doctor 0 Denunciar post Postado Fevereiro 18, 2009 bom o pc tá lento, a internet ta oscilando.... to suspeitando que tenha algo no pc ja passe spybot, malwarebyte, ccleaner, avast, combofix e nao sei o que possa ser. segue log abaixo Logfile of HijackThis v1.99.1 Scan saved at 12:38:02, on 18/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D4B2973-E711-4117-AE0D-DE5593DDAD94}: NameServer = 200.165.132.155 200.149.55.140 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 19, 2009 Boa Noite! doctor <@> Baixe: < OTViewIt > ( ...by OldTimer ) <@> Salve-o no desktop! <@> Execute-o! --> Marque a caixa: "Scan All Users" <@> Aperte "Run Scan" --> Aguarde a conclusão! <@> Poste os relatórios: OTViewIt.txt + Extra.txt <-- Minimizado! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
doctor 0 Denunciar post Postado Fevereiro 19, 2009 opa segue os logs abaixo OTViewIt logfile created on: 19/2/2009 13:48:56 - Run 3 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Microsoft\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1022,48 Mb Total Physical Memory | 539,88 Mb Available Physical Memory | 52,80% Memory free 2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,72% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 74,56 Gb Total Space | 22,43 Gb Free Space | 30,08% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 650,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MICROSOF-UB1DVN Current User Name: Microsoft Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/11/04 16:38:28 | 00,052,608 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [2009/02/05 18:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009/02/05 18:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2005/09/22 05:42:24 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe [2009/02/05 18:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe [2008/04/13 23:21:02 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [2001/11/28 20:50:00 | 00,032,768 | ---- | M] (Borland Software Corporation) -- C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2004/10/29 05:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2009/02/05 18:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009/02/05 18:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2001/11/28 20:50:00 | 01,769,472 | ---- | M] (Borland Software Corporation) -- C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2009/02/05 14:19:51 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [2007/10/18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009/02/19 13:46:09 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Microsoft\Desktop\OTViewIt.exe ========== (O23) Win32 Services ========== [2008/10/25 12:46:50 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2009/02/05 18:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) [2009/02/05 18:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) [2009/02/05 18:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) [2009/02/05 18:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/11/04 16:38:28 | 00,052,608 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [unknown | Running]) [2007/12/04 20:32:53 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2008/04/13 23:21:02 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running]) [2001/11/28 20:50:00 | 00,032,768 | ---- | M] (Borland Software Corporation) -- C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe -- (InterBaseGuardian [Auto | Running]) [2001/11/28 20:50:00 | 01,769,472 | ---- | M] (Borland Software Corporation) -- C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe -- (InterBaseServer [On_Demand | Running]) [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) [2004/10/29 05:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2008/04/13 23:21:02 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running]) [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2008/04/13 23:21:02 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running]) [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2009/02/05 18:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running]) [2005/09/22 05:34:18 | 03,727,680 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running]) [2005/11/21 02:48:21 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running]) [2009/02/05 18:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) [2009/02/05 18:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) [2009/02/05 18:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) [2009/02/05 18:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running]) [2009/02/05 18:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running]) [2001/10/28 15:06:10 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys -- (ATMEPVCP [On_Demand | Stopped]) [2006/10/21 14:37:00 | 00,200,500 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\TP6800.sys -- (DCamUSBIntel [On_Demand | Stopped]) [2006/08/19 17:46:10 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Running]) [2008/11/04 16:39:54 | 00,031,104 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm [boot | Running]) [2007/03/08 01:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running]) [2007/03/08 01:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running]) [2007/03/08 01:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running]) [2001/08/17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running]) [2001/08/17 21:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop [On_Demand | Stopped]) [2003/04/04 15:07:20 | 00,030,336 | ---- | M] (Politecnico di Torino) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped]) [2004/10/29 05:50:00 | 02,826,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2008/04/13 15:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running]) [2001/10/28 15:07:14 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running]) [2001/10/28 15:07:14 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running]) [2006/10/02 12:38:48 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running]) [2001/10/28 15:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2004/04/13 09:14:12 | 00,070,144 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running]) [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped]) [2007/11/13 07:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running]) [2005/01/10 20:25:00 | 00,923,826 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running]) [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) [2006/08/19 17:43:54 | 00,642,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running]) [2004/09/17 04:04:00 | 00,052,384 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped]) [2004/09/17 04:05:00 | 00,006,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped]) [2004/09/17 04:05:00 | 00,084,512 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped]) [2008/04/13 15:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [boot | Running]) [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running]) [2005/08/24 02:08:36 | 00,237,312 | R--- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped]) [2004/07/06 22:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running]) [2001/10/28 15:07:48 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "Default_Search_URL"=http://www.google.com/ie "SearchAssistant"=http://www.google.com/ie [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.google.com "SearchMigratedDefaultName"=Google "SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 "Start Page"=about:blank [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search] "SearchAssistant"=http://www.google.com/ie [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://www.google.com/search?q=%s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.google.com "SearchMigratedDefaultName"=Google "SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 "Start Page"=about:blank [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search] "SearchAssistant"=http://www.google.com/ie [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL] ""=http://www.google.com/search?q=%s [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (290290 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 0.0.0.0 www.belasnifetas.com 0.0.0.0 www.marcelinha.com 0.0.0.0 www.sexocean.com 0.0.0.0 http://www.belasninfetas.com/ 0.0.0.0 www.sorria.com.br 0.0.0.0 www.seuorkut.com.br 0.0.0.0 www.mandamusica.net 0.0.0.0 www.kixiki.com.br 0.0.0.0 www.recadosonline.com 0.0.0.0 www.sonico.com 0.0.0.0 www.recadopop.com 0.0.0.0 www.meusrecados.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 9998 more lines... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) {053F9267-DC04-4294-A72C-58F732D338C0} (HKLM) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.) {C41A1C0E-EA6C-11D4-B1B8-444553540008} (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{B9D1647F-A66A-4695-B249-07901A45FF59}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{B9D1647F-A66A-4695-B249-07901A45FF59}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.) "SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.) ========== (O4) Startup Folders ========== ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions] "NoUpdateCheck"=1 [HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel] "Homepage"=0 [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\policies\microsoft\internet explorer\Control Panel] "Homepage"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "LinkResolveIgnoreLinkInfo"=0 "NoResolveSearch"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoActiveDesktop"=0 "ClassicShell"=0 "ForceActiveDesktopOn"=0 "LinkResolveIgnoreLinkInfo"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"=0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoActiveDesktop"=0 "ClassicShell"=0 "ForceActiveDesktopOn"=0 "LinkResolveIgnoreLinkInfo"=0 [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableTaskMgr"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\] E&xportar para o Microsoft Excel: C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Enviar para o OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: &Enviar para o OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {58ECB495-38F0-49cb-A538-10282ABF65E7}: Button: Livro de recortes HP -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) {700259D7-1666-479a-93B1-3250410481E8}: Button: Seleção HP Smart -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) {85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2006/05/25 01:22:06 | 00,053,248 | ---- | M] () {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 23:21:10 | 01,695,232 | -HS- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 23:21:10 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Enviar para o OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Livro de recortes HP] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [seleção HP Smart] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [uninstall BitDefender Online Scanner v8] -> [2006/05/25 01:22:06 | 00,053,248 | ---- | M] () CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Enviar para o OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [uninstall BitDefender Online Scanner v8] -> [2006/05/25 01:22:06 | 00,053,248 | ---- | M] () CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 23:21:10 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Enviar para o OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [uninstall BitDefender Online Scanner v8] -> [2006/05/25 01:22:06 | 00,053,248 | ---- | M] () CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 23:21:10 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Enviar para o OneNote] -> [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Livro de recortes HP] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKLM] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [seleção HP Smart] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.) CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [uninstall BitDefender Online Scanner v8] -> [2006/05/25 01:22:06 | 00,053,248 | ---- | M] () CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 50 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] : msn in My Computer 54 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 49 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 49 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 40 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 40 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] : msn in My Computer 54 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab -- CKAVWebScan Object {20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}: http://acs.pandasoftware.com/activescan/as5free/asinst.cab -- ActiveScan Installer Class {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_16 {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object {E37CB5F0-51F5-4395-A808-5FA49E399008}: https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab -- GbPluginObj Class ========== (O17) DNS Name Servers ========== {079E79C7-A2AF-4F4C-9D88-F10C45E9950F} (Servers: | Description: Microsoft Loopback Adapter) {1ADBD111-BF01-4691-8CDE-EC9FD804B453} (Servers: | Description: ) {613D42AB-10AC-4A84-91D3-80571A7F7A1F} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC) ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] GbPluginUni: "DllName" = C:\ARQUIV~1\GbPlugin\gbiehuni.dll -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco) WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399008}" (HKLM) -- C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006/04/03 08:45:17 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] AutoRun [] [2004/08/18 05:37:22 | 00,663,552 | R--- | M] () -- E:\AutoRun.exe -- [ CDFS ] AutoRun.exe [Lsa Security Packages settings..d | ] [2004/08/18 05:37:22 | 00,663,552 | R--- | M] () -- E:\AutoRun.exe -- [ CDFS ] AutoRunGUI.dll [] [2004/08/18 05:33:44 | 00,598,016 | R--- | M] () -- E:\AutoRunGUI.dll -- [ CDFS ] autorun.inf ["AutoRun" = | ] [2004/08/18 05:54:43 | 00,000,083 | R--- | M] () -- E:\autorun.inf -- [ CDFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294a47a5-d9f1-11dd-8713-0013d3ca1c40}\Shell\AutoRun\command] ""=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294a47a5-d9f1-11dd-8713-0013d3ca1c40}\Shell\open\command] ""=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\AutoRun\command] ""=D:\tyktjfww.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\explore\Command] ""=D:\tyktjfww.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\open\Command] ""=D:\tyktjfww.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [2009/02/19 13:46:05 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Microsoft\Desktop\OTViewIt.exe [2009/02/17 20:39:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft\Dados de aplicativos\Malwarebytes [2009/02/17 20:38:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/02/17 20:38:58 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/02/17 20:38:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/02/17 20:38:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [2009/02/17 20:38:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware [2009/02/10 19:13:33 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2009/02/06 12:53:42 | 00,048,812 | ---- | C] () -- C:\Documents and Settings\Microsoft\Meus documentos\Sistemas Especialistas.docx [2009/02/05 21:36:56 | 00,000,370 | ---- | C] () -- C:\WINDOWS\pdf2word.INI [2009/02/05 21:36:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\VeryPDF PDF2Word v3.0 [2009/02/05 14:17:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft\Desktop\Máfia do Forró Eletrico (Promocional) [2009/02/04 13:20:27 | 00,035,485 | ---- | C] () -- C:\Documents and Settings\Microsoft\Meus documentos\Introduçã1.docx [2009/02/02 13:37:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\WMTools Downloaded Files [2009/02/02 13:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft\Desktop\SELEÇÃO ESPECIAL CARNAVAL 2009 KRA CD'S P1 [2009/02/01 08:08:19 | 00,031,628 | ---- | C] () -- C:\Documents and Settings\Microsoft\Meus documentos\Um Sistema de Gerenciamento de Conteúdo.docx [2009/01/30 20:24:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Microsoft\Desktop\CD CARNAVAL 2009 FUNK MIX BY DJ DENNIEL HARRYSON FORTALEZA CE (85) 8744-8799 [2009/01/29 18:08:34 | 02,524,033 | ---- | C] () -- C:\Documents and Settings\Microsoft\Desktop\no-break_-_curso_completo.pdf [2009/01/29 12:54:53 | 00,138,558 | ---- | C] () -- C:\Documents and Settings\Microsoft\Meus documentos\Trabalho_IA.pdf [2009/01/29 10:54:51 | 00,000,054 | ---- | C] () -- C:\WINDOWS\klog.dat [2009/01/28 16:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft\Meus documentos\DVDVideoSoft [2009/01/27 20:00:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft\Desktop\2001 - Como É Que Se Diz Eu Te Amo (Ao Vivo) (Legião Urbana) [2009/01/26 14:10:52 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009/01/26 12:33:37 | 00,000,000 | ---D | C] -- C:\TP [2009/01/26 12:32:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft\Desktop\tp_inst ========== Files - Modified Within 30 Days ========== [6 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009/02/19 13:46:09 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Microsoft\Desktop\OTViewIt.exe [2009/02/19 12:54:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/02/19 12:54:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/02/18 22:09:42 | 13,406,302 | -H-- | M] () -- C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\IconCache.db [2009/02/18 20:48:31 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Microsoft\Meus documentos\Minhas Pastas de Compartilhamento.lnk [2009/02/17 21:08:21 | 00,290,290 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn [2009/02/17 21:08:21 | 00,290,290 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/02/17 20:38:58 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/02/16 12:28:17 | 00,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/02/10 19:13:35 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/02/06 13:08:30 | 00,048,812 | ---- | M] () -- C:\Documents and Settings\Microsoft\Meus documentos\Sistemas Especialistas.docx [2009/02/05 21:36:56 | 00,000,370 | ---- | M] () -- C:\WINDOWS\pdf2word.INI [2009/02/05 18:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/02/05 18:08:19 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/02/05 18:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/02/05 18:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/02/05 18:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/02/05 18:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/02/05 18:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/02/05 18:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/02/05 18:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr [2009/02/04 13:20:27 | 00,035,485 | ---- | M] () -- C:\Documents and Settings\Microsoft\Meus documentos\Introduçã1.docx [2009/02/03 20:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/02/02 13:41:30 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/02/02 13:35:30 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Microsoft\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/01 10:56:37 | 00,031,628 | ---- | M] () -- C:\Documents and Settings\Microsoft\Meus documentos\Um Sistema de Gerenciamento de Conteúdo.docx [2009/01/29 18:09:50 | 02,524,033 | ---- | M] () -- C:\Documents and Settings\Microsoft\Desktop\no-break_-_curso_completo.pdf [2009/01/29 17:35:43 | 00,000,054 | ---- | M] () -- C:\WINDOWS\klog.dat [2009/01/29 12:54:53 | 00,138,558 | ---- | M] () -- C:\Documents and Settings\Microsoft\Meus documentos\Trabalho_IA.pdf [2009/01/26 14:10:52 | 00,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini [2009/01/25 10:24:16 | 00,022,843 | ---- | M] () -- C:\Documents and Settings\Microsoft\Meus documentos\CONTRATO DE EMPREITA.docx < End of report > OTViewIt Extras logfile created on: 19/2/2009 13:48:56 - Run 3 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Microsoft\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1022,48 Mb Total Physical Memory | 539,88 Mb Available Physical Memory | 52,80% Memory free 2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,72% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 74,56 Gb Total Space | 22,43 Gb Free Space | 30,08% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 650,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MICROSOF-UB1DVN Current User Name: Microsoft Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DisableNotifications"=0 "DoNotAllowExceptions"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 23:21:17 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007/10/18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/13 23:21:17 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008/06/28 17:26:34 | 00,081,920 | ---- | M] (Valve) -- C:\Arquivos de programas\Steam\SteamApps\c_strik3\counter-strike\hl.exe:*:Enabled:Half-Life Launcher [2006/01/26 13:21:45 | 04,857,856 | ---- | M] (http://www.emule-project.net) -- C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule [2008/04/13 23:21:17 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Disabled:Compartilhamento de aplicativo RTC [2006/08/22 12:45:55 | 00,159,744 | ---- | M] () -- C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2007/10/28 10:02:12 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Arquivos de programas\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III [2008/06/26 21:01:35 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- C:\Arquivos de programas\Warcraft III\War3.exe:*:Enabled:Warcraft III [2007/03/01 20:11:22 | 00,043,008 | ---- | M] () -- C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent [2008/04/13 23:20:56 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test [2008/03/17 11:26:34 | 00,106,496 | ---- | M] () -- C:\Arquivos de programas\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client [2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook [2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove [2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote [2009/02/05 14:19:51 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox [2009/01/19 16:16:23 | 03,316,496 | ---- | M] (Garena Interactive PTE LTD) -- C:\Arquivos de programas\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena [2008/04/13 15:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 File not found -- C:\Documents and Settings\Microsoft\Desktop\ggbypass\gameguard.exe:*:Enabled:GameGuard Server [2008/09/16 14:34:17 | 01,082,000 | ---- | M] (Blizzard Entertainment) -- C:\Arquivos de programas\World Of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader [2007/10/18 11:34:46 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [2008/04/13 23:21:10 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger File not found -- C:\Documents and Settings\Microsoft\Configurações locais\Temp\SpyOne V1.0.2.exe:*:Enabled:Remote Administrator Tool ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{062BFFA1-0CCC-400B-B840-F162328D8C00}"=winLAME prerelease4 "{10E1E87C-656C-4D08-86D6-5443D28583BE}"=TrayApp "{13B792AA-C078-43A4-8A3A-8B12D629940D}"=Counter-Strike 1.6 "{13F00518-807A-4B3A-83B0-A7CD90F3A398}"=MarketResearch "{1753255A-0AEB-4220-8C75-607B73F0C133}"=Copy "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher "{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform "{22466889-7642-488d-AA0E-F619704CF7AB}"=DeviceDiscovery "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}"=WebReg "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}"=Scan "{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8 "{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7 "{350C97BB-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{35A3A4F4-B792-11D6-A78A-00B0D0142160}"=Java 2 SDK, SE v1.4.2_16 "{3A417047-2E30-4D05-8977-F706D40BFF39}"=Windows Live installer "{415CDA53-9100-476F-A7B2-476691E117C7}"=HP Smart Web Printing "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}"=HPSSupply "{498B4BF1-AD73-4AA8-99EB-18D400E42482}"=Novo Dicionário Aurélio "{4F763B06-A014-481B-951A-11AFCD667010}"=Global MU Online "{505AFDC0-5E72-4928-8368-5DEA385E3647}"=CorelDRAW Graphics Suite 12 "{543E938C-BDC4-4933-A612-01293996845F}"=UnloadSupport "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}"=The Sims 2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder "{6FCB49E0-C0FF-11D7-A015-00055DF4E7AC}"=168 PC Camera Driver "{7148F0A8-6813-11D6-A77B-00B0D0142160}"=Java 2 Runtime Environment, SE v1.4.2_16 "{72263053-50D1-4598-9502-51ED64E54C51}"=Borland Delphi 7 "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0 "{824D3839-DAA1-4315-A822-7AE3E620E528}"=VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}"=HP Photosmart Essential2.01 "{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}"=GG E-Sports Platform "{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}"=Windows Live Messenger "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer "{90120000-0010-0416-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 "{90120000-0015-0416-0000-0000000FF1CE}"=Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0416-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0416-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0416-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0416-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0416-0000-0000000FF1CE}"=Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0416-0000-0000000FF1CE}"=Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0416-0000-0000000FF1CE}"=Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0416-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0416-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0416-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0416-0000-0000000FF1CE}"=Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}"=F4100_Help "{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}"=F4100 "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}"=HP Update "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder "{AC76BA86-7AD7-1046-7B44-A70000000000}"=Adobe Reader 7.0 - Português "{AEA07F97-9088-497c-8821-0F36BD5DC251}"=HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}"=AIO_Scan "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistente de Conexão do Windows Live "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}"=F4100_doccd "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}"=DJ_AIO_Software_min "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}"=SolutionCenter "{CA50045C-5119-48e7-9BA7-6B317379857A}"=DJ_AIO_Software "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}"=Destination Component "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1"=AusLogics Disk Defrag "{E2662C24-B31E-4349-A084-32EB76E8B760}"=BufferChm "{E548726E-F4E8-459f-BAB8-45551BC071E9}"=DJ_AIO_ProductContext "{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer "{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}"=Mu "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}"=PSSWCORE "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}"=HP Deskjet All-In-One Software 9.0 "{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}"=Status "Ad-Aware SE Personal"=Ad-Aware SE Personal "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX "Adobe Flash Player Plugin"=Adobe Flash Player Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "Advanced WindowsCare V2 Personal_is1"=Advanced WindowsCare Personal 2.6.0 "AutoCAD R14.0 Uninstall"=AutoCAD R14.0 "avast!"=avast! Antivirus "BitTorrent"=BitTorrent 5.0.7 "CCleaner"=CCleaner (remove only) "CFWebAdvancedU"=CamfrogWEB Advanced ActiveX Plugin (remove only) "Desperados 1.0"=Desperados 1.0 "Dev-C++"=Dev-C++ 5 beta 9 release (4.9.9.2) "Discador Velox_is1"=LightDialer 3.0 "DVD Audio Ripper 4"=DVD Audio Ripper 4 "DVD Decrypter"=DVD Decrypter (Remove Only) "DVD Shrink_is1"=DVD Shrink 3.2 "EasyPHP_is1"=EasyPHP 1.8 "eMule"=eMule "ENTERPRISE"=Microsoft Office Enterprise 2007 "EVEREST Ultimate Edition_is1"=EVEREST Ultimate Edition v4.20 "Free DVD MP3 Ripper_is1"=Free DVD MP3 Ripper 1.12 "Free Video to Flash Converter_is1"=Free Video to Flash Converter version 3.1 "Free WMA to MP3 Converter_is1"=Free WMA to MP3 Converter 1.16 "Free YouTube Download_is1"=Free YouTube Download 2.2 "Free YouTube to Mp3 Converter_is1"=Free YouTube to Mp3 Converter version 2.4 "Free YouTube Uploader_is1"=Free YouTube Uploader version 2.1 "GTK 2.0"=Ambiente de tempo de execução do GTK+ 2.12.1 rev b (apenas remover) "GunboundWC_is1"=GunboundWC "HijackThis"=HijackThis 1.99.1 "HP Imaging Device Functions"=HP Imaging Device Functions 9.0 "HP Photosmart Essential"=HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools"=HP Solution Center 9.0 "HPExtendedCapabilities"=HP Customer Participation Program 9.0 "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "Informações Velox_is1"=Informações Velox "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}"=VIA Platform Device Manager "InterBase"=InterBase 6.5 "JCreator LE_is1"=JCreator LE 4.00 "JRE 1.2"=Java 2 Runtime Environment Standard Edition v1.2.2 "Kaspersky Online Scanner"=Kaspersky Online Scanner "LimeWire"=LimeWire 4.12.6 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "MemoriesOnTV3_is1"=MemoriesOnTV 3.1.8 "Mozilla Firefox (3.0.6)"=Mozilla Firefox (3.0.6) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "MV RegClean 3.9_is1"=MV RegClean 3.9 "Nero - Burning Rom!UninstallKey"=Nero OEM "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "NVIDIA Drivers"=NVIDIA Drivers "NVIDIA VGA Driver_is1"=CD_DRV_79 "PDF Editor 2"=PDF Editor 2 "PHP Editor"=PHP Editor "PHP Editor_is1"=PHP Editor 2.22 "Pidgin"=Pidgin "Programador de Modem_is1"=LightModem 3.0 "SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software "SMSERIAL"=Intel® 537EP Modem "Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4 "Steam"=Steam "Total Video Converter 3.12_is1"=Total Video Converter 3.12 080330 "Uninstall_is1"=Uninstall 1.0.0.0 "vbcpp40"=VisiBroker for Cpp 4.5 "Velox Check Up_is1"=Velox Check Up 1.0 "VeryPDF PDF2Word v3.0_is1"=VeryPDF PDF2Word v3.0 "VIA/S3G UniChrome Family Win2K/XP/Server2003 Display"=VIA/S3G Display Driver "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "Windows XP Service Pack"=Windows XP Service Pack 3 "WinRAR archiver"=Arquivo do WinRAR "WinZip"=WinZip "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 "wxWidgets_is1"=wxWidgets 2.8.9 "XP Codec Pack"=XP Codec Pack "ZBOT para Cs1.6_is1"=ZBOT para Cs1.6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III"=Warcraft III: All Products ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III"=Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 24/7/2008 10:37:38 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\TSBin\cs_Sims2Logo.jpg failed, 0000A420. Error - 24/7/2008 10:37:51 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\TSBin\th_Sims2Logo.jpg failed, 0000A420. Error - 24/7/2008 10:37:51 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\TSBin\zh-cn_Sims2Logo.jpg failed, 0000A420. Error - 24/7/2008 10:37:51 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\TSBin\zh-tw_Sims2Logo.jpg failed, 0000A420. Error - 26/7/2008 19:41:19 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\TSBin\cs_Sims2Logo.jpg failed, 0000A420. Error - 9/9/2008 13:40:17 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Unhandled exception in AavmProviderStop [inner], MAIL. Error - 7/10/2008 13:13:51 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\MICROSOFT\CONFIGURAçõES LOCAIS\DADOS DE APLICATIVOS\MICROSOFT\WINDOWS LIVE CONTACTS\SAVIOS22@HOTMAIL.COM\REAL\CONTACTCOLL.CACHE failed, 00000005. Error - 7/10/2008 13:13:51 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\MICROSOFT\CONFIGURAçõES LOCAIS\DADOS DE APLICATIVOS\MICROSOFT\WINDOWS LIVE CONTACTS\SAVIOS22@HOTMAIL.COM\REAL\MEMBERS.STG failed, 00000005. Error - 20/1/2009 14:28:52 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://download.microsoft.com/download/D/9...B93AB8C0/VB.iso failed, 00000084. Error - 26/1/2009 13:45:47 | Computer Name = MICROSOF-UB1DVN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://download.microsoft.com/download/F/B...5D09D59/VCS.img failed, 00000084. [ Application Events ] Error - 13/1/2009 09:03:24 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6331.5000, stamp 48fa27b4, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Error - 24/1/2009 17:11:09 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6331.5000, stamp 48fa27b4, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Error - 29/1/2009 10:16:00 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6331.5000, stamp 48fa27b4, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Error - 1/2/2009 07:05:32 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6331.5000, stamp 48fa27b4, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Error - 4/2/2009 11:38:41 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application powerpnt.exe, version 12.0.6300.5000, stamp 47606dee, faulting module mso.dll, version 12.0.6320.5000, stamp 485ae817, debug? 0, fault address 0x00217ba2. Error - 4/2/2009 11:43:45 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6331.5000, stamp 48fa27b4, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Error - 5/2/2009 19:33:43 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application powerpnt.exe, version 12.0.6300.5000, stamp 47606dee, faulting module mso.dll, version 12.0.6320.5000, stamp 485ae817, debug? 0, fault address 0x00217ba2. Error - 5/2/2009 20:45:30 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application powerpnt.exe, version 12.0.6300.5000, stamp 47606dee, faulting module mso.dll, version 12.0.6320.5000, stamp 485ae817, debug? 0, fault address 0x00217ba2. Error - 5/2/2009 20:46:22 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6331.5000, stamp 48fa27b4, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Error - 17/2/2009 12:37:49 | Computer Name = MICROSOF-UB1DVN | Source = Spybot - Search & Destroy | ID = 0 Description = [ OSession Events ] Error - 17/11/2008 18:37:09 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 48 seconds with 0 seconds of active time. This session ended with a crash. Error - 19/11/2008 20:04:33 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 99 seconds with 60 seconds of active time. This session ended with a crash. Error - 19/11/2008 20:06:58 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 115 seconds with 60 seconds of active time. This session ended with a crash. Error - 19/11/2008 20:08:45 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 82 seconds with 60 seconds of active time. This session ended with a crash. Error - 24/11/2008 21:12:35 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 719 seconds with 240 seconds of active time. This session ended with a crash. Error - 30/11/2008 21:53:00 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2058 seconds with 480 seconds of active time. This session ended with a crash. Error - 8/1/2009 15:16:52 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 813 seconds with 540 seconds of active time. This session ended with a crash. Error - 4/2/2009 11:38:37 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 166 seconds with 120 seconds of active time. This session ended with a crash. Error - 5/2/2009 19:33:35 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 279 seconds with 60 seconds of active time. This session ended with a crash. Error - 5/2/2009 20:45:28 | Computer Name = MICROSOF-UB1DVN | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4311 seconds with 2700 seconds of active time. This session ended with a crash. [ System Events ] Error - 15/2/2009 20:44:00 | Computer Name = MICROSOF-UB1DVN | Source = Dhcp | ID = 1000 Description = O computador perdeu a concessão para o endereço IP 192.168.254.3 na placa de rede com o endereço de rede 0013D3CA1C40. Error - 17/2/2009 19:32:59 | Computer Name = MICROSOF-UB1DVN | Source = Dhcp | ID = 1000 Description = O computador perdeu a concessão para o endereço IP 192.168.254.3 na placa de rede com o endereço de rede 0013D3CA1C40. Error - 17/2/2009 19:38:57 | Computer Name = MICROSOF-UB1DVN | Source = Dhcp | ID = 1000 Description = O computador perdeu a concessão para o endereço IP 192.168.254.3 na placa de rede com o endereço de rede 0013D3CA1C40. Error - 17/2/2009 19:39:28 | Computer Name = MICROSOF-UB1DVN | Source = Service Control Manager | ID = 7011 Description = Tempo limite (30000 milissegundos) esperando por uma resposta do serviço Dnscache. Error - 17/2/2009 19:58:34 | Computer Name = MICROSOF-UB1DVN | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço avast! Web Scanner se conecte. Error - 17/2/2009 19:58:34 | Computer Name = MICROSOF-UB1DVN | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço avast! Web Scanner devido ao seguinte erro: %%1053 Error - 18/2/2009 11:24:05 | Computer Name = MICROSOF-UB1DVN | Source = Service Control Manager | ID = 7011 Description = Tempo limite (30000 milissegundos) esperando por uma resposta do serviço Dnscache. Error - 18/2/2009 11:32:35 | Computer Name = MICROSOF-UB1DVN | Source = Service Control Manager | ID = 7011 Description = Tempo limite (30000 milissegundos) esperando por uma resposta do serviço Dnscache. Error - 18/2/2009 11:33:09 | Computer Name = MICROSOF-UB1DVN | Source = Service Control Manager | ID = 7011 Description = Tempo limite (30000 milissegundos) esperando por uma resposta do serviço Dnscache. Error - 18/2/2009 11:33:45 | Computer Name = MICROSOF-UB1DVN | Source = Dhcp | ID = 1000 Description = O computador perdeu a concessão para o endereço IP 192.168.254.3 na placa de rede com o endereço de rede 0013D3CA1C40. < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 19, 2009 Boa Tarde! doctor <@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 ) <@> Salve-o no Desktop! --> Tire-o do zip! <@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall ) <@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link <@> Execute a ferramenta,com um duplo-clique em UsbFix.exe. <@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... ) <@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok. <@> O computador irá reiniciar. <-- Aguarde! <@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta. <@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante! <@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter. <@> Poste o relatório,que estará em: C:\UsbFix.txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
doctor 0 Denunciar post Postado Fevereiro 27, 2009 mals a demora^^ carnaval ^^ segue o log -------------- UsbFix V2.395 --------------- * User : Microsoft - MICROSOF-UB1DVN * Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8 * Recherche effectuée à 12:16:38 le --- 27/02/2009 * Windows Xp - Internet Explorer 7.0.5730.13 --------------- [ Processus actifs ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\DOCUME~1\MICROS~1\CONFIG~1\Temp\1.tmp\b2e.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe --------------- [ Informations lecteurs ] ---------------- C: - Unidade de disco fixo E: - Unidade de CD-ROM F: - Unidade de disco remov¡vel +- Contenu de l'autorun : E:\autorun.inf +- Contenu de l'autorun : F:\autorun.inf --------------- [ Registre / Startup ] ---------------- ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SoundMan REG_SZ SOUNDMAN.EXE avast! REG_SZ C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup QuickTime Task REG_SZ "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe --------------- [ Registre / Mountpoint2 ] ---------------- Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294a47a5-d9f1-11dd-8713-0013d3ca1c40}\Shell\AutoRun\command Supprimé ! - HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294a47a5-d9f1-11dd-8713-0013d3ca1c40}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294a47a5-d9f1-11dd-8713-0013d3ca1c40}\Shell\open\Command Supprimé ! - HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294a47a5-d9f1-11dd-8713-0013d3ca1c40}\Shell\open\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\AutoRun\command Supprimé ! - HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\explore\Command Supprimé ! - HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\explore\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\open\Command Supprimé ! - HKEY_USERS\S-1-5-21-1708537768-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50c87227-d926-11dd-8710-0013d3ca1c40}\Shell\open\Command --------------- [ Nettoyage des disques ] ---------------- Supprimé ! - C:\WINDOWS\system32\autorun.inf Echec de la supression !! - E:\autorun.exe Echec de la supression !! - E:\autorun.inf Echec de la supression !! - E:\setup.exe Echec de la supression !! - E:\autorun.inf Echec de la supression !! - E:\AutoRun Echec de la supression !! - F:\autorun.inf Echec de la supression !! - F:\autorun.inf --------------- ! Fin du rapport ! ---------------- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 28, 2009 Bom Dia! doctor <@> Baixe: < Norman Malware Cleaner > <@> Salve-o no desktop. <@> Abra o arquivo e clique em Executar --> Accept. <@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... ) <@> Clique em "Start scan" --> Aguarde! <@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
doctor 0 Denunciar post Postado Março 4, 2009 log abaixo Norman Malware Cleaner Copyright © 1990 - 2009, Norman ASA. Built 2009/03/02 09:11:48 Norman Scanner Engine Version: 6.00.06 Nvcbin.def Version: 6.00.00, Date: 2009/03/02 09:11:48, Variants: 2926698 Scan started: 03/03/2009 12:41:06 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Logged on user: MICROSOF-UB1DVN\Microsoft Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop -> NoChangingWallPaper = 0x00000000 Removed hosts entry: 0.0.0.0 www.belasnifetas.com Removed hosts entry: 0.0.0.0 www.marcelinha.com Removed hosts entry: 0.0.0.0 www.sexocean.com Removed hosts entry: 0.0.0.0 www.mandamusica.net Removed hosts entry: 0.0.0.0 www.recadosonline.com Removed hosts entry: 0.0.0.0 www.sonico.com Removed hosts entry: 0.0.0.0 www.recadopop.com Removed hosts entry: 0.0.0.0 www.meusrecados.com Scanning running processes and process memory... Number of processes/threads found: 1881 Number of processes/threads scanned: 1881 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 1m 9s Scanning file system... Scanning: C:\*.* C:\Arquivos de programas\BitTorrent\bittorrent.exe (Infected with W32/Virtumonde.KEG) Removed registry value: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Arquivos de programas\BitTorrent\bittorrent.exe = "C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" Removed registry key: HKCR\Applications\ -> bittorrent.exe Deleted file C:\Arquivos de programas\eMule\Temp\001.part/CMT (Error whilst scanning file: I/O Error (0x00220000)) C:\Arquivos de programas\eMule\Temp\001.part.met/unknown0 (Error whilst scanning file: I/O Error (0x00220005)) C:\Arquivos de programas\HTV\HTV.003 (Infected with W32/Ardamax.CRO) Deleted file C:\Arquivos de programas\HTV\HTV.004 (Infected with Ardamax.gen2) Deleted file C:\Arquivos de programas\HTV\HTV.006 (Infected with W32/Ardamax.DZH) Deleted file C:\Arquivos de programas\HTV\HTV.007 (Infected with W32/Ardamax.CRP) Deleted file C:\Arquivos de programas\Infogrames\Desperados\Game\Data\Configuration\debug.log/unknown0 (Error whilst scanning file: I/O Error (0x00000026)) C:\Arquivos de programas\Infogrames\Desperados\Game\Data\Configuration\debug.tmp/unknown0 (Error whilst scanning file: I/O Error (0x00000026)) C:\Arquivos de programas\Ocean Technology\GG E-Sports Platform\plugins\FixedUpdatePlugin.dll (Infected with W32/DLoader.HJDF) Deleted file Running post-scan cleanup routine: Number of files found: 325492 Number of archives unpacked: 1569 Number of files scanned: 325475 Number of files not scanned: 17 Number of files skipped due to exclude list: 0 Number of infected files found: 6 Number of infected files repaired/deleted: 6 Number of infections removed: 6 Total scanning time: 1h 19m 35s Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 4, 2009 Boa Tarde! doctor <@> Faça um scan online em: < Kaspersky > <@> Utilize para isso,o navegador Internet Explorer. <!> Acesse o site,e clique em: < > <@> Na próxima página,clique em: I Accept <@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados. <@> Na próxima página,clique em: My Computer e faça o scan. <@> Tenha paciência! <@> Aguarde a atualização da base de dados,e também do exame,que é demorado. <@> Terminando,salve e poste o relatório. <@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt ) <@> Salve o resultado como .txt,segundo a imagem abaixo: <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Abril 5, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
