Jowast 0 Denunciar post Postado Dezembro 14, 2009 Efetuei um pagamento via boleto e,recebi um e-mail de confirmação. Este e-mail,veio de uma "empresa" com a terminação *scr.dll .Removi o e-mail e rodei o antivirus Microsoft Security Essentials quase que de imediato,não tendo encontrada nenhuma ameaça. Acontece que algumas páginas demoram para serem carregadas,travam ou dão a mensagem de "Não Respondendo",inclusive fechando sem solicitação. Atualizo o antivirus diariamente,assim como o antispam.Faço semanalmente uma varredura completa no sistema e,verificações diárias com o Advanced Sistem Care. Gostaria de saber se há possibilidade do computador estar infectado e,em caso positivo,como me livrar desta praga. Quero saber também como enviar as informações de escaneamento para analize. Agradeço antecipadamente qualquer ajuda. Saudações Jowast Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 14, 2009 Efetuei um pagamento via boleto e,recebi um e-mail de confirmação. Este e-mail,veio de uma "empresa" com a terminação *scr.dll .Removi o e-mail e rodei o antivirus Microsoft Security Essentials quase que de imediato,não tendo encontrada nenhuma ameaça. Acontece que algumas páginas demoram para serem carregadas,travam ou dão a mensagem de "Não Respondendo",inclusive fechando sem solicitação. Atualizo o antivirus diariamente,assim como o antispam.Faço semanalmente uma varredura completa no sistema e,verificações diárias com o Advanced Sistem Care. Gostaria de saber se há possibilidade do computador estar infectado e,em caso positivo,como me livrar desta praga. Quero saber também como enviar as informações de escaneamento para analize. Agradeço antecipadamente qualquer ajuda. Saudações Jowast °°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°° Opa! Jowast <!> Poste o log do HijackThis,segundo este Tutorial. < Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! > Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Jowast 0 Denunciar post Postado Dezembro 14, 2009 Fiz o escaneamento com o Hijackthis,e salvei o resultado.Como faço para postar o Log no forum? Desculpem a minha falta de conhecimento,mas perguntar não ofende. Obrigado Jowast Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 14, 2009 Fiz o escaneamento com o Hijackthis,e salvei o resultado.Como faço para postar o Log no forum? Desculpem a minha falta de conhecimento,mas perguntar não ofende. Obrigado Jowast °°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°° Opa! Jowast <!> Vai aqui um singelo Tutorial. °°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°° < Como abrir um Tópico,em Segurança & Malwares > <!> Ps: Leia calmamente esse Tutorial,que conseguirás! :natal_smile: Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Jowast 0 Denunciar post Postado Dezembro 14, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:41:32, on 14/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\sm56hlpr.exe C:\Arquivos de programas\Lexmark 2600 Series\lxdnmon.exe C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe C:\Arquivos de programas\Lexmark 2600 Series\lxdnMsdMon.exe C:\WINDOWS\system32\lxdncoms.exe C:\Arquivos de programas\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Arquivos de programas\Shareaza\RazaWebHook32.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Arquivos de programas\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [lxdnamon] "C:\Arquivos de programas\Lexmark 2600 Series\lxdnamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Arquivos de programas\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSSE] "c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download with &Shareaza - res://C:\Arquivos de programas\Shareaza\RazaWebHook32.dll/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254061836968 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- End of file - 8790 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 14, 2009 Boa Tarde! Jowast <!> O log não apresenta entradas ruins. :natal_wink: °°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°° <@> Faça um escaneamento,online,em: < Eset Nod32 > <@> Utilize,para isso,o navegador Internet Explorer. <@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar. <@> Marque a caixa: "YES, I accept the Terms of Use" --> Start. <@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Jowast 0 Denunciar post Postado Dezembro 16, 2009 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=5ed24e6b600e2c4fb12da68d41b328ea # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-12-16 02:17:31 # local_time=2009-12-16 12:17:31 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 100 100 0 14693937 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=58849 # found=0 # cleaned=0 # scan_time=3033 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 16, 2009 Boa Tarde! Jowast <!> Parece que suas preocupações são infundadas,segundo o relatório em EsetNod32. :natal_smile: °°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°° <@> Baixe: < > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Segundo a imagem,mude a opção em "Output" para "Minimal Output". <@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". <@> Marque as caixas: <!> [] LOP check e [] Purity check <@> Clique em: < > --> Aguarde! <@> Poste: <1> OTL.txt <-- <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Jowast 0 Denunciar post Postado Dezembro 17, 2009 Aqui vai o log OTL Text. Fiz dois escaneamentos com o ESET NOD 32.Infelizmente só postei o segundo. No primeiro apareceram dois trojan,sendo um deles,uma variante do primeiro. Não deu para salvar o log e enviar para análise,(falta de energia aqui no bairro onde moro). OTL logfile created on: 17/12/2009 08:12:27 - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Jorge W\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1,09 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 48,81% Memory free 2,62 Gb Paging File | 2,07 Gb Available in Paging File | 78,99% Paging File free Paging file location(s): C:\pagefile.sys 1680 3360 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 149,04 Gb Total Space | 97,82 Gb Free Space | 65,64% Space Free | Partition Type: NTFS Drive D: | 30,63 Gb Total Space | 30,55 Gb Free Space | 99,75% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOUSE-06739836D Current User Name: Jorge W Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jorge W\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Arquivos de programas\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe (IObit) PRC - C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Arquivos de programas\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Lexmark 2600 Series\lxdnmon.exe () PRC - C:\Arquivos de programas\Lexmark 2600 Series\lxdnmsdmon.exe () PRC - C:\WINDOWS\system32\lxdncoms.exe ( ) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnserv.exe (Lexmark International, Inc.) PRC - C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) PRC - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) PRC - C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe (Nero AG) PRC - C:\WINDOWS\ZSSnp211.exe (ZSMCSNAP) PRC - C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe () PRC - C:\WINDOWS\Domino.exe () PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jorge W\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Autodesk Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (MsMpSvc) -- c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (gusvc) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (NMSAccessU) -- C:\Arquivos de programas\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe () SRV - (lxdn_device) -- C:\WINDOWS\System32\lxdncoms.exe ( ) SRV - (lxdnCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe () SRV - (InCDsrv) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) SRV - (NBService) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NMIndexingService) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (ZSMC30x) -- C:\WINDOWS\system32\drivers\ZS211.sys (ZSMC.Corporation) DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG) DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.) DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.) DRV - (VIASens) -- C:\WINDOWS\system32\drivers\viasens.sys (Sensaura Ltd) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1229272821-854245398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp IE - HKU\S-1-5-21-1229272821-854245398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/ IE - HKU\S-1-5-21-1229272821-854245398-725345543-1004\S-1-5-21-1229272821-854245398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Arquivos de programas\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-1229272821-854245398-725345543-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe () O4 - HKLM..\Run: [FaxCenterServer] C:\Arquivos de programas\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [lxdnamon] C:\Arquivos de programas\Lexmark 2600 Series\lxdnamon.exe () O4 - HKLM..\Run: [lxdnmon.exe] C:\Arquivos de programas\Lexmark 2600 Series\lxdnmon.exe () O4 - HKLM..\Run: [MSSE] c:\Arquivos de programas\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe (ZSMCSNAP) O4 - HKU\S-1-5-21-1229272821-854245398-725345543-1004..\Run: [Advanced SystemCare 3] C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe (IObit) O4 - HKU\S-1-5-21-1229272821-854245398-725345543-1004..\Run: [skinClock] C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe (Autodesk, Inc) O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O4 - Startup: C:\Documents and Settings\Jorge W\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1229272821-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1229272821-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download with &Shareaza - C:\Arquivos de programas\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (PokerStars) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1229272821-854245398-725345543-1004\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254061836968 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.210.29.143 200.210.29.141 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda) O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/09/25 14:01:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/17 08:09:33 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jorge W\Desktop\OTL.exe [2009/12/08 15:23:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\VS Revo Group [2009/12/06 14:37:06 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/12/06 14:37:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/12/06 14:37:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/12/04 19:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Desktop\fran [2009/12/02 09:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Desktop\Nascar [2009/12/01 09:08:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\DoctorWeb [2009/12/01 01:56:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\GrabPro [2009/11/27 10:04:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/11/27 09:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Configurações locais\Dados de aplicativos\Opera [2009/11/27 09:14:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Opera [2009/11/27 09:13:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Opera [2009/11/24 16:34:19 | 00,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cudart.dll [2009/11/24 16:34:19 | 00,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl [2009/11/24 16:34:05 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CPUID [2009/11/22 11:09:31 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\EA GAMES [2009/11/22 10:44:02 | 00,442,368 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll [2009/11/20 08:22:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data [2009/11/20 08:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Lexmark Productivity Studio [2009/11/18 08:35:41 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2009/11/18 08:27:07 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Security Essentials [2009/11/17 22:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Desktop\Vampires Diares [2009/11/17 20:34:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jorge W\Meus documentos\Eidos [2009/11/17 20:26:25 | 00,000,000 | ---D | C] -- C:\afb42580599b94411e9747c57719e1a4 [2009/11/17 20:08:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Eidos [2009/09/27 13:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft [2009/09/25 17:35:56 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll [2009/09/25 17:35:56 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll [2009/09/25 17:35:56 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll [2009/09/25 17:35:55 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll [2009/09/25 17:35:55 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll [2009/09/25 17:35:54 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll [2009/09/25 17:35:54 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll [2009/09/25 17:35:54 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll [2009/09/25 17:35:53 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll [2009/09/25 17:35:51 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll [2009/09/25 17:35:51 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll [2009/09/25 16:05:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft [2009/09/25 14:04:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft [2009/09/25 14:01:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/17 08:14:00 | 00,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{94B1F060-D3C2-40BD-B545-6FD1176C3752}.job [2009/12/17 08:05:32 | 00,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2EE71FF6-490A-492F-B930-F23EA86658BE}.job [2009/12/17 08:04:27 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk [2009/12/17 08:04:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/17 08:04:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/17 08:04:10 | 11,739,34080 | -HS- | M] () -- C:\hiberfil.sys [2009/12/16 22:56:43 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Jorge W\NTUSER.DAT [2009/12/16 22:56:43 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Jorge W\ntuser.ini [2009/12/16 22:56:35 | 15,000,916 | -H-- | M] () -- C:\Documents and Settings\Jorge W\Configurações locais\Dados de aplicativos\IconCache.db [2009/12/12 21:20:03 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jorge W\Desktop\OTL.exe [2009/12/10 21:42:44 | 00,008,255 | ---- | M] () -- C:\WINDOWS\WDIC.INI [2009/12/09 08:30:03 | 01,060,812 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/09 08:30:03 | 00,468,108 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2009/12/09 08:30:03 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/09 08:30:03 | 00,079,022 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2009/12/09 08:30:03 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/09 08:26:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/12/08 18:55:47 | 00,000,807 | ---- | M] () -- C:\WINDOWS\win.ini [2009/12/08 18:55:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/08 18:55:47 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009/12/08 09:33:38 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/12/06 22:00:00 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job [2009/12/04 21:13:26 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Jorge W\Desktop\Orbit.lnk [2009/12/02 06:53:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/28 09:30:36 | 00,000,144 | ---- | M] () -- C:\WINDOWS\festo.ini [2009/11/27 09:14:10 | 00,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2009/11/24 14:52:27 | 00,000,052 | ---- | M] () -- C:\Documents and Settings\Jorge W\Meus documentos\Mulher de Fases - Raimundos.m3u [2009/11/20 08:42:47 | 00,010,214 | ---- | M] () -- C:\Documents and Settings\Jorge W\Meus documentos\Lista de materiais.odt [2009/11/20 08:29:14 | 00,098,769 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf [2009/11/18 08:27:59 | 00,049,432 | ---- | M] () -- C:\Documents and Settings\Jorge W\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [2009/11/18 08:27:09 | 00,000,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/11/18 08:20:43 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2009/11/17 22:04:31 | 00,419,399 | ---- | M] () -- C:\AnalysisLog.sr0 [2009/11/17 21:15:50 | 00,005,120 | ---- | M] () -- C:\Documents and Settings\Jorge W\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/17 20:30:23 | 00,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/08 18:55:45 | 00,002,026 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk [2009/12/04 21:13:40 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk [2009/12/04 09:05:43 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/11/27 09:14:10 | 00,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2009/11/24 16:34:19 | 00,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll [2009/11/24 14:52:27 | 00,000,052 | ---- | C] () -- C:\Documents and Settings\Jorge W\Meus documentos\Mulher de Fases - Raimundos.m3u [2009/11/20 08:42:45 | 00,010,214 | ---- | C] () -- C:\Documents and Settings\Jorge W\Meus documentos\Lista de materiais.odt [2009/11/18 08:27:09 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/11/17 20:41:43 | 00,419,399 | ---- | C] () -- C:\AnalysisLog.sr0 [2009/11/17 20:27:25 | 00,226,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat [2009/11/07 10:14:33 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/10/14 11:05:49 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.zreglib [2009/10/13 07:51:40 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\Jorge W\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/25 20:03:39 | 00,008,255 | ---- | C] () -- C:\WINDOWS\WDIC.INI [2009/09/25 18:07:16 | 00,000,162 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/09/25 17:39:43 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll [2009/09/25 17:39:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll [2009/09/25 17:38:54 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll [2009/09/25 17:38:54 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll [2009/09/25 17:38:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll [2009/09/25 17:38:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll [2009/09/25 17:38:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL [2009/09/25 17:38:16 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL [2009/09/25 17:38:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL [2009/09/25 17:36:07 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini [2009/09/25 17:35:57 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll [2009/09/25 17:35:53 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll [2009/09/25 14:59:00 | 00,000,144 | ---- | C] () -- C:\WINDOWS\festo.ini [2004/09/29 12:26:46 | 00,000,774 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI ========== LOP Check ========== [2009/09/27 12:07:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk [2009/10/14 11:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft [2009/09/27 12:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Autodesk [2009/09/25 17:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\BrOffice.org [2009/09/25 15:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Foxit [2009/12/01 01:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\GrabPro [2009/09/25 20:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\IObit [2009/11/20 08:20:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Lexmark Productivity Studio [2009/11/27 09:14:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Opera [2009/12/17 08:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Orbit [2009/09/25 21:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jorge W\Dados de aplicativos\Shareaza [2009/12/06 22:00:00 | 00,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job [2009/12/17 08:05:32 | 00,000,458 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2EE71FF6-490A-492F-B930-F23EA86658BE}.job [2009/12/17 08:14:00 | 00,000,456 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{94B1F060-D3C2-40BD-B545-6FD1176C3752}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Jorge W\Meus documentos\Shareaza Downloads:Shareaza.GUID < End of report > Agora o LOG Extras Text OTL Extras logfile created on: 17/12/2009 08:12:27 - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Jorge W\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1,09 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 48,81% Memory free 2,62 Gb Paging File | 2,07 Gb Available in Paging File | 78,99% Paging File free Paging file location(s): C:\pagefile.sys 1680 3360 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 149,04 Gb Total Space | 97,82 Gb Free Space | 65,64% Space Free | Partition Type: NTFS Drive D: | 30,63 Gb Total Space | 30,55 Gb Free Space | 99,75% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOUSE-06739836D Current User Name: Jorge W Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [mega] -- "C:\Arquivos de programas\Megacubo\megacubo.exe" "%1" (Megacubo) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Orbitdownloader\orbitdm.exe" = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Arquivos de programas\Orbitdownloader\orbitnet.exe" = C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Arquivos de programas\Lexmark 2600 Series\lxdnamon.exe" = C:\Arquivos de programas\Lexmark 2600 Series\lxdnamon.exe:*:Enabled:Lexmark Device Monitor -- () "C:\Arquivos de programas\Lexmark 2600 Series\frun.exe" = C:\Arquivos de programas\Lexmark 2600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- () "C:\Arquivos de programas\Lexmark Fax Solutions\FaxCtr.exe" = C:\Arquivos de programas\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software -- () "C:\Arquivos de programas\Lexmark 2600 Series\lxdnmon.exe" = C:\Arquivos de programas\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "E:\CDS\Nero\Installation\SetupX.exe" = E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found "C:\Arquivos de programas\Megacubo\megacubo.exe" = C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo -- (Megacubo) "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnwbgw.exe:*:Enabled:Lexmark Web Gateway -- () "C:\Arquivos de programas\Shareaza\Shareaza.exe" = C:\Arquivos de programas\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team) "C:\Arquivos de programas\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe" = C:\Arquivos de programas\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: -- () "C:\Arquivos de programas\Opera\opera.exe" = C:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Arquivos de programas\Internet Explorer\iexplore.exe" = C:\Arquivos de programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14592A8E-4DA6-4338-A9D5-E16449647EC3}" = Championship Manager 2010 (September Data Patch) "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 17 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211) "{45B3A3BD-F90D-48FE-A147-D74878A51046}" = Nero 7 Essentials "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English "{5CA7899B-FFEC-4254-A05B-448420831F37}" = Championship Manager 2010 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{85A43AFC-4E08-41F3-AA13-453658FEE6C8}" = MPEG2 CODEC "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8EF54987-EE4A-4096-90CB-8B21214B50E8}" = Microsoft Antimalware Service PT-BR Language Pack "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE853177-215B-4C6D-AB90-3DCE66BA7D75}" = BrOffice.org 3.1 "{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "Apollo 3GP Video Converter_is1" = Apollo 3GP Video Converter 2.4.0 "Autodesk DWF Viewer" = Autodesk DWF Viewer "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Decrypter" = DVD Decrypter (Remove Only) "ESET Online Scanner" = ESET Online Scanner v3 "Festo Fluidsim_is1" = Festo FluidSim 3.6 "Foxit Reader" = Foxit Reader "Free Desktop Clock_is1" = Free Desktop Clock 2.2 "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "Lexmark 2600 Series" = Lexmark 2600 Series "Lexmark Fax Solutions" = Soluções de Fax Lexmark "Megacubo_is1" = Megacubo 7.1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyDefrag v4.2.3_is1" = MyDefrag v4.2.3 "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "PC Wizard 2009_is1" = PC Wizard 2009.1.9111 "Percautus Radio_is1" = Percautus Radio 1.5.1 "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "RealPlayer 12.0" = RealPlayer "Revo Uninstaller" = Revo Uninstaller 1.83 "S3Display" = S3Display "S3Gamma2" = S3Gamma2 "S3Info2" = S3Info2 "S3Overlay" = S3Overlay "Shareaza_is1" = Shareaza 2.5.0.0 "ShockwaveFlash" = Macromedia Flash Player 8 "SMSERIAL" = Motorola SM56 Speakerphone Modem "SopCast" = SopCast 3.0.3 "WDIC" = Dic Michaelis - UOL "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WinX DVD Author_is1" = WinX DVD Author 5.5.8 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1229272821-854245398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/10/2009 09:08:10 | Computer Name = HOUSE-06739836D | Source = Application Error | ID = 1000 Description = Aplicativo com falha shareaza.exe, versão 2.4.0.0, módulo com falha mediaplayer.dll, versão 1.6.3.0, endereço com falha 0x00008468. Error - 18/10/2009 08:15:15 | Computer Name = HOUSE-06739836D | Source = Application Error | ID = 1000 Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x628e12b0. Error - 29/10/2009 19:04:48 | Computer Name = HOUSE-06739836D | Source = Application Error | ID = 1000 Description = Aplicativo com falha realplay.exe, versão 12.0.0.301, módulo com falha rv40.dll, versão 10.0.1.735, endereço com falha 0x00003ca2. Error - 7/11/2009 00:35:58 | Computer Name = HOUSE-06739836D | Source = Application Error | ID = 1000 Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com falha flash10c.ocx, versão 10.0.32.18, endereço com falha 0x00180f89. Error - 7/11/2009 18:39:59 | Computer Name = HOUSE-06739836D | Source = Application Error | ID = 1000 Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com falha flash10c.ocx, versão 10.0.32.18, endereço com falha 0x00204711. [ System Events ] Error - 4/12/2009 14:16:49 | Computer Name = HOUSE-06739836D | Source = Print | ID = 6161 Description = O documento Página de teste, de propriedade de Jorge W, não pôde ser impresso na impressora Lexmark 2600 Series. Tipo de dados: LEMF. Tamanho do arquivo de spool em bytes: 395353. Número de bytes impressos: 395353. Número total de páginas do documento: 1. Número de páginas impressas: 0. Computador cliente: \\HOUSE-06739836D. Código de erro do Win32 retornado pelo processador de impressão: 0 (0x0). Error - 4/12/2009 14:17:46 | Computer Name = HOUSE-06739836D | Source = Print | ID = 6161 Description = O documento Página de teste, de propriedade de Jorge W, não pôde ser impresso na impressora Lexmark 2600 Series. Tipo de dados: LEMF. Tamanho do arquivo de spool em bytes: 395353. Número de bytes impressos: 395353. Número total de páginas do documento: 1. Número de páginas impressas: 0. Computador cliente: \\HOUSE-06739836D. Código de erro do Win32 retornado pelo processador de impressão: 0 (0x0). Error - 4/12/2009 14:18:21 | Computer Name = HOUSE-06739836D | Source = Print | ID = 6161 Description = O documento Página de teste, de propriedade de Jorge W, não pôde ser impresso na impressora Lexmark 2600 Series. Tipo de dados: LEMF. Tamanho do arquivo de spool em bytes: 395353. Número de bytes impressos: 395353. Número total de páginas do documento: 1. Número de páginas impressas: 0. Computador cliente: \\HOUSE-06739836D. Código de erro do Win32 retornado pelo processador de impressão: 0 (0x0). Error - 4/12/2009 18:30:39 | Computer Name = HOUSE-06739836D | Source = Dhcp | ID = 1002 Description = A concessão 187.2.197.66 do endereço IP para a placa de rede com endereço de rede 000FEAA04BC6 foi negada pelo servidor DHCP 192.168.100.1 (O servidor DHCP enviou uma mensagem DHCPNACK). Error - 4/12/2009 18:31:00 | Computer Name = HOUSE-06739836D | Source = Dhcp | ID = 1002 Description = A concessão 192.168.100.2 do endereço IP para a placa de rede com endereço de rede 000FEAA04BC6 foi negada pelo servidor DHCP 192.168.100.1 (O servidor DHCP enviou uma mensagem DHCPNACK). Espero ter feito direito. Um abraçorge Washington (Jowast) < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 17, 2009 Boa Tarde! Jowast <@> Execute o OTL.exe. <@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes ) :FilesC:\Documents and Settings\Jorge W\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini :Commands [purity] [emptytemp] <@> Clique no botão Run Fix --> Aguarde a conclusão! <@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Jowast 0 Denunciar post Postado Dezembro 18, 2009 All processes killed Error: Unable to interpret <Files> in the current context! Error: Unable to interpret <C:\Documents and Settings\Jorge W\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Jorge W ->Temp folder emptied: 4119263 bytes ->Temporary Internet Files folder emptied: 57507750 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 211726 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134162 bytes %systemroot%\System32 .tmp files removed: 2969 bytes Windows Temp folder emptied: 1701646 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 62,79 mb OTL by OldTimer - Version 3.1.17.0 log created on 12182009_082150 Files\Folders moved on Reboot... C:\WINDOWS\temp\TMP000000013882EC73A87792CE moved successfully. File\Folder C:\WINDOWS\temp\TMP00000003F380779D2E08CA4C not found! Registry entries deleted on Reboot... Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 18, 2009 Bom Dia! Jowast <@> Abra o OTL.exe --> Clique em --> Aguarde! <@> Na solicitação,clique OK --> Reinicie o computador! °°°°°°°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°°°°°°° <@> Não havendo problemas,estabeleça um ponto limpo na Restauração do Sistema. <@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema. <@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok. <@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok. <@> Para maiores detalhes,leia o Tutorial: < Link > °°°°°°°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°°°°°°° <!> Seus logs estão limpos! :natal_smile: <!> Tudo Ok? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Jowast 0 Denunciar post Postado Dezembro 18, 2009 Fiz limpeza conforme foi descrito. Desmarquei a Recuperação do Sistema,e parece que o problema sumiu. Agradeço mais uma vez,à atenção que me foi dispensada. Um abraço e um Feliz Natal para toda equipe. Jorge Washington (Jowast) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 18, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
