A3-64C2131180E0} 2012-01-12 16:21:19 -------- d-----w- C:\Users\Avell\AppData\Local\{0A90368F-54EC-4595-928C-D5839EE96A70} 2012-01-12 16:21:08 -------- d-----w- C:\Users\Avell\AppData\Local\{29146F19-5CA1-4976-BAE7-A07853CA6D2A} 2012-01-12 04:20:54 -------- d-----w- C:\Users\Avell\AppData\Local\{E369C7DD-BB09-4811-A5E8-0333E06C51EF} 2012-01-12 04:20:44 -------- d-----w- C:\Users\Avell\AppData\Local\{6E2F6551-C0A9-44D6-91A7-FBBE9BF9AA50} 2012-01-12 04:20:33 -------- d-----w- C:\Users\Avell\AppData\Local\{A9194AB2-FA84-434E-A902-7C2797C8C6C7} 2012-01-12 04:20:22 -------- d-----w- C:\Users\Avell\AppData\Local\{43603BC4-6D58-4084-9A54-055444857C92} 2012-01-12 04:20:12 -------- d-----w- C:\Users\Avell\AppData\Local\{8F5AE662-722C-42F3-933C-6F3EEC0FA2BF} 2012-01-12 04:20:01 -------- d-----w- C:\Users\Avell\AppData\Local\{0118858A-C5D7-46D5-95B1-3478C0350E28} 2012-01-11 16:19:48 -------- d-----w- C:\Users\Avell\AppData\Local\{57AAAA4C-B27F-4D5A-913D-6C21663AE8C0} 2012-01-11 16:19:38 -------- d-----w- C:\Users\Avell\AppData\Local\{6A847FBA-B1AF-4FBA-9BF5-6312F17D6435} 2012-01-11 16:19:26 -------- d-----w- C:\Users\Avell\AppData\Local\{E05E21F5-815C-4A75-8123-BF8A95BF1B95} 2012-01-11 16:19:15 -------- d-----w- C:\Users\Avell\AppData\Local\{FB03A4EB-A2FA-40B7-A68F-705C1582F823} 2012-01-11 16:19:05 -------- d-----w- C:\Users\Avell\AppData\Local\{4F8F342C-D21A-43D0-8B36-61085F6451AB} 2012-01-11 16:18:54 -------- d-----w- C:\Users\Avell\AppData\Local\{6EA0E79E-8AF5-4976-A6E7-2FCB7318E2C8} 2012-01-11 10:16:58 -------- d-----w- C:\Program Files (x86)\Koingo Software, Inc 2012-01-11 09:55:28 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 09:55:28 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 09:55:28 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 09:55:28 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 09:55:27 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 09:55:27 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-11 09:55:27 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 09:55:27 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 04:18:24 -------- d-----w- C:\Users\Avell\AppData\Local\{4D3F3102-0D05-43E9-A94D-F609D84F655C} 2012-01-11 04:18:14 -------- d-----w- C:\Users\Avell\AppData\Local\{C8EDAD42-236C-4E16-980C-AE882BC50CCC} 2012-01-11 04:18:03 -------- d-----w- C:\Users\Avell\AppData\Local\{175627C9-91BF-44F8-97A6-63560E2F530C} 2012-01-11 04:17:52 -------- d-----w- C:\Users\Avell\AppData\Local\{69D6BC23-0908-4934-A438-58623CE7154B} 2012-01-11 04:17:41 -------- d-----w- C:\Users\Avell\AppData\Local\{46871141-788F-433A-99B6-C63139AB1044} 2012-01-11 04:17:29 -------- d-----w- C:\Users\Avell\AppData\Local\{45216CF7-6E57-4A36-83F4-30DAC15A16AF} 2012-01-10 16:17:13 -------- d-----w- C:\Users\Avell\AppData\Local\{FC9729E5-E14C-408E-9F82-DBC3C9618981} 2012-01-10 16:17:02 -------- d-----w- C:\Users\Avell\AppData\Local\{416B5D46-B5DB-4181-99CF-FD4FBA846DA1} 2012-01-10 16:16:51 -------- d-----w- C:\Users\Avell\AppData\Local\{C67BE53D-B858-4B5E-BBEE-0DA3D9BB3A98} 2012-01-10 16:16:41 -------- d-----w- C:\Users\Avell\AppData\Local\{27836826-6477-4B5E-BF84-2C1AEC0D5DD0} 2012-01-10 16:16:30 -------- d-----w- C:\Users\Avell\AppData\Local\{34DE31A1-6F5B-4644-8889-A2D690F4EC93} 2012-01-10 16:16:19 -------- d-----w- C:\Users\Avell\AppData\Local\{3B03DAD4-DC97-4670-BD00-AE89858CF10E} 2012-01-10 04:16:05 -------- d-----w- C:\Users\Avell\AppData\Local\{748DD194-5299-4911-9F26-AB72A40263F1} 2012-01-10 04:15:55 -------- d-----w- C:\Users\Avell\AppData\Local\{E4712770-4043-4590-AAEE-7CC7F69C19B2} 2012-01-09 16:14:59 -------- d-----w- C:\Users\Avell\AppData\Local\{0F776AF1-951E-440A-BE5C-9DDA5DAF346E} 2012-01-09 16:14:48 -------- d-----w- C:\Users\Avell\AppData\Local\{EE562D99-7237-4E67-B6FF-721A8126D299} 2012-01-09 16:14:38 -------- d-----w- C:\Users\Avell\AppData\Local\{85653E33-C811-45D4-8144-330B1C4D6ADD} 2012-01-09 16:14:27 -------- d-----w- C:\Users\Avell\AppData\Local\{82A5F8E2-2B12-44C5-A055-82D0D0A32A6F} 2012-01-09 16:14:16 -------- d-----w- C:\Users\Avell\AppData\Local\{84C4CE10-94E5-4E0B-BE94-2B56D2B738AB} 2012-01-09 16:14:06 -------- d-----w- C:\Users\Avell\AppData\Local\{582A35B1-E6D0-4300-8A8B-4A649E467632} 2012-01-09 08:32:11 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll 2012-01-09 08:32:11 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll 2012-01-09 08:32:11 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll 2012-01-09 08:32:11 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll 2012-01-09 04:13:40 -------- d-----w- C:\Users\Avell\AppData\Local\{784D9748-E7C0-49CE-A283-B8C29EECCDE1} 2012-01-09 04:13:30 -------- d-----w- C:\Users\Avell\AppData\Local\{479E0A3F-AAC0-431F-99DC-781EE29350F7} 2012-01-09 04:13:19 -------- d-----w- C:\Users\Avell\AppData\Local\{6B796A11-EFC1-4C06-90FB-6C5FA86CB71E} 2012-01-09 04:13:09 -------- d-----w- C:\Users\Avell\AppData\Local\{1D6CF548-AB86-4AD4-8892-D6439CC5B734} 2012-01-09 04:12:58 -------- d-----w- C:\Users\Avell\AppData\Local\{CD200994-4543-4FB7-A2C9-077B36179CA8} 2012-01-09 04:12:47 -------- d-----w- C:\Users\Avell\AppData\Local\{89180015-858D-454A-B7C7-212D9CDE6D18} 2012-01-08 16:12:05 -------- d-----w- C:\Users\Avell\AppData\Local\{4E5807C8-BE7E-4505-B2E4-4974EDB8C294} 2012-01-08 16:11:53 -------- d-----w- C:\Users\Avell\AppData\Local\{B5A9CD0B-388B-44F9-8B86-8F3BBFE3A629} 2012-01-08 16:11:42 -------- d-----w- C:\Users\Avell\AppData\Local\{1455A10D-C696-45F6-ABAB-51E2E99983F1} 2012-01-08 16:11:30 -------- d-----w- C:\Users\Avell\AppData\Local\{17348F36-F798-4801-ACF4-2364CA80DFE0} 2012-01-08 16:11:18 -------- d-----w- C:\Users\Avell\AppData\Local\{38D868C1-267E-456D-B8C6-B981C7B56406} 2012-01-08 16:11:06 -------- d-----w- C:\Users\Avell\AppData\Local\{48390EBA-57CF-4256-AE62-1790FE16C590} 2012-01-08 16:10:55 -------- d-----w- C:\Users\Avell\AppData\Local\{83B66197-46BA-41BB-AD9A-DFEE1420D854} 2012-01-08 04:10:30 -------- d-----w- C:\Users\Avell\AppData\Local\{9A3633D8-7DA3-4D54-A5B0-E8E90D8884FD} 2012-01-08 04:10:19 -------- d-----w- C:\Users\Avell\AppData\Local\{EEE3BABC-033B-4E44-8FD2-E863AE55B8E9} 2012-01-08 04:10:08 -------- d-----w- C:\Users\Avell\AppData\Local\{E586B435-CB93-4805-96DA-37D9D2771E8C} 2012-01-08 04:09:56 -------- d-----w- C:\Users\Avell\AppData\Local\{46941BAF-EF96-435A-A79B-3193513DCD82} 2012-01-08 04:09:45 -------- d-----w- C:\Users\Avell\AppData\Local\{818B5961-9D80-46AF-9D24-301234FE6375} 2012-01-08 04:09:34 -------- d-----w- C:\Users\Avell\AppData\Local\{ECA4BB1A-4FEB-4AFD-85BA-4A3C0328FA7D} 2012-01-07 16:09:10 -------- d-----w- C:\Users\Avell\AppData\Local\{A418EDEC-B246-4297-A710-8D83313BFF83} 2012-01-07 16:08:59 -------- d-----w- C:\Users\Avell\AppData\Local\{69B541D9-3C24-49F8-86CA-5895A1601643} 2012-01-07 16:08:47 -------- d-----w- C:\Users\Avell\AppData\Local\{F06B54BA-32D1-4BEE-9514-5C1DD6A9537D} 2012-01-07 16:08:36 -------- d-----w- C:\Users\Avell\AppData\Local\{7ED69794-85F4-431A-99A5-35A3C4A604FC} 2012-01-07 16:08:25 -------- d-----w- C:\Users\Avell\AppData\Local\{A0C87640-4746-4627-A55F-D983B04DB827} 2012-01-07 16:08:13 -------- d-----w- C:\Users\Avell\AppData\Local\{54649FEB-4722-480F-8B07-A89D1F1538AF} 2012-01-07 04:07:52 -------- d-----w- C:\Users\Avell\AppData\Local\{AF17BE80-5286-45EB-8507-157A93670E6F} 2012-01-07 04:07:41 -------- d-----w- C:\Users\Avell\AppData\Local\{64B5721A-96C7-4458-A090-A7F26EE737A2} 2012-01-07 04:07:29 -------- d-----w- C:\Users\Avell\AppData\Local\{57B30C06-3417-4C3F-9B91-86B435DACFE8} 2012-01-07 04:07:18 -------- d-----w- C:\Users\Avell\AppData\Local\{4DBB7ADA-5BAF-4A7A-98C9-6847A1BEAF8F} 2012-01-07 04:07:07 -------- d-----w- C:\Users\Avell\AppData\Local\{ABF8410A-B802-4277-8685-BE199E20C06C} 2012-01-07 04:06:55 -------- d-----w- C:\Users\Avell\AppData\Local\{0B12AA78-E524-4FC4-9339-E0E68FB44917} 2012-01-06 16:06:35 -------- d-----w- C:\Users\Avell\AppData\Local\{072DA9C1-8BDA-4506-BD4E-73DD77D1B03F} 2012-01-06 16:06:24 -------- d-----w- C:\Users\Avell\AppData\Local\{14A513A5-87F3-4A27-A370-CA06E33E7AB4} 2012-01-06 16:06:13 -------- d-----w- C:\Users\Avell\AppData\Local\{B06EAE01-9F78-40E5-94E5-0857AE08B117} 2012-01-06 16:06:02 -------- d-----w- C:\Users\Avell\AppData\Local\{3B91FFCE-A235-4163-B712-1CC48B6A39F1} 2012-01-06 16:05:50 -------- d-----w- C:\Users\Avell\AppData\Local\{617F8C87-A1B6-4696-9526-4C20A086D2E3} 2012-01-06 16:05:39 -------- d-----w- C:\Users\Avell\AppData\Local\{91B5AF10-D7CF-4422-B552-E14994FFC7A8} 2012-01-06 04:05:21 -------- d-----w- C:\Users\Avell\AppData\Local\{EA58F113-42C2-4D32-AA0E-B6E79B7E3973} 2012-01-06 04:05:10 -------- d-----w- C:\Users\Avell\AppData\Local\{09D152E7-4B88-4013-B723-CE74BA269D70} 2012-01-06 04:04:59 -------- d-----w- C:\Users\Avell\AppData\Local\{5871BA8B-D06C-4162-AE39-92016B63B4FF} 2012-01-06 04:04:48 -------- d-----w- C:\Users\Avell\AppData\Local\{4340C306-AE23-4C72-A0CA-97A260E8F00A} 2012-01-06 04:04:37 -------- d-----w- C:\Users\Avell\AppData\Local\{A3F5638E-DB18-4703-BB43-7C6EC991B16A} 2012-01-06 04:04:26 -------- d-----w- C:\Users\Avell\AppData\Local\{06F9CD23-06D7-405E-A12C-2A83578D736B} 2012-01-05 16:04:10 -------- d-----w- C:\Users\Avell\AppData\Local\{F2437107-AB5A-4B99-A066-3FDF04AA06C5} 2012-01-05 16:00:15 -------- d-----w- C:\Users\Avell\AppData\Local\{A71C8C58-C201-4300-B2B9-C46E66266407} 2012-01-05 16:00:04 -------- d-----w- C:\Users\Avell\AppData\Local\{403A7638-5A5C-42AA-8D21-EFCBFE5DBF61} 2012-01-05 15:59:54 -------- d-----w- C:\Users\Avell\AppData\Local\{95ADA73B-9B29-43F2-B8E1-1B02CA3D36E9} 2012-01-05 15:59:43 -------- d-----w- C:\Users\Avell\AppData\Local\{E21361F2-3700-494F-BFB6-75C609531168} 2012-01-05 15:59:32 -------- d-----w- C:\Users\Avell\AppData\Local\{D54E77F3-EE25-42BF-AA67-7D3E2139F47E} 2012-01-05 03:59:15 -------- d-----w- C:\Users\Avell\AppData\Local\{0B887599-E4B0-4B0B-8464-7DC65F8441C7} 2012-01-05 03:59:05 -------- d-----w- C:\Users\Avell\AppData\Local\{BD3967D5-4C97-4262-A3EB-34CB16ADF747} 2012-01-05 03:58:54 -------- d-----w- C:\Users\Avell\AppData\Local\{4A5A7D8B-6ABB-4910-92FE-5844D73D5EE1} 2012-01-05 03:58:43 -------- d-----w- C:\Users\Avell\AppData\Local\{B085D07A-F4C5-4263-93D1-009AF09314D6} 2012-01-05 03:58:32 -------- d-----w- C:\Users\Avell\AppData\Local\{9D5381AC-7D16-4672-A6D9-37AEA7FDBD9D} 2012-01-05 03:58:21 -------- d-----w- C:\Users\Avell\AppData\Local\{B5984393-3030-4AFB-AAE3-7C2CA4C941FA} 2012-01-04 15:58:08 -------- d-----w- C:\Users\Avell\AppData\Local\{54963E23-C778-4484-BDE9-1306AB403859} 2012-01-04 15:57:58 -------- d-----w- C:\Users\Avell\AppData\Local\{F9BEBD47-0116-4C2B-9C73-A1B1837F261E} 2012-01-04 15:57:47 -------- d-----w- C:\Users\Avell\AppData\Local\{147E0FF2-725F-4DDF-A870-792C106CBE5E} 2012-01-04 15:57:36 -------- d-----w- C:\Users\Avell\AppData\Local\{3D412814-5A41-43EC-BF52-9FE81501B97C} 2012-01-04 15:57:25 -------- d-----w- C:\Users\Avell\AppData\Local\{D8388039-1FCE-47F2-BE21-CBEBCBFAE89A} 2012-01-04 15:57:14 -------- d-----w- C:\Users\Avell\AppData\Local\{D35AAEC9-02B3-43AB-BE8E-06E170B9425C} 2012-01-04 03:57:02 -------- d-----w- C:\Users\Avell\AppData\Local\{37A67D11-A82C-4D96-9080-692A020BD9FB} 2012-01-04 03:56:51 -------- d-----w- C:\Users\Avell\AppData\Local\{733ECC3C-6A92-4671-B46A-064B78524BE3} 2012-01-04 03:56:40 -------- d-----w- C:\Users\Avell\AppData\Local\{92C26EF1-42C8-4D46-8D1A-431F0BE0F65F} 2012-01-04 03:56:29 -------- d-----w- C:\Users\Avell\AppData\Local\{6D3909E3-BA3B-4180-88A4-EC689276D53A} 2012-01-04 03:56:19 -------- d-----w- C:\Users\Avell\AppData\Local\{783952BB-9323-471A-ACDD-9FEDA2A803A3} 2012-01-04 03:56:08 -------- d-----w- C:\Users\Avell\AppData\Local\{52D6DE8E-93C7-46B2-8159-D055169C88FB} 2012-01-03 20:41:25 -------- d-----w- C:\Users\Avell\AppData\Roaming\VDownloader 2012-01-03 20:41:24 -------- d-----w- C:\Users\Avell\AppData\Local\VDownloader 2012-01-03 20:41:16 -------- d-----w- C:\Program Files\WinPcap 2012-01-03 20:41:12 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe 2012-01-03 20:41:10 -------- d-----w- C:\Program Files (x86)\VDownloader 2012-01-03 15:55:43 -------- d-----w- C:\Users\Avell\AppData\Local\{4C47EB77-60CD-4277-AF71-2B2F38144A60} 2012-01-03 15:55:21 -------- d-----w- C:\Users\Avell\AppData\Local\{F42BA267-4375-4591-9EC1-D2CBE4FE487E} 2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll 2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-01-03 03:55:07 -------- d-----w- C:\Users\Avell\AppData\Local\{17F2CE01-B15D-453D-BF10-A2103E5B4511} 2012-01-03 03:54:47 -------- d-----w- C:\Users\Avell\AppData\Local\{CA45A169-3F04-49B6-864D-C9EFD51DE1B0} 2012-01-02 15:51:25 -------- d-----w- C:\Users\Avell\AppData\Local\{FD96F865-2487-49BE-847F-F8AA059BE692} 2012-01-02 15:51:14 -------- d-----w- C:\Users\Avell\AppData\Local\{640ACFFA-59DA-49EE-BC5F-A12BCB43688E} 2012-01-02 15:51:04 -------- d-----w- C:\Users\Avell\AppData\Local\{2F6988A2-14D5-480E-AB36-4C59E9A99BD3} 2012-01-02 15:50:53 -------- d-----w- C:\Users\Avell\AppData\Local\{9486B2E6-9863-489F-96B0-C5B5C569C8A7} 2012-01-02 15:50:42 -------- d-----w- C:\Users\Avell\AppData\Local\{80BD955D-305B-4863-8F1A-2D0FB99D32EE} 2012-01-02 15:50:31 -------- d-----w- C:\Users\Avell\AppData\Local\{1BBBF01E-7CCF-4F0D-9CC2-82DE0F822065} 2012-01-02 03:50:04 -------- d-----w- C:\Users\Avell\AppData\Local\{73A655CF-985C-4044-88FC-CFB9B16FCCFC} 2012-01-02 03:49:53 -------- d-----w- C:\Users\Avell\AppData\Local\{A8D7C2BD-C6E8-4E2C-B098-2472119B3562} 2012-01-02 03:49:42 -------- d-----w- C:\Users\Avell\AppData\Local\{04BC4FFD-5D70-4F1B-99D6-79952E4D5689} 2012-01-02 03:49:31 -------- d-----w- C:\Users\Avell\AppData\Local\{EBCC0E4A-0327-470A-8716-DE6516D84D2B} 2012-01-02 03:49:20 -------- d-----w- C:\Users\Avell\AppData\Local\{EFB4BFD0-3A75-46B5-9FC6-0982B50079BA} 2012-01-02 03:49:09 -------- d-----w- C:\Users\Avell\AppData\Local\{D1771FF7-CA3B-4F7D-BFF5-8E97D100A828} 2012-01-01 15:48:55 -------- d-----w- C:\Users\Avell\AppData\Local\{550AA120-1426-44AD-B8A1-648AB1501345} 2012-01-01 15:48:45 -------- d-----w- C:\Users\Avell\AppData\Local\{83DFF131-B417-4542-8DE6-6F5E2B95275E} 2012-01-01 15:48:34 -------- d-----w- C:\Users\Avell\AppData\Local\{7C679419-B5B9-40C4-92FF-F489E453230B} 2012-01-01 15:48:23 -------- d-----w- C:\Users\Avell\AppData\Local\{0F13E7EF-03E9-4EA4-A210-04D4FB2A51A6} 2012-01-01 15:48:13 -------- d-----w- C:\Users\Avell\AppData\Local\{E4C62BAE-8CA5-4616-906A-720EB3C592ED} 2012-01-01 15:48:02 -------- d-----w- C:\Users\Avell\AppData\Local\{67833FB2-C28C-407F-9145-14FFBB4CA3D3} 2012-01-01 03:47:50 -------- d-----w- C:\Users\Avell\AppData\Local\{5DA72672-6F34-4D3E-96E5-398B3A87ED8C} 2012-01-01 03:47:39 -------- d-----w- C:\Users\Avell\AppData\Local\{7B43976E-A268-419B-866E-80233DDD22DE} 2012-01-01 03:47:28 -------- d-----w- C:\Users\Avell\AppData\Local\{4C9ADC92-715F-47B5-89A8-C8D76B0D9BD6} 2012-01-01 03:47:18 -------- d-----w- C:\Users\Avell\AppData\Local\{0C91C6C3-EC68-4E82-81B4-F50FDB28FEEA} 2012-01-01 03:47:07 -------- d-----w- C:\Users\Avell\AppData\Local\{668451A1-1FE2-4E66-B245-4669DEC3FA57} 2012-01-01 03:46:56 -------- d-----w- C:\Users\Avell\AppData\Local\{EF5784F3-8E07-4865-938F-5411EF240794} 2011-12-31 15:46:29 -------- d-----w- C:\Users\Avell\AppData\Local\{14129BED-BA4E-4BFF-85A0-72D912F333E1} 2011-12-31 15:46:19 -------- d-----w- C:\Users\Avell\AppData\Local\{3FE3B48B-FCEF-416E-8104-823208BD8F71} 2011-12-31 15:46:08 -------- d-----w- C:\Users\Avell\AppData\Local\{FF4D3CE0-5A2B-46C5-A7BB-6CD61406D9BD} 2011-12-31 15:45:57 -------- d-----w- C:\Users\Avell\AppData\Local\{CB34D6E5-B2E1-45A9-B5E1-BD1897B3183C} 2011-12-31 15:45:46 -------- d-----w- C:\Users\Avell\AppData\Local\{4DADFE28-3A04-487F-989B-4F76C0DE9822} 2011-12-31 15:45:35 -------- d-----w- C:\Users\Avell\AppData\Local\{AD8053F5-D486-4F86-A011-75E7F426585F} 2011-12-31 03:45:22 -------- d-----w- C:\Users\Avell\AppData\Local\{F181ED29-8795-4EC4-868E-ADD8632E8F93} 2011-12-31 03:45:11 -------- d-----w- C:\Users\Avell\AppData\Local\{117FD537-AFE7-4092-9BFD-5D3FB2B8AAB6} 2011-12-31 03:45:01 -------- d-----w- C:\Users\Avell\AppData\Local\{8B9CCF01-8A97-4E4A-A69F-200BD0571808} 2011-12-31 03:44:50 -------- d-----w- C:\Users\Avell\AppData\Local\{EA857211-0E0C-4EBA-AFCD-8DF0AE2C0FB6} 2011-12-31 03:44:39 -------- d-----w- C:\Users\Avell\AppData\Local\{9ABD5C98-E9E5-42CA-996F-0D2FDF1EC79B} 2011-12-31 03:44:29 -------- d-----w- C:\Users\Avell\AppData\Local\{53A1B293-FE27-4222-8D8C-7A20710ED081} 2011-12-30 16:48:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-30 15:44:16 -------- d-----w- C:\Users\Avell\AppData\Local\{353F3F20-CEA4-4AC0-A9FD-C5797222DED9} 2011-12-30 15:44:05 -------- d-----w- C:\Users\Avell\AppData\Local\{8D1E1008-2F4F-4D22-9E38-FAEC93E47A75} 2011-12-30 15:43:55 -------- d-----w- C:\Users\Avell\AppData\Local\{7C954F0B-0162-4893-A3D4-EAB82D7BBCE4} 2011-12-30 15:43:44 -------- d-----w- C:\Users\Avell\AppData\Local\{6ACF0C78-23E9-4C9F-9269-4B75E2A296BA} 2011-12-30 15:43:33 -------- d-----w- C:\Users\Avell\AppData\Local\{6DB14764-565B-42CF-A7A2-8A27E160FE4F} 2011-12-30 02:13:07 -------- d-----w- C:\Users\Avell\AppData\Local\{2E41C9E7-D617-4014-92D1-E22E33FAD500} 2011-12-30 02:12:56 -------- d-----w- C:\Users\Avell\AppData\Local\{873061DB-41E8-4678-8C77-FF37231EE5AE} 2011-12-30 02:12:45 -------- d-----w- C:\Users\Avell\AppData\Local\{CF5F470D-D989-42F6-9738-478F3688509B} 2011-12-30 02:12:24 -------- d-----w- C:\Users\Avell\AppData\Local\{F2202FD8-79A6-475A-9C7A-58BC5BCD9D34} 2011-12-29 14:11:59 -------- d-----w- C:\Users\Avell\AppData\Local\{81A4EA72-1AE0-4A88-909C-FB7AB157250F} 2011-12-29 14:11:48 -------- d-----w- C:\Users\Avell\AppData\Local\{FDD13C5D-837D-4D3D-8622-64AB2A778A96} 2011-12-29 14:11:38 -------- d-----w- C:\Users\Avell\AppData\Local\{9EA6D0B9-253C-4BE3-B1BB-3FF3A1999CE7} 2011-12-29 14:11:27 -------- d-----w- C:\Users\Avell\AppData\Local\{77E5892A-E139-4F36-8EC7-78C0E7A38FA7} 2011-12-29 02:10:53 -------- d-----w- C:\Users\Avell\AppData\Local\{0E953768-60C5-4DE6-A149-136E75DAEED3} 2011-12-29 02:10:42 -------- d-----w- C:\Users\Avell\AppData\Local\{31E3A286-861C-4633-B967-35B319886EEF} 2011-12-29 02:10:32 -------- d-----w- C:\Users\Avell\AppData\Local\{CB3A3B8D-CB31-4A2A-91CF-5A97341BC428} 2011-12-29 02:10:21 -------- d-----w- C:\Users\Avell\AppData\Local\{257DA36B-6D83-47BB-93A5-35430BDE1F65} 2011-12-29 02:10:10 -------- d-----w- C:\Users\Avell\AppData\Local\{08503AA0-DF37-432A-B6BE-E260B55705AA} 2011-12-29 02:09:59 -------- d-----w- C:\Users\Avell\AppData\Local\{89B1FBC9-8D5F-4244-8F84-DDF1E215C081} 2011-12-28 14:09:34 -------- d-----w- C:\Users\Avell\AppData\Local\{318A08CC-9753-4CBF-99AE-EBCD9F99F373} 2011-12-28 14:09:23 -------- d-----w- C:\Users\Avell\AppData\Local\{A9679D42-CB97-4870-A0E0-929A886C301D} 2011-12-28 14:09:12 -------- d-----w- C:\Users\Avell\AppData\Local\{9B16F29E-520A-423F-A0FF-ADE842347841} 2011-12-28 14:09:01 -------- d-----w- C:\Users\Avell\AppData\Local\{C634390F-5ADC-4C77-8FCE-5420E46FE62A} 2011-12-28 14:08:50 -------- d-----w- C:\Users\Avell\AppData\Local\{E00879F7-C47D-4E75-AF4E-3D894A2793B3} 2011-12-28 14:08:39 -------- d-----w- C:\Users\Avell\AppData\Local\{B2D03058-3A3B-4760-BA23-558613A0F60A} 2011-12-28 02:08:25 -------- d-----w- C:\Users\Avell\AppData\Local\{B23BD912-2FAE-4304-9C72-825D02E22669} 2011-12-28 02:08:14 -------- d-----w- C:\Users\Avell\AppData\Local\{678A4F76-BC3D-48A3-9699-60B4E7D502BA} 2011-12-28 02:08:03 -------- d-----w- C:\Users\Avell\AppData\Local\{820C8339-2214-4442-83EB-B72A76A80196} 2011-12-28 02:07:52 -------- d-----w- C:\Users\Avell\AppData\Local\{409843CD-34C4-457B-90FE-9707B0DE4E6B} 2011-12-28 02:07:41 -------- d-----w- C:\Users\Avell\AppData\Local\{840EB6AD-5094-4154-BC06-B5A612A3462B} 2011-12-28 02:07:31 -------- d-----w- C:\Users\Avell\AppData\Local\{FE4E3CB7-6D94-4C6B-BC3E-41C554EBC6D0} 2011-12-27 14:07:18 -------- d-----w- C:\Users\Avell\AppData\Local\{C3897FA9-5AB7-45D5-B6E6-3F2F843D46FB} 2011-12-27 14:07:06 -------- d-----w- C:\Users\Avell\AppData\Local\{F2C1F7ED-E296-4D53-8886-980CBCFAFDFF} 2011-12-27 14:06:55 -------- d-----w- C:\Users\Avell\AppData\Local\{FDFEBA58-0F5D-46E6-A852-82CBFD3C217E} 2011-12-27 02:06:43 -------- d-----w- C:\Users\Avell\AppData\Local\{B8C23E14-399C-4991-8963-7732C3057DB4} 2011-12-27 02:06:32 -------- d-----w- C:\Users\Avell\AppData\Local\{C162C2C7-AC94-4926-8353-C430226A382A} 2011-12-26 14:06:06 -------- d-----w- C:\Users\Avell\AppData\Local\{EA27CDAE-CDAB-4666-A36C-58F7F8E12C8E} 2011-12-26 14:05:57 -------- d-----w- C:\Users\Avell\AppData\Local\{CEBD27A5-DA60-43EC-B281-E0A0E5EEF79C} 2011-12-26 14:05:48 -------- d-----w- C:\Users\Avell\AppData\Local\{C677C416-55E2-4FA0-9C82-C90F3C15596D} 2011-12-26 14:05:38 -------- d-----w- C:\Users\Avell\AppData\Local\{3966D3F8-9418-4511-BD95-B4F2A5818990} 2011-12-26 14:05:28 -------- d-----w- C:\Users\Avell\AppData\Local\{E6143E34-862D-4DE3-8312-74EFEDC24EE8} 2011-12-26 14:05:18 -------- d-----w- C:\Users\Avell\AppData\Local\{F091DA5A-D977-4481-A116-C14C6BF189BD} 2011-12-26 02:05:07 -------- d-----w- C:\Users\Avell\AppData\Local\{60F85666-6D8F-41D2-8912-186EBDE11F0C} 2011-12-26 02:04:57 -------- d-----w- C:\Users\Avell\AppData\Local\{CD23AD42-0638-4A86-890C-78B5765752F9} 2011-12-26 02:04:48 -------- d-----w- C:\Users\Avell\AppData\Local\{49138F9A-EC3E-4E4C-B1D4-8843D7F77824} 2011-12-26 02:04:38 -------- d-----w- C:\Users\Avell\AppData\Local\{4F20E734-8DCA-4769-A7FB-96B076345B16} 2011-12-26 02:04:29 -------- d-----w- C:\Users\Avell\AppData\Local\{7502DEE4-3E28-43B9-8605-347A96A141BF} 2011-12-26 02:04:19 -------- d-----w- C:\Users\Avell\AppData\Local\{A29A1A3A-D421-418C-8DDB-D1F204912361} 2011-12-25 14:03:54 -------- d-----w- C:\Users\Avell\AppData\Local\{99716A5A-DD2E-43B3-B97D-88E04B019632} 2011-12-25 14:03:45 -------- d-----w- C:\Users\Avell\AppData\Local\{09983B6A-40B9-4BF0-A440-76D72CFBBFBE} 2011-12-25 14:03:35 -------- d-----w- C:\Users\Avell\AppData\Local\{45019BB3-6CE9-4A7B-AE83-3C595649055F} 2011-12-25 14:03:26 -------- d-----w- C:\Users\Avell\AppData\Local\{9681902D-7A1E-4317-AD1D-76EFFFBB25BF} 2011-12-25 14:03:16 -------- d-----w- C:\Users\Avell\AppData\Local\{86BDC83D-CFFB-405C-9C99-1F40F012A523} 2011-12-25 14:03:06 -------- d-----w- C:\Users\Avell\AppData\Local\{E5FF23D5-A430-4F58-A568-2C973A4EC893} 2011-12-25 02:02:55 -------- d-----w- C:\Users\Avell\AppData\Local\{F4EDD6AB-C85C-48F1-A7AF-48F392EE8003} 2011-12-25 02:02:46 -------- d-----w- C:\Users\Avell\AppData\Local\{EA359F9D-0AB7-4875-9241-D4FAF1FB4FA9} 2011-12-25 02:02:36 -------- d-----w- C:\Users\Avell\AppData\Local\{CD40F928-BA1B-4CBF-84DC-4FA9D2849108} 2011-12-25 02:02:26 -------- d-----w- C:\Users\Avell\AppData\Local\{C65C0221-EB0C-4E6F-9299-B5C1FD2290BA} 2011-12-25 02:02:17 -------- d-----w- C:\Users\Avell\AppData\Local\{29B7D81C-036C-4491-8DC2-9400FB17AB4E} 2011-12-25 02:02:07 -------- d-----w- C:\Users\Avell\AppData\Local\{279F9558-DF47-4C2E-8A74-089020FAF3C3} 2011-12-24 14:01:35 -------- d-----w- C:\Users\Avell\AppData\Local\{A6214FD2-91AE-49A0-8F10-53E5EE01A808} 2011-12-24 14:01:25 -------- d-----w- C:\Users\Avell\AppData\Local\{E732A6DB-78BD-4ED5-9704-7993591375A8} 2011-12-24 14:01:15 -------- d-----w- C:\Users\Avell\AppData\Local\{CE62427D-6E84-424F-8F30-BD8106DD89B3} 2011-12-24 14:01:00 -------- d-----w- C:\Users\Avell\AppData\Local\{76FE4565-79B5-4E5C-87E4-D2F4BAB4BCD6} 2011-12-24 14:00:49 -------- d-----w- C:\Users\Avell\AppData\Local\{CEBE292E-1204-409C-B5D4-ACFAC1DC1A48} 2011-12-24 14:00:35 -------- d-----w- C:\Users\Avell\AppData\Local\{899223D3-EB55-41EA-BC55-FC48507865AC} 2011-12-24 02:00:18 -------- d-----w- C:\Users\Avell\AppData\Local\{1DFC699A-F5F6-469A-95A7-5F86B18231AF} 2011-12-24 02:00:08 -------- d-----w- C:\Users\Avell\AppData\Local\{AC565481-48A0-4899-9CD0-CFC8AD7D51F9} 2011-12-24 01:59:58 -------- d-----w- C:\Users\Avell\AppData\Local\{692D1B6F-2226-4043-905A-98165BA3A5C9} 2011-12-24 01:59:49 -------- d-----w- C:\Users\Avell\AppData\Local\{3381A493-0D47-40DF-914C-22FD8BA9CB98} 2011-12-24 01:59:39 -------- d-----w- C:\Users\Avell\AppData\Local\{B10C0468-B22F-4C37-809B-D2A74E3D6E3B} 2011-12-24 01:59:29 -------- d-----w- C:\Users\Avell\AppData\Local\{018D999F-A9EF-4B75-A2E4-070B1D4A2FBD} 2011-12-23 13:59:12 -------- d-----w- C:\Users\Avell\AppData\Local\{74EFD988-4797-4E1D-86FA-8961B71C042F} 2011-12-23 13:59:02 -------- d-----w- C:\Users\Avell\AppData\Local\{F07300E7-64D1-4C68-8819-64CC1F3018E9} 2011-12-23 13:58:53 -------- d-----w- C:\Users\Avell\AppData\Local\{56448384-03E9-43EC-8984-93D6F953D41B} 2011-12-23 13:58:42 -------- d-----w- C:\Users\Avell\AppData\Local\{17CD0E20-16BB-468C-B286-1177F5FA3679} 2011-12-23 13:58:29 -------- d-----w- C:\Users\Avell\AppData\Local\{44734430-D94F-4E49-A450-E4D77706E904} 2011-12-23 13:58:19 -------- d-----w- C:\Users\Avell\AppData\Local\{4087154D-9604-40F7-99DB-0C8FAF4A06EB} 2011-12-23 01:58:04 -------- d-----w- C:\Users\Avell\AppData\Local\{35B22E10-EFA8-43E2-BBDA-6387AD5D8F28} 2011-12-23 01:57:54 -------- d-----w- C:\Users\Avell\AppData\Local\{37E579A5-3FAC-440F-9CE4-D4C4E46C5BE5} 2011-12-23 01:57:44 -------- d-----w- C:\Users\Avell\AppData\Local\{46698E7A-1EBA-487E-ACC4-A86511E3EE73} 2011-12-23 01:57:35 -------- d-----w- C:\Users\Avell\AppData\Local\{573D839F-3874-4C22-A9DB-2C7D00836D37} 2011-12-23 01:57:25 -------- d-----w- C:\Users\Avell\AppData\Local\{A8DD4966-E2E6-4192-AF20-CA793C6C3ECB} 2011-12-23 01:57:15 -------- d-----w- C:\Users\Avell\AppData\Local\{6D3B7D97-3F6D-4788-A314-897E33EB455B} 2011-12-22 13:57:01 -------- d-----w- C:\Users\Avell\AppData\Local\{F390B0C0-3FE0-4E4F-94E2-05ACB22D5E41} 2011-12-22 13:56:51 -------- d-----w- C:\Users\Avell\AppData\Local\{0354323F-5072-4D76-A0AA-CA55E1378A8F} 2011-12-22 13:56:42 -------- d-----w- C:\Users\Avell\AppData\Local\{FF5F8C07-E790-4AF3-B68E-A86479CD3F5E} 2011-12-22 13:56:32 -------- d-----w- C:\Users\Avell\AppData\Local\{D3C08639-4C80-4697-85FA-13C847F485E2} 2011-12-22 13:56:23 -------- d-----w- C:\Users\Avell\AppData\Local\{A1D3335D-4D57-41F5-8925-7FDB48006481} 2011-12-22 13:56:13 -------- d-----w- C:\Users\Avell\AppData\Local\{56124E6E-9A4C-4242-B4AD-DDFEEFF52ADE} 2011-12-22 01:56:01 -------- d-----w- C:\Users\Avell\AppData\Local\{6F136776-49D9-47CF-9E31-A71F43707E78} 2011-12-22 01:55:51 -------- d-----w- C:\Users\Avell\AppData\Local\{2B39BE4F-99A7-412F-B63A-17DF964F4A51} 2011-12-22 01:55:42 -------- d-----w- C:\Users\Avell\AppData\Local\{F2F3FEEB-CBA3-4DC7-84A6-7B079A289EA2} 2011-12-22 01:55:32 -------- d-----w- C:\Users\Avell\AppData\Local\{432AA16E-7158-461A-A876-941016D684C4} 2011-12-22 01:55:23 -------- d-----w- C:\Users\Avell\AppData\Local\{6CA645F0-0565-489A-916E-32042D0C727F} 2011-12-22 01:55:13 -------- d-----w- C:\Users\Avell\AppData\Local\{2A79F64D-0937-4D2B-8458-98F73BA0241A} . ==================== Find3M ==================== . 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-23 18:00:00 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll . ============= FINISH: 14:28:25,29 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 30/03/2011 22:25:19 System Uptime: 17/01/2012 11:12:31 (75 hours ago) . Motherboard: CLEVO CO. | | W150HNM/W170HN Processor: Intel® Core i7-2720QM CPU @ 2.20GHz | CPU | 2201/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 465 GiB total, 103,397 GiB free. D: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart D110 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: JMicron PCI Express Gigabit Ethernet Adapter Device ID: PCI\VEN_197B&DEV_0250&SUBSYS_51401558&REV_05\4&2E9D83C0&0&00E3 Manufacturer: JMicron Technology Corp. Name: JMicron PCI Express Gigabit Ethernet Adapter PNP Device ID: PCI\VEN_197B&DEV_0250&SUBSYS_51401558&REV_05\4&2E9D83C0&0&00E3 Service: JME . Class GUID: Description: pcouffin device ... Device ID: ROOT\PCOUFFIN\0000 Manufacturer: Name: pcouffin device ... PNP Device ID: ROOT\PCOUFFIN\0000 Service: . ==== System Restore Points =================== . RP181: 11/01/2012 07:55:32 - Windows Update RP182: 11/01/2012 08:09:37 - Windows Update RP183: 19/01/2012 00:00:02 - Ponto de Verificação Agendado . ==== Installed Programs ====================== . Across Personal Edition Adobe AIR Adobe Community Help Adobe Creative Suite 5.5 Master Collection Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) - Português Adobe Story Advanced SystemCare 5 Aktiv MP3 Recorder Alarm Alarm Clock Pro Any Video Converter 3.2.1 Apple Application Support Apple Software Update µTorrent BisonCam BufferChm Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Controle ActiveX do Windows Live Mesh para Conexões Remotas ConvertXtoDVD 4.1.19.365 D110 D3DX10 DAEMON Tools Lite Destinations DeviceDiscovery DVD Shrink 3.2 EA Download Manager Football Manager 2011 Google Talk (remove only) GPBaseService2 High-Definition Video Playback 10 Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Hotkey 3.3017 HP Update HPAppStudio HPDiagnosticAlert HPPhotoGadget HPProductAssistant HPSSupply Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 24 JMicron Ethernet Adapter NDIS Driver JMicron Flash Media Controller Driver K-Lite Mega Codec Pack 8.0.0 MarketResearch Messenger Plus! 5 Microsoft .NET Framework 1.1 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2005 Express Edition (ACROSS) Microsoft SQL Server Setup Support Files (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MozBackup 1.5 Mozilla Firefox 9.0.1 (x86 pt-BR) Mozilla Thunderbird 9.0.1 (x86 pt-BR) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero Control Center 10 Nero Core Components 10 Nero Dolby Files 10 Nero Express 10 Nero Multimedia Suite 10 Nero StartSmart 10 neroxml NVIDIA 3D Vision Controller Driver NVIDIA PhysX PDF Settings CS5 Plugin Letras.mus.br 1.10 PS_AIO_07_D110_SW_Min PunkBuster Services QuickTime QuickTransfer Realtek High Definition Audio Driver REALTEK Wireless LAN Driver Renesas Electronics USB 3.0 Host Controller Driver Revo Uninstaller 1.92 Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663) Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870) Simplo Video Camera Skype™ 5.5 Smart Defrag 2 SmartWebPrinting Snagit 10 SolutionCenter Status Steam TeamViewer 7 The Sims™ 3 The Sims™ 3 Acelerando Coleção de Objetos The Sims™ 3 Ambições The Sims™ 3 Caindo na Noite The Sims™ 3 Vida ao Ar Livre Coleção de Objetos The Sims™ 3 Vida em Alto Estilo Coleção de Objetos The Sims™ 3 Volta ao Mundo THX TruStudio Pro Toolbox TrayApp TweetDeck Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) VDownloader 3.8.974 WebCam Installer WebReg Winamp Winamp Detectar Aplicação Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinPcap 4.1.1 Z-ViPrinter_64Bit . ==== End Of File =========================== Log do GMER: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-20 17:48:05 Windows 6.1.7601 Service Pack 1 Running: gmer.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc77da0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dd3b49f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc77da0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dd3b49f (not active ControlSet) ---- EOF - GMER 1.0.15 ----
  14. Galera, eu tenho esse router da GVT aqui, funciona tudo ótimo, porém o Fifa 12 de PS3 ta com vários problemas de conexão (não somente eu mas milhares de usuários ao redor do mundo), até agora não se sabe o motivo, mas teve gente que falou que arrumo o problema abrindo umas portas no roteador. Eu não tenho ideia de onde ir pra abrir essas portas, sei que tenho que preencher com isso: Alguem pode me dar um help? Ja fiz o que tinha que fazer, porém nao resolveu o problema :S Pode fechar o tópico.
  15. Então, eles não me deram nenhum tipo de desconto só porque eu tava pagando parcelado. Nem frete gratis me deram... Procure na net em qualquer lugar que você verá os problemas de superaquecimento de HP's.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda_a_Ler_Resistores_e_Capacitores-capa-3d-newsletter.jpg

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!