[Resolvido!] Análise de LOg e outras informações

[Aloprado 0]

Olá e bom dia...Com relação ao Pen drive, lembra que eu citei que tinha chips e pen drive além de hd externo? Pois é, eu apenas aproveitei o scan do Dr.Web, para justamente limpar de possíveis infeccções.

 

Sobre o MSCONFIG, já consegui acessar e já desmarquei todas as entradas, pois nenhum me faz falta e se quiser eu acesso diretamente o programa.

 

O lance das proriedades de arquivos que não queria ficar marcado mostrar todos os arquivos ocultos ou não, também está ok.

 

O AVIRA eu reinstalei conforme orientações e consigo fazer update manual, vou esperar para ver se ele faz automático.

 

Sobre o Rapidown, acredito que consegui desinstalar ele, apesar dele não aparecer mais no painel de controle, instalar e desinstalar programas, ainda consegui fazer download de um arquivo através dele.

 

Sobre o log do ComboFix, acho que novamente não deu certo, pois o log está incompleto...Ele fez tudo de acordo com o que você falou, mas não deu nenhuma mensagem sobre restauração, reiniciou a máquina e tudo mais. O Log está abaixo...

 

 

ComboFix 09-01-02.01 - 2009-01-04 10:40:27.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.3327.2906 [GMT -2:00]

Executando de: C:\Documents and Settings\ADM\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

Aguardo novas instruções

[MGuitar 11]

- Faça o download do OTViewIt e salve no seu desktop;

 

● Duplo clique no icone do OTViewIt que está no seu desktop;

● Marque a caixa Scan All Users;

● Aperte o botão Run Scan e aguarde;

● Serão gerados dois relatórios:

 

- OTViewIt.txt <- Este será automaticamente aberto

- Extra.txt <- Este estará minimizado

 

Copie e cole-os na sua próxima resposta:

[Aloprado 0]

Bom acredito que você queria que eu ligasse meu hd externo ( não fica ligado direto ) e meu Pen Drive, portanto eis ai os resultados:

 

OTViewIT.txt

 

OTViewIt logfile created on: 2009-01-04 20:25:39 - Run 2

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ADM\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 232.88 Gb Total Space | 84.73 Gb Free Space | 36.38% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 465.75 Gb Total Space | 393.18 Gb Free Space | 84.42% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 3.73 Gb Total Space | 2.72 Gb Free Space | 73.01% Space Free | Partition Type: FAT32

 

Computer Name: TABAJARA-CA052B

Current User Name: ADM

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-10-15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

[2008-10-15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

[2004-12-13 02:05:20 | 00,065,536 | ---- | M] (The Firebird Project) -- C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

[2007-02-14 03:31:58 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2005-08-07 10:54:00 | 00,167,936 | ---- | M] () -- C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

[2008-10-12 12:37:07 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

[2008-07-05 21:09:29 | 00,181,312 | ---- | M] () -- C:\Arquivos de programas\Photodex\ProShowGold\scsiaccess.exe

[2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

[2004-12-13 02:05:20 | 01,527,893 | ---- | M] (The Firebird Project) -- C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

[2008-02-16 05:56:48 | 00,684,032 | ---- | M] (r2 Studios) -- C:\Arquivos de programas\r2 Studios\Xion\Xion.exe

[2004-08-04 00:45:36 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

[2008-02-22 16:30:38 | 00,120,384 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

[2007-01-19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe

[2004-08-04 00:45:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

[2009-01-04 20:16:57 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADM\Desktop\OTViewIt.exe

[2004-08-04 00:45:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE

 

========== (O23) Win32 Services ==========

 

[2008-10-15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])

[2008-10-15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

[2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2004-12-13 02:05:20 | 00,065,536 | ---- | M] (The Firebird Project) -- C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance [Auto | Running])

[2004-12-13 02:05:20 | 01,527,893 | ---- | M] (The Firebird Project) -- C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance [On_Demand | Running])

[2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008-10-12 12:37:07 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe -- (gupdate1c92c7828251c4 [Auto | Stopped])

[2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

File not found -- -- (NMIndexingService [On_Demand | Stopped])

[2007-02-14 03:31:58 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2005-08-07 10:54:00 | 00,167,936 | ---- | M] () -- C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])

[2008-07-05 21:09:29 | 00,181,312 | ---- | M] () -- C:\Arquivos de programas\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess [Auto | Running])

[2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

[2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

 

========== Driver Services ==========

 

[2006-11-28 21:43:25 | 00,018,688 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])

[2004-03-10 17:27:18 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k [On_Demand | Running])

[2007-02-27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])

[2008-05-20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])

[2008-10-30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running])

[2007-02-25 02:01:12 | 00,057,320 | R--- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])

[2007-10-12 18:27:00 | 00,254,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])

[2005-05-03 13:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])

[2006-04-21 23:44:39 | 00,008,064 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])

[2005-04-12 06:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])

[2005-01-07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2004-09-29 05:35:30 | 00,219,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])

[2004-09-29 05:33:50 | 01,036,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

[2007-04-23 19:12:28 | 04,402,176 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2004-03-29 05:06:24 | 00,090,464 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])

[2004-03-17 02:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001-08-17 22:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

[2007-02-14 03:31:52 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2003-04-23 10:26:18 | 00,013,986 | R--- | M] (SHIMIZU Corp.) -- C:\WINDOWS\system32\drivers\PAPUSB.sys -- (PAPUsb [On_Demand | Running])

[2002-03-19 11:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [system | Running])

[2002-05-15 13:24:40 | 00,012,160 | ---- | M] (Y.Kimura) -- C:\WINDOWS\system32\drivers\psxpad.sys -- (PSXGamepadEnabler [On_Demand | Running])

[2002-09-26 05:36:36 | 00,016,896 | ---- | M] (Y.Kimura) -- C:\WINDOWS\system32\drivers\psxenum.sys -- (PsxPortEnumerator [On_Demand | Running])

[2001-10-28 16:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2006-01-12 09:46:28 | 00,252,928 | R--- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])

[2007-08-06 22:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

[2004-07-17 11:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2007-03-01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Running])

[2004-09-29 05:34:24 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://fr.msn.com/

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.uol.com.br/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

"provider"=cand

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.uol.com.br/

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\Software\Microsoft\Internet Explorer\SearchURL]

"provider"=cand

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{000123B4-9B42-4900-B3F7-F4B073EFC214} (HKLM) -- C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

{8036D4D7-AAD3-4793-AB49-329E437155A8} (HKLM) -- C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{463DF6D5-BEC1-4d67-B217-59DB692DFC53}" (HKLM) -- C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" (HKLM) -- C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{463DF6D5-BEC1-4D67-B217-59DB692DFC53}" (HKLM) -- C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" (HKLM) -- C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{463DF6D5-BEC1-4D67-B217-59DB692DFC53}" (HKLM) -- C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" (HKLM) -- C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CorelDRAW Graphics Suite 11b"=C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011809 serial=dr12wex-1504397-kty lang=BP (Corel Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

 

========== (O4) Startup Folders ==========

 

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableRegistryTools"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"disableregistrytools"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"disableregistrytools"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Download by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

&Grab video by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

Do&wnload selected by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

Down&load all by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 11:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 11:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 11:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportar para o Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportar para o Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\Software\Microsoft\Internet Explorer\MenuExt\]

&Download by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

&Grab video by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

Do&wnload selected by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

Down&load all by Orbit: C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll [2008-06-10 11:47:10 | 00,056,440 | ---- | M] (Orbitdownloader.com)

E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 11:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [2008-03-25 05:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Pesquisar -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003-07-15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

{AFC3FA82-AD07-45cd-8B57-983435B9899E}: Button: Free Surfer -- %ProgramFiles%\Free Surfer\fs20.exe [2002-09-18 20:25:30 | 00,720,896 | ---- | M] (EMS-Project 2002 ©)

{AFC3FA82-AD07-45cd-8B57-983435B9899E}: Menu: Free Surfer -- %ProgramFiles%\Free Surfer\fs20.exe [2002-09-18 20:25:30 | 00,720,896 | ---- | M] (EMS-Project 2002 ©)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-08-04 01:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-08-04 01:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [sun Java Console] -> [2008-03-25 05:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{57E91B47-F40A-11D1-B792-444553540011} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Pesquisar] -> [2003-07-15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{AFC3FA82-AD07-45cd-8B57-983435B9899E} [HKLM] -> %ProgramFiles%\Free Surfer\fs20.exe [Free Surfer] -> [2002-09-18 20:25:30 | 00,720,896 | ---- | M] (EMS-Project 2002 ©)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-08-04 01:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-08-04 01:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-08-04 01:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [sun Java Console] -> [2008-03-25 05:28:01 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{57E91B47-F40A-11D1-B792-444553540011} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Pesquisar] -> [2003-07-15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{AFC3FA82-AD07-45cd-8B57-983435B9899E} [HKLM] -> %ProgramFiles%\Free Surfer\fs20.exe [Free Surfer] -> [2002-09-18 20:25:30 | 00,720,896 | ---- | M] (EMS-Project 2002 ©)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-08-04 01:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.&microsoft.com/controls...p?ext=%smime=%s

PluginsPageFriendlyName: "" = Galeria Microsoft ActiveX

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Plugin Control

{0FF588E0-0913-4CBC-BEC6-422A2D96B7FB}: http://www.audition.com.br/activex/AuditionWeb.cab -- AuditionWebCtrl Class

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control

{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{6A354ED1-A93D-468C-A5FB-27C68626D1FA} (Servers: | Description: Adaptador Wireless ML-DON-054)

{84744ABE-2324-430B-BCD6-BD646CAD2651} (Servers: | Description: Adaptador de rede 1394)

{FE1DE11C-1F1B-4E18-A70F-A57DDC60758A} (Servers: | Description: Intel® 82566DM Gigabit Network Connection)

 

========== (O20) HKLM Winlogon Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"GinaDLL"=SmzGina.dll

>[2003-11-04 17:29:26 | 00,438,272 | ---- | M] () -- C:\WINDOWS\system32\smzgina.dll

 

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2008-07-03 08:12:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b83286d-d693-11dd-95fc-0019dbc8e061}\Shell\AutoRun\command]

""=NTrun.exe

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b83286d-d693-11dd-95fc-0019dbc8e061}\Shell\explore\Command]

""=NTrun.exe

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b83286d-d693-11dd-95fc-0019dbc8e061}\Shell\open\Command]

""=NTrun.exe

 

========== Files/Folders - Created Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

[2009-01-04 20:16:45 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADM\Desktop\OTViewIt.exe

[2009-01-04 10:44:00 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2009-01-04 10:42:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009-01-04 10:39:43 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009-01-04 10:39:37 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-01-04 10:39:37 | 00,000,000 | ---D | C] -- C:\ComboFix

[2009-01-04 10:39:36 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23628.exe

[2009-01-04 10:39:06 | 02,888,012 | R--- | C] () -- C:\Documents and Settings\ADM\Desktop\ComboFix.exe

[2009-01-04 00:59:52 | 00,000,000 | ---D | C] -- C:\azureus

[2009-01-03 22:43:21 | 02,898,913 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\DJPEZÃO_VEM_CASSIANE(FUNK-MIX).mp3

[2009-01-03 22:34:23 | 00,000,000 | ---D | C] -- C:\Extracted

[2009-01-03 22:29:38 | 03,039,297 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\DJ_PEZÃO_&_CYBORG___FUNK_MIX_(_SILAS_MALAFAIA_).mp3

[2009-01-03 22:21:31 | 05,240,688 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\faz_um_milagre-ein_mim_remix.mp3

[2009-01-03 22:15:39 | 03,988,065 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\dj_pezao_lazaro_eu_te_amo_tanto_remix_catuchao.mp3

[2009-01-03 19:23:47 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ADM\Desktop\HijackThis.exe

[2009-01-03 17:07:19 | 00,099,341 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\ss2.jpg

[2009-01-03 17:06:50 | 00,120,849 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\ss1.jpg

[2009-01-03 16:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MumboJumbo

[2009-01-03 16:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Meus documentos\MumboJumbo

[2009-01-03 16:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Dados de aplicativos\Zylom

[2009-01-03 16:09:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

[2009-01-03 11:37:43 | 11,944,280 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\ADM\Desktop\drweb-cureit.exe

[2009-01-03 01:29:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Meus documentos\Downloads

[2009-01-02 17:22:41 | 00,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk

[2009-01-02 17:22:36 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009-01-02 17:22:36 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009-01-02 17:22:36 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009-01-02 17:22:36 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009-01-02 17:22:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

[2009-01-02 17:22:04 | 22,058,104 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\antivir_workstation_winu_en_h.exe

[2009-01-02 11:49:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Stop-the-Pop-Up Lite

[2009-01-01 17:59:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\EsetOnlineScanner

[2009-01-01 17:13:29 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\Luxor.ini

[2008-12-30 18:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\BOONTY

[2008-12-30 18:54:49 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\BOONTY Shared

[2008-12-30 16:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

[2008-12-30 15:18:27 | 00,116,736 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\limpezzza.doc

[2008-12-29 23:38:25 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\Atalho para PuzzleHero.lnk

[2008-12-29 22:23:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Dados de aplicativos\Genimo

[2008-12-29 22:21:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2008-12-29 22:20:24 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Puzzle Hero

[2008-12-29 20:46:05 | 00,155,648 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\relação filmes numero codigo.xls

[2008-12-29 14:36:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Dados de aplicativos\Malwarebytes

[2008-12-29 14:36:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-12-29 14:36:39 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-29 14:36:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-29 14:36:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2008-12-29 14:36:34 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2008-12-29 01:32:32 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\ADM\Meus documentos\projeto 512.doc

[2008-12-26 18:45:45 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4400.exe

[2008-12-26 14:58:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2008-12-26 14:58:26 | 00,261,856 | ---- | C] () -- C:\cmldr

[2008-12-26 14:58:25 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2008-12-26 14:52:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2008-12-26 14:52:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2008-12-26 14:52:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2008-12-26 14:52:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008-12-26 14:52:11 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2008-12-26 14:52:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008-12-26 14:52:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008-12-26 14:52:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008-12-26 14:52:06 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24162.exe

[2008-12-25 20:16:25 | 00,000,000 | ---D | C] -- C:\CloneDVDTemp

[2008-12-23 21:47:06 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\ADM\Meus documentos\ofico amir nao aceitação nota adi.doc

[2008-12-23 21:04:34 | 00,247,808 | ---- | C] () -- C:\Documents and Settings\ADM\Meus documentos\adi.doc

[2008-12-23 18:46:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Sidebar

[2008-12-23 18:38:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Nero

[2008-12-22 00:30:33 | 00,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StaxRip.lnk

[2008-12-22 00:30:32 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\StaxRip

[2008-12-22 00:04:47 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avira

[2008-12-20 00:28:38 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2008-12-20 00:10:11 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\Marble Tactics.lnk

[2008-12-20 00:10:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Marble Tactics

[2008-12-19 23:57:44 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll

[2008-12-19 23:57:44 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll

[2008-12-19 23:57:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll

[2008-12-19 23:57:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll

[2008-12-19 23:57:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll

[2008-12-19 23:57:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll

[2008-12-19 23:57:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll

[2008-12-19 23:57:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll

[2008-12-19 23:57:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll

[2008-12-19 23:57:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll

[2008-12-19 23:57:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll

[2008-12-19 23:57:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll

[2008-12-19 17:31:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Winks Installer

[2008-12-19 17:29:54 | 00,857,892 | ---- | C] (Planeta MSN ) -- C:\Documents and Settings\ADM\Desktop\winksinstaller.exe

[2008-12-19 17:02:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSN BackUp

[2008-12-19 16:29:12 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\ADM\Meus documentos\torreeifel.doc

[2008-12-17 22:18:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2008-12-15 01:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Meus documentos\Activision

[2008-12-14 21:03:17 | 00,001,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GUN.lnk

[2008-12-14 19:02:01 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\Free DVD Burner.lnk

[2008-12-14 19:02:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Free DVD Burner

[2008-12-14 18:17:54 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\ADM\Meus documentos\João Delfino Neto curriculun.doc

[2008-12-14 12:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Meus documentos\EatCam Webcam Recorder

[2008-12-14 10:45:17 | 00,000,936 | ---- | C] () -- C:\Documents and Settings\ADM\Desktop\EatCam Webcam Recorder for MSN.lnk

[2008-12-14 10:45:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\EatCam

[2008-12-14 01:00:32 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\ADM\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2008-12-14 00:56:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Meus documentos\Meus arquivos recebidos

[2008-12-14 00:56:35 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSN Messenger

[2008-12-14 00:20:19 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\VS Revo Group

[2008-12-13 12:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADM\Meus documentos\NeroVision

[2008-12-13 12:23:40 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll

[2008-12-13 12:23:40 | 00,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll

[2008-12-13 12:23:37 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Ahead

[2008-12-13 09:43:56 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31432.exe

[2008-12-07 11:26:20 | 00,610,304 | ---- | C] () -- C:\Documents and Settings\ADM\Meus documentos\orkut kalebe.doc

[2008-12-06 23:21:40 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk

[2008-12-06 23:21:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\PowerISO

[2008-12-05 23:22:20 | 00,002,453 | ---- | C] () -- C:\Documents and Settings\All Users\Documentos\Global.sw2

[2008-12-05 23:22:20 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp

[2008-12-05 23:22:20 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp

[2008-12-05 23:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Softwrap

[2008-12-05 23:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Fonts

[2008-12-05 23:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Config

[2008-12-05 23:22:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Atrativa Games

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009-01-04 20:16:57 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADM\Desktop\OTViewIt.exe

[2009-01-04 19:57:37 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\ADM\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-01-04 16:42:15 | 00,467,382 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009-01-04 16:42:14 | 01,059,858 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-01-04 16:42:14 | 00,433,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-01-04 16:42:14 | 00,077,082 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009-01-04 16:42:14 | 00,068,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-01-04 16:41:52 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\ADM\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009-01-04 16:37:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-01-04 16:37:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-01-04 10:54:45 | 00,000,819 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-01-04 10:54:45 | 00,000,348 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-01-04 10:54:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009-01-04 10:46:38 | 00,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-01-04 10:46:33 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009-01-04 10:44:00 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2009-01-04 10:39:32 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23628.exe

[2009-01-04 10:39:06 | 02,888,012 | R--- | M] () -- C:\Documents and Settings\ADM\Desktop\ComboFix.exe

[2009-01-03 22:44:58 | 02,898,913 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\DJPEZÃO_VEM_CASSIANE(FUNK-MIX).mp3

[2009-01-03 22:30:59 | 03,039,297 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\DJ_PEZÃO_&_CYBORG___FUNK_MIX_(_SILAS_MALAFAIA_).mp3

[2009-01-03 22:23:51 | 05,240,688 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\faz_um_milagre-ein_mim_remix.mp3

[2009-01-03 22:17:54 | 03,988,065 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\dj_pezao_lazaro_eu_te_amo_tanto_remix_catuchao.mp3

[2009-01-03 17:07:19 | 00,099,341 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\ss2.jpg

[2009-01-03 17:06:50 | 00,120,849 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\ss1.jpg

[2009-01-03 11:40:02 | 11,944,280 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\ADM\Desktop\drweb-cureit.exe

[2009-01-02 18:35:15 | 00,000,366 | ---- | M] () -- C:\LOCFACIL.SYS

[2009-01-02 17:22:41 | 00,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk

[2009-01-02 17:22:15 | 22,058,104 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\antivir_workstation_winu_en_h.exe

[2009-01-02 10:04:34 | 00,002,970 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009-01-01 17:13:29 | 00,000,022 | ---- | M] () -- C:\WINDOWS\System32\Luxor.ini

[2009-01-01 10:30:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-30 15:18:28 | 00,116,736 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\limpezzza.doc

[2008-12-29 23:38:25 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\Atalho para PuzzleHero.lnk

[2008-12-29 21:18:02 | 00,155,648 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\relação filmes numero codigo.xls

[2008-12-29 16:51:28 | 00,018,944 | -HS- | M] () -- C:\Documents and Settings\ADM\Desktop\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\ADM\Desktop\Thumbs.db:encryptable

[2008-12-29 14:36:39 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008-12-29 01:32:48 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\ADM\Meus documentos\projeto 512.doc

[2008-12-27 20:13:29 | 00,045,056 | ---- | M] (Northern Codeworks) -- C:\WINDOWS\NCUNINST.EXe

[2008-12-27 02:25:03 | 03,709,504 | -H-- | M] () -- C:\Documents and Settings\ADM\Configurações locais\Dados de aplicativos\IconCache.db

[2008-12-26 18:45:40 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4400.exe

[2008-12-26 14:52:04 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF24162.exe

[2008-12-26 14:33:49 | 00,000,211 | ---- | M] () -- C:\Boot.bak

[2008-12-25 20:13:05 | 00,000,125 | -HS- | M] () -- C:\Documents and Settings\ADM\Dados de aplicativos\.zreglib

[2008-12-25 03:18:46 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk

[2008-12-23 21:59:27 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\ADM\Meus documentos\ofico amir nao aceitação nota adi.doc

[2008-12-23 21:25:12 | 00,247,808 | ---- | M] () -- C:\Documents and Settings\ADM\Meus documentos\adi.doc

[2008-12-22 00:30:33 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StaxRip.lnk

[2008-12-20 00:28:38 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat

[2008-12-20 00:10:11 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\Marble Tactics.lnk

[2008-12-19 17:30:46 | 00,857,892 | ---- | M] (Planeta MSN ) -- C:\Documents and Settings\ADM\Desktop\winksinstaller.exe

[2008-12-19 16:29:12 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\ADM\Meus documentos\torreeifel.doc

[2008-12-14 21:03:17 | 00,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GUN.lnk

[2008-12-14 21:03:12 | 00,000,272 | ---- | M] () -- C:\WINDOWS\game.ini

[2008-12-14 19:02:01 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\Free DVD Burner.lnk

[2008-12-14 18:17:54 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\ADM\Meus documentos\João Delfino Neto curriculun.doc

[2008-12-14 11:18:46 | 00,007,168 | -HS- | M] () -- C:\WINDOWS\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

[2008-12-14 10:45:17 | 00,000,936 | ---- | M] () -- C:\Documents and Settings\ADM\Desktop\EatCam Webcam Recorder for MSN.lnk

[2008-12-13 09:59:52 | 00,000,063 | ---- | M] () -- C:\WINDOWS\PixieTool.INI

[2008-12-13 09:59:50 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documentos\PCLECHAL.INI

[2008-12-13 09:43:52 | 00,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31432.exe

[2008-12-07 13:12:58 | 00,610,304 | ---- | M] () -- C:\Documents and Settings\ADM\Meus documentos\orkut kalebe.doc

[2008-12-06 23:21:40 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk

[2008-12-06 16:23:10 | 00,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documentos\Global.sw2

[2008-12-05 23:22:20 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp

[2008-12-05 23:22:20 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp

< End of report >

 

 

Extra.txt

 

OTViewIt Extras logfile created on: 2009-01-04 20:25:39 - Run 2

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ADM\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy-MM-dd

 

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 232.88 Gb Total Space | 84.73 Gb Free Space | 36.38% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 465.75 Gb Total Space | 393.18 Gb Free Space | 84.42% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 3.73 Gb Total Space | 2.72 Gb Free Space | 73.01% Space Free | Partition Type: FAT32

 

Computer Name: TABAJARA-CA052B

Current User Name: ADM

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=1

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004-08-04 00:45:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-01-19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004-08-04 00:45:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-07-08 16:59:42 | 03,336,704 | ---- | M] () -- C:\Level Up! Games\Grand Chase Season 2\main.exe:*:Enabled:GrandChase

[2002-04-11 14:45:06 | 00,180,224 | ---- | M] () -- C:\Arquivos de programas\WebEye\WebEye.exe:*:Enabled:SocketAPI

[2008-05-28 12:22:02 | 00,018,432 | ---- | M] () -- C:\Arquivos de programas\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*:Enabled:Miro_Downloader

[2008-04-03 08:00:38 | 01,721,624 | ---- | M] (TVU networks) -- C:\Arquivos de programas\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component

[2008-07-25 15:54:32 | 01,217,792 | ---- | M] (360desktop Pty. Ltd.) -- C:\Arquivos de programas\360desktop\360desktop.exe:*:Enabled:360desktop

[2008-07-25 15:54:40 | 00,726,272 | ---- | M] (360desktop Pty. Ltd.) -- C:\Arquivos de programas\360desktop\360manager.exe:*:Enabled:360desktop manager

[2008-06-10 11:47:18 | 01,690,824 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit

[2008-03-18 16:34:14 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

[2005-12-26 12:07:07 | 03,421,696 | ---- | M] () -- C:\Arquivos de programas\THQ\MotoGP URT 3\motogp.exe:*:Enabled:motogp

[2002-06-12 16:18:54 | 06,250,496 | ---- | M] () -- C:\Arquivos de programas\Infogrames\Grand Prix 4\GP4.exe:*:Enabled:GP4

[2004-08-04 01:56:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2008-09-07 18:15:19 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA

[2008-01-17 20:50:54 | 00,587,568 | ---- | M] () -- C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[2006-02-25 13:16:42 | 11,037,184 | ---- | M] (Electronic Arts Inc.) -- C:\Arquivos de programas\Electronic Arts\A Batalha Pela Terra Média II\game.dat:*:Enabled:The Battle for Middle-earth II

[2007-01-19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2007-01-15 13:13:56 | 00,421,888 | ---- | M] (Leonardo Bai) -- C:\Arquivos de programas\MSN BackUp\MSNBackup.exe:*:Disabled:MSN BackUp

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2003-07-11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-01-19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2003-07-11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2003-07-11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-01-19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2003-08-04 22:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2003-08-02 00:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2003-07-15 07:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR

"{03B20126-F3C2-11D5-A6D2-00C026001DCA}"=WebEye

"{086a7d8c-0a38-4c7f-819a-620275550d5c}"=Nero Burning ROM Help

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160"=Canon MP160

"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}"=Quake 4

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=DVD Suite

"{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}"=360desktop

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT

"{2315B23D-3E21-4920-837D-AE6460934ECB}"=FIFA 09

"{291B3A3B-F808-45B8-8113-DF232FCB6C82}"=Microsoft .NET Compact Framework 3.5

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}"=A Batalha Pela Terra Média II™

"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1

"{2DE38C17-DD7E-41BA-88BC-0A2387D29657}"=Lively by Google

"{2DFF2906-52BB-4222-8062-1509259FC013}"=GUN

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5

"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java 6 Update 6

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{37FD253D-5064-4034-8CEC-CC3995F823A4}"=Windows Live Messenger

"{505AFDC0-5E72-4928-8368-5DEA385E3647}"=CorelDRAW Graphics Suite 12

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml

"{595a3116-40bb-4e0f-a2e8-d7951da56270}"=NeroExpress

"{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}"=Windows Live Beta (all programs)

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}"=Nero CoverDesigner

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com

"{78AC782A-C708-4B21-A3A0-ECD4A3284588}"=Windows Live Call

"{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Windows Live Sign-in Assistant

"{8B4AB829-DFD3-436D-B808-D9733D76C590}"=Macromedia Dreamweaver MX

"{90110416-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edição 2003

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}"=RollerCoaster Tycoon® 3

"{94C65B81-1CCE-3D93-95B5-853B1A3DA539}"=Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB

"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting

"{979830F1-8955-44EC-881F-1F82ED7B1127}"=AuditionBR

"{9E491AB7-4589-48CA-9CBB-874CB2788391}"=Studio 9

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI

"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager

"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}"=Hitman Blood Money

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}"=ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update

"{AA6E423F-CBDF-3608-AC30-0CF08D7C9A07}"=Microsoft .NET Framework 3.5 Language Pack - ptb

"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}"=Advertising Center

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer

"{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}"=Contacts

"{C7D27207-0F86-4B6F-859C-21800A2C592E}"=Grand Prix 4

"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}"=Need for Speed™ ProStreet

"{d025a639-b9c9-417d-8531-208859000af8}"=NeroBurningROM

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}"=GTA San Andreas

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard

"{EDA9F30A-8B65-3E6F-B353-CCA1C9241471}"=Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB

"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}"=Max Payne 2

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F7C1C17E-70E3-475F-BD52-EA554391F15D}"=GameShadow

"Adobe AIR"=Adobe AIR

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin

"Adobe Shockwave Player"=Adobe Shockwave Player 11

"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3

"Ancient TriJong"=Ancient TriJong

"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus

"AnyDVD"=AnyDVD

"AtomixMP3 v2.3 Trial"=AtomixMP3 v2.3 Trial

"Babylon"=Babylon

"Bíblia Hábil_is1"=Bíblia Hábil 2.0

"BLOX Forever Free Trial"=BLOX Forever Free Trial

"briblo"=briblo Screen Saver

"BrothersInArms"=Brothers In Arms

"Bus Driver"=Bus Driver

"Caderno de Receitas_is1"=Caderno de Receitas

"CanSecu"=CanSecu

"CDex"=CDex extraction audio

"CloneCD"=CloneCD

"CloneDVD2"=CloneDVD2

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1"=PCI SoftV92 Modem

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com

"DigitMax 3.0_is1"=DigitMax Versão 3.0

"Dofus 1.24.0"=Dofus 1.24.0

"DVD Cutter_is1"=DVD Cutter 1.1

"DVD Decrypter"=DVD Decrypter (Remove Only)

"Easy Video Splitter_is1"=Easy Video Splitter 1.28

"EatCam Webcam Recorder 3.6 for MSN_is1"=EatCam Webcam Recorder 3.6 for MSN

"EncryptOnClick_is1"=EncryptOnClick

"EsetOnlineScanner"=ESET Online Scanner

"EVEREST Ultimate Edition_is1"=EVEREST Ultimate Edition v4.20

"FBDBServer_1_5_is1"=Firebird 1.5.2.4731

"Free DVD Burner (by minidvdsoft)_is1"=Free DVD Burner version 3.0

"FREE Hi-Q Recorder_is1"=FREE Hi-Q Recorder 1.92

"Free Mp3 Wma Converter_is1"=Free Mp3 Wma Converter V 1.7.3

"Free Surfer mk II_is1"=EMS FreeSurfer mk II

"Funpuz_9.0"=Funsol Solitaire Gold 9.1

"GameDesire-Pool & Snooker"=GameDesire-Pool & Snooker

"GOM Player"=GOM Player

"GrabProGrabPro"=GrabPro - Toolbar

"Grand Chase_is1"=Grand Chase

"HijackThis"=HijackThis 2.0.2

"Hollywood FX"=Pinnacle Hollywood FX

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}"=Quake 4

"InstallShield_{2DFF2906-52BB-4222-8062-1509259FC013}"=GUN

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2

"KaraFun_is1"=KaraFun 1.18

"KLiteCodecPack_is1"=K-Lite Codec Pack 4.2.5 (Full)

"LifeGlobe Sharks, Terrors of the Deep 2_is1"=LifeGlobe Sharks, Terrors of the Deep 2

"Luxor 2"=Luxor 2 (remove only)

"Luxor 2 Deluxe"=Luxor 2 Deluxe

"Luxor 2_is1"=Luxor 2 en

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Marble Tactics"=Marble Tactics 1.0

"Mario Forever"=Mario Forever 3.0

"Mario Forever Toolbar"=Mario Forever Toolbar

"MediaMonkey_is1"=MediaMonkey 3.0

"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5

"Microsoft .NET Framework 3.5 Language Pack - ptb"=Microsoft .NET Framework 3.5 Language Pack - ptb

"Mint Online TV_is1"=Mint Online TV 1.5

"Miro"=Miro

"MotoGP URT 3_is1"=MotoGP URT 3

"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)

"MSN BackUp"=MSN BackUp 1.3.2

"Nero 7 Micro_is1"=Nero 7 Micro 7.9.6.0

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers"=NVIDIA Drivers

"Orbit_is1"=Orbit Downloader

"Palavras-Cruzadas 6.0"=Palavras-Cruzadas 6.0

"Photodex Presenter"=Photodex Presenter

"PowerISO"=PowerISO

"PROSet"=Intel® PRO Network Connections Drivers

"ProShow Gold"=ProShow Gold

"Puzzle Hero_is1"=Puzzle Hero 1.8.1

"RealAlt_is1"=Real Alternative 1.9.0

"Revo Uninstaller"=Revo Uninstaller 1.75

"save2pc Light_is1"=save2pc Light 3.33

"Show do Milhão 2006_is1"=Show do Milhão 2006

"SMPlayer_is1"=SMPlayer 0.6.3.1

"Spk Configuração_is1"=Configuração Spk 3.0.0.4

"ss_timension_1024x768"=ss_timension_1024x768 Screen Saver

"StaxRip_is1"=StaxRip 1.1.1.0

"Stop-the-Pop-Up Lite"=Stop-the-Pop-Up Lite

"TVUPlayer"=TVUPlayer 2.3.6.1

"Unlocker"=Unlocker 1.8.7

"UsbFix"=UsbFix

"WIC"=Windows Imaging Component

"WinAVI Video Converter 9.09.0"=WinAVI Video Converter 9.0

"Windows Media Format Runtime"=Windows Media Format Runtime

"Winks Installer_is1"=Winks Installer V2.0

"WinLiveSuite_Wave3"=Windows Live Beta (all programs)

"WinRAR archiver"=Arquivo do WinRAR

"Xion"=Xion v1.0 (build 94)

"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent"=BitTorrent

"BitTorrent DNA"=DNA

"Google Chrome"=Google Chrome

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-839522115-220523388-2147200963-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent"=BitTorrent

"BitTorrent DNA"=DNA

"Google Chrome"=Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-10-30 23:57:56 | Computer Name = TABAJARA-CA052B | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.2180, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x0626b710.

 

Error - 2008-10-31 00:05:31 | Computer Name = TABAJARA-CA052B | Source = Application Error | ID = 1000

Description = Aplicativo com falha drwtsn32.exe, versão 5.1.2600.0, módulo com falha

dbghelp.dll, versão 5.1.2600.2180, endereço com falha 0x0001295d.

 

Error - 2008-11-02 12:14:40 | Computer Name = TABAJARA-CA052B | Source = MsiInstaller | ID = 10005

Description = Product: Adobe Setup -- Please install Adobe Setup using Setup.exe

 

Error - 2008-11-02 12:24:21 | Computer Name = TABAJARA-CA052B | Source = MsiInstaller | ID = 10005

Description = Product: Adobe Setup -- Please install Adobe Setup using Setup.exe

 

Error - 2008-11-05 19:16:46 | Computer Name = TABAJARA-CA052B | Source = Application Error | ID = 1000

Description = Aplicativo com falha nero.exe, versão 7.9.6.0, módulo com falha unknown,

versão 0.0.0.0, endereço com falha 0x47434243.

 

Error - 2008-11-05 20:33:42 | Computer Name = TABAJARA-CA052B | Source = Application Error | ID = 1000

Description = Aplicativo com falha explorer.exe, versão 6.0.2900.2180, módulo com

falha avisplitter.ax, versão 1.0.0.9, endereço com falha 0x000220b4.

 

Error - 2008-11-06 12:45:27 | Computer Name = TABAJARA-CA052B | Source = Application Hang | ID = 1002

Description = Aplicativo com falha Dreamweaver.exe, versão 6.1.1878.0, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-11-06 12:45:29 | Computer Name = TABAJARA-CA052B | Source = Application Hang | ID = 1002

Description = Aplicativo com falha Dreamweaver.exe, versão 6.1.1878.0, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 2008-11-06 12:47:53 | Computer Name = TABAJARA-CA052B | Source = Google Update | ID = 20

Description =

 

Error - 2008-11-12 17:50:55 | Computer Name = TABAJARA-CA052B | Source = Google Update | ID = 20

Description =

 

[ System Events ]

Error - 2008-12-26 17:00:32 | Computer Name = TABAJARA-CA052B | Source = BROWSER | ID = 8032

Description = O serviço localizador não pôde recuperar a lista de backup muitas

vezes no transporte \Device\NetBT_Tcpip_{FE1DE11C-1F1B-4E18-A70F-A57DDC60758A}. O

localizador reserva está finalizando.

 

Error - 2008-12-30 17:01:46 | Computer Name = TABAJARA-CA052B | Source = BROWSER | ID = 8032

Description = O serviço localizador não pôde recuperar a lista de backup muitas

vezes no transporte \Device\NetBT_Tcpip_{FE1DE11C-1F1B-4E18-A70F-A57DDC60758A}. O

localizador reserva está finalizando.

 

Error - 2009-01-02 08:04:12 | Computer Name = TABAJARA-CA052B | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com

argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 2009-01-02 08:04:16 | Computer Name = TABAJARA-CA052B | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem

com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2009-01-02 08:04:43 | Computer Name = TABAJARA-CA052B | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DHCP depende do serviço NetBios em Tcpip, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2009-01-02 08:04:43 | Computer Name = TABAJARA-CA052B | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DNS depende do serviço Driver de protocolo TCP/IP,

mas não foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2009-01-02 08:04:43 | Computer Name = TABAJARA-CA052B | Source = Service Control Manager | ID = 7001

Description = O serviço Auxiliar NetBIOS TCP/IP depende do serviço AFD, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2009-01-02 08:04:43 | Computer Name = TABAJARA-CA052B | Source = Service Control Manager | ID = 7001

Description = O serviço Serviços IPSEC depende do serviço Driver IPSEC, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 2009-01-02 08:04:43 | Computer Name = TABAJARA-CA052B | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS

NetBT

PCLEPCI

RasAcd

Rdbss

SCDEmu

ssmdrv

Tcpip

 

Error - 2009-01-02 08:10:58 | Computer Name = TABAJARA-CA052B | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem

com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

< End of report >

 

 

Aguardo instruções

[MGuitar 11]

Vá em Iniciar > Executar, digite: combofix /u e tecle Enter.

 

- Faça download do Kaspersky Virus Removal Tool e salve na pasta de Arquivos de programas.

 

● Instale o programa normalmente seguindo todos os seus passos;

● Não faça ainda scan;

● Reinicie o PC em Modo de Segurança;

● Na tela principal do programa marque todas as caixas disponíveis, como mostra a imagem abaixo:

 

 

● Clique no botão Scan e aguarde;

● Seja paciente, o scan pode demorar;

● Se ele encontrar alguma infecção confirme a solicitação de remoção aos arquivos detectados;

● Ao término, clique em Reports e salve o relatório no desktop;

● Reinicie o PC em Modo Normal e cole o relatório do scan aqui.

 

Para remover a ferramenta, caso deseje:

 

● Feche todas as janelas abertas;

● Entre na pasta Kaspersky Virus Removal Tool (estará na mesma pasta onde você salvou o arquivo de instalação - Arquivos de Programas), e dê duplo clique sobre o arquivo unins000.exe;

● Clique em OK duas vezes.

 

Seu computador será reiniciado.

 

Em sua próxima resposta, cole o relatório do Kaspersky e um novo log do HijackThis.

[Aloprado 0]

Bom dia, quando me disse para ter paciência, não imaginei que fosse de jó...( risos )

 

Bom depois de um longo e tenebroso inverno...bem estamos no verão....

 

brincadeiras a parte ( para descontrair ) os Logs abaixo:

 

LOG do Kapersky

 

Scan

----

Scanned: 1041378

Detected: 2

Untreated: 0

Start time: 2009-01-05 17:51

Duration: 13:17:42

Finish time: 2009-01-06 07:09

 

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Trojan-PSW.Win32.Agent.kkd File: C:\tradutor\Globalink\PTConv\system32f\BK2009\bk\bbbackuoppp\executaveis\inteligencia.exe

deleted: adware not-a-virus:AdWare.Win32.Dap.c File: C:\tradutor\Globalink\PTConv\system32f\BK2009\bk\Dic\dap7.exe//WISE0021.BIN/dapiebar.dll

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

2009-01-05 17:52 Running module: smss.exe\smss.exe ok scanned

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

Log do HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:14, on 2009-01-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\ADM\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011809 serial=dr12wex-1504397-kty lang=BP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Arquivos de programas\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Arquivos de programas\Free Surfer\FS20.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c92c7828251c4) (gupdate1c92c7828251c4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

 

--

End of file - 6622 bytes

 

 

Aguardo instruções...

 

abraços

[MGuitar 11]

Aparentemente o log está limpo.

 

Algum problema ainda?

[Aloprado 0]

Bom, primeiramente quero agradecer por tudo que fez por mim esse tempo todo e de certa forma passar o natal e o ano novo também.

 

Como você disse aparentemente não há mais problemas.

 

Quero saber se posso formatar meu pen drive normalmente como se faz com os hds ou tenho que fazer isso com algum programa.

 

No mais um feliz ano novo e paz na terra aos homens de boa vontade.

[MGuitar 11]

Quero saber se posso formatar meu pen drive normalmente como se faz com os hds ou tenho que fazer isso com algum programa.

Pode fazer normalmente. :thumbsup:

[Aloprado 0]

Muito obrigado pela ajuda e até mais.

 

:thumbsup:

[MGuitar 11]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.