[Resolvido!] Navegadores dando erro e travando

Bechir Bitar · Abril 17, 2010

Oba DigRam !!!

Quase não consigo baixar o a-squared Free Estou com um problema qua e net so vive caindo

Tai o log

A impressora ainda não está instalada.

Desconcidere o log anterior

Obrigado mais uma vez.

-------------------------------------------------------------------------------------------------------

a-squared Free - Versão 4.5

Última atualização 17/04/2010 09:24:41

Configurações da análise:

Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\, D:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

Início da análise: 17/04/2010 09:29:47

c:\windows\joker.exe detectado: Trace.File.Joker!A2

Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detectado: Trace.Registry.Ares Galaxy P2P Plus!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol detectado: Trace.Registry.Ares Galaxy P2P Plus!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@2o7[2].txt detectado: Trace.TrackingCookie.2o7!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@com[1].txt detectado: Trace.TrackingCookie.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@google.com[2].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@google.com[3].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@google.com[4].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@ig.com[1].txt detectado: Trace.TrackingCookie.ig.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@realmedia.com[1].txt detectado: Trace.TrackingCookie.realmedia.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@serving-sys[2].txt detectado: Trace.TrackingCookie.serving-sys!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@statcounter[2].txt detectado: Trace.TrackingCookie.statcounter!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@weborama[2].txt detectado: Trace.TrackingCookie.weborama!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269451658953000 detectado: Trace.TrackingCookie.doubleclick.net!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265001 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265003 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265004 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478543937002 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269554075625000 detectado: Trace.TrackingCookie.adwords.google.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269554075625001 detectado: Trace.TrackingCookie.adwords.google.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269554152656000 detectado: Trace.TrackingCookie.s4.shinystat.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269737529203000 detectado: Trace.TrackingCookie.d1.openx.org!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269884914703000 detectado: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269900606562000 detectado: Trace.TrackingCookie.ads.xpg.com.br!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270154669468000 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270154817578000 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270585648703000 detectado: Trace.TrackingCookie.tribalfusion.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270588109921000 detectado: Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003171000 detectado: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003171001 detectado: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003171002 detectado: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003203000 detectado: Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003203001 detectado: Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1271119628187000 detectado: Trace.TrackingCookie.ad1.clickhype.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1271458522718000 detectado: Trace.TrackingCookie.stat.onestat!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1271458522718001 detectado: Trace.TrackingCookie.stat.onestat!A2

Analisado

Arquivos: 72488

Objetos: 667059

Cookies: 622

Processos: 34

Encontrado

Arquivos: 0

Objetos: 3

Cookies: 37

Processos: 0

Chaves do registro: 0

Fim da análise: 17/04/2010 09:55:10

Duração da análise: 0:25:23

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1271458522718000 Em quarentena Trace.TrackingCookie.stat.onestat!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1271458522718001 Em quarentena Trace.TrackingCookie.stat.onestat!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1271119628187000 Em quarentena Trace.TrackingCookie.ad1.clickhype.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003203000 Em quarentena Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003203001 Em quarentena Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003171000 Em quarentena Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003171001 Em quarentena Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270920003171002 Em quarentena Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270585648703000 Em quarentena Trace.TrackingCookie.tribalfusion.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270154669468000 Em quarentena Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270154817578000 Em quarentena Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1270588109921000 Em quarentena Trace.TrackingCookie.www.googleadservices.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269900606562000 Em quarentena Trace.TrackingCookie.ads.xpg.com.br!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269884914703000 Em quarentena Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269737529203000 Em quarentena Trace.TrackingCookie.d1.openx.org!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269554152656000 Em quarentena Trace.TrackingCookie.s4.shinystat.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269554075625000 Em quarentena Trace.TrackingCookie.adwords.google.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269554075625001 Em quarentena Trace.TrackingCookie.adwords.google.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265000 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265001 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265003 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478136265004 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269478543937002 Em quarentena Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\cookies.sqlite:1269451658953000 Em quarentena Trace.TrackingCookie.doubleclick.net!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@weborama[2].txt Em quarentena Trace.TrackingCookie.weborama!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@statcounter[2].txt Em quarentena Trace.TrackingCookie.statcounter!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@serving-sys[2].txt Em quarentena Trace.TrackingCookie.serving-sys!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@realmedia.com[1].txt Em quarentena Trace.TrackingCookie.realmedia.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@ig.com[1].txt Em quarentena Trace.TrackingCookie.ig.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@google.com[2].txt Em quarentena Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@google.com[3].txt Em quarentena Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@google.com[4].txt Em quarentena Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@com[1].txt Em quarentena Trace.TrackingCookie.com!A2

C:\Documents and Settings\B&J Cyber\Cookies\b&j_cyber@2o7[2].txt Em quarentena Trace.TrackingCookie.2o7!A2

c:\windows\joker.exe Em quarentena Trace.File.Joker!A2

Em quarentena

Arquivos: 0

Objetos: 7

Cookies: 34

Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Excluído Trace.Registry.Ares Galaxy P2P Plus!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol Excluído Trace.Registry.Ares Galaxy P2P Plus!A2

Excluído

Arquivos: 0

Objetos: 2

Cookies: 0

DigRam · Abril 17, 2010

Boa Tarde! Bechir Bitar

<@> Baixe: < avz4en.zip > ou < >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update". < >

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Na aba "Search parameters",deixe o ajuste Heuristic analysis em "Minimum heuristics mode".

<@> Em Anti-Rootkit,marque: "Detect API hooks and Rootkits"

<@> Em Winsock Service Provider,marque todas as caixinhas.

<@> Na aba "File types",marque o botão "All files" ou "Potentially dangerous files".

<@> Deixe a caixa "Report clean objects",desmarcada!

<@> No menu "Automatic actions",marque: "Enable malware removal mode"

<@> Nos campos abaixo escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

Abraços!

Bechir Bitar · Abril 18, 2010

Boa noite DigRam

Eis os log's

view_log.txt (Oculoszinho)

D:\A-Download\Programas\Windows_XP_Genuine_Maker_By_AnOn.rar;1; not-a-virus:PSWTool.Win32.RAS.a

--------------------------------------------------------------------------------------------------

avz_log.txt

AVZ Antiviral Toolkit log; AVZ version is 4.32

Scanning started at 17/04/2010 16:16:56

Database loaded: signatures - 270673, NN profile(s) - 2, malware removal microprograms - 56, signature database released 15.04.2010 22:47

Heuristic microprograms loaded: 382

PVS microprograms loaded: 9

Digital signatures of system files loaded: 194669

Heuristic analyzer mode: Minimum heuristics mode

Malware removal mode: enabled

Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights

System Restore: enabled

1. Searching for Rootkits and other software intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=07BFA0)

Kernel ntkrnlpa.exe found in memory at address 804D7000

SDT = 80552FA0

KiST = 80501B8C (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analyzing CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking IRP handlers

Checking - complete

2. Scanning RAM

Number of processes found: 34

Number of modules loaded: 401

Scanning RAM - complete

3. Scanning disks

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgchjw.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgchjwsrv.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgcore.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgldr.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgns.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgrs.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgsched.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgui.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Log\avgwd.log

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

Direct reading: C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Internet Explorer\DOMStore\index.dat

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Messenger\ContactsLog.txt

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{9194abb3-fc55-4e93-9967-e5a744d8c7cc}\DBStore\contacts.edb

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{9194abb3-fc55-4e93-9967-e5a744d8c7cc}\DBStore\LogFiles\edb.log

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{9194abb3-fc55-4e93-9967-e5a744d8c7cc}\DBStore\LogFiles\edbtmp.log

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{9194abb3-fc55-4e93-9967-e5a744d8c7cc}\DBStore\tempedb.edb

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Histórico\History.IE5\index.dat

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

wow-partial-1.MPQ MailBomb detected !

Direct reading: C:\Documents and Settings\B&J Cyber\Cookies\index.dat

Direct reading: C:\Documents and Settings\B&J Cyber\IETldCache\index.dat

Direct reading: C:\Documents and Settings\B&J Cyber\ntuser.dat

Direct reading: C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading: C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading: C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading: C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading: C:\System Volume Information\_restore{C70F14DE-9D8D-4A4F-A71D-996D80C4A438}\RP291\change.log

Direct reading: C:\WINDOWS\SchedLgU.Txt

Direct reading: C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Direct reading: C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading: C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading: C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading: C:\WINDOWS\system32\config\default

Direct reading: C:\WINDOWS\system32\config\Internet.evt

Direct reading: C:\WINDOWS\system32\config\SAM

Direct reading: C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading: C:\WINDOWS\system32\config\SECURITY

Direct reading: C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading: C:\WINDOWS\system32\config\system

Direct reading: C:\WINDOWS\system32\config\TuneUp.evt

Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading: C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading: C:\WINDOWS\temp\Perflib_Perfdata_244.dat

Direct reading: C:\WINDOWS\WindowsUpdate.log

Direct reading: D:\System Volume Information\_restore{C70F14DE-9D8D-4A4F-A71D-996D80C4A438}\RP291\change.log

D:\A-Download\Programas\Windows_XP_Genuine_Maker_By_AnOn.rar/{RAR}/Windows XP Genuine Maker By AnOn\KeyFinder.exe/{RAR-SFX}/officekey.exe >>>>> not-a-virus:PSWTool.Win32.RAS.a

wow-partial-1.MPQ MailBomb detected !

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious software

Checking - disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun is allowed

>> Network drives autorun is allowed

>> Removable media autorun is allowed

Checking - complete

Files scanned: 216314, extracted from archives: 155899, malicious software found 1, suspicions - 0

Scanning finished at 17/04/2010 16:47:37

Time of scanning: 00:30:41

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

DigRam · Abril 19, 2010

Bom Dia! Bechir Bitar

<!> Avz4 não detectou malwares,potencialmente perniciosos à sua máquina.

<!> Desinstale: Avg9

00000000000000000000000

<@> Abra o avz4 e clique em AVZGuard --> Enable AVZGuard --> OK.

<@> Clique em "File" --> "Custom scripts".

<@> Cole,no campo,em "Runing scripts",estas informações que estão no CODE:

beginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('D:\A-Download\Programas\Windows_XP_Genuine_Maker_By_AnOn.rar','');DeleteFile('D:\A-Download\Programas\Windows_XP_Genuine_Maker_By_AnOn.rar');DeleteFile('C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat');DeleteFile('C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat');DeleteFile('C:\Documents and Settings\B&J Cyber\Configurações locais\Temporary Internet Files\Content.IE5\index.dat');BC_ImportDeletedList;ClearHostsFile;ExecuteSysClean;BC_Activate;RebootWindows(true);end.

<@> Busque erros de scripts,clicando em "Check syntax" --> OK.

<@> Não havendo erros,clique em Run. <-- Aguarde!

<@> Para completar as remoções,o computador irá reiniciar.

<@> Volte ao menu AVZGuard,e clique em "Disable AVZGuard" --> OK.

<@> Faça um novo scan,com o avz4 e poste o relatório. ( avz_log.txt )

Abraços!

Bechir Bitar · Abril 19, 2010

Boa tarde DigRam !!!

Feito como você pediu...

----------------------------------------------------------------------------------------------------------------

AVZ Antiviral Toolkit log; AVZ version is 4.32

Scanning started at 19/04/2010 16:49:46

Database loaded: signatures - 270673, NN profile(s) - 2, malware removal microprograms - 56, signature database released 15.04.2010 22:47

Heuristic microprograms loaded: 382

PVS microprograms loaded: 9

Digital signatures of system files loaded: 194669

Heuristic analyzer mode: Medium heuristics mode

Malware removal mode: enabled

Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights

System Restore: enabled

1. Searching for Rootkits and other software intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking IRP handlers

Checking - complete

2. Scanning RAM

Number of processes found: 28

Number of modules loaded: 374

Scanning RAM - complete

3. Scanning disks

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious software

Checking - disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun is allowed

>> Network drives autorun is allowed

>> Removable media autorun is allowed

Checking - complete

Files scanned: 112381, extracted from archives: 91861, malicious software found 0, suspicions - 0

Scanning finished at 19/04/2010 16:59:43

Time of scanning: 00:09:59

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

Bechir Bitar · Abril 19, 2010

Boa noite DigRam !!!

Depois que rodei o avz4

O tempo até mostrar que o dispositivo de rede está pronto caiu para 1 Minuto e 5 Segundos, instalei a impressora HP Deskjet F4280 subiu para 2 Minutos e 20 segundos.

E antes o tempo que levava era menos de 1 minuto, o que será que está havendo ?

Será que vamos conseguir resolver este problema ? Vale resaltar que o tempo que estava caiu consideravelmente...

Abraços.

DigRam · Abril 20, 2010

Bom Dia! Bechir Bitar

O tempo até mostrar que o dispositivo de rede está pronto caiu para 1 Minuto e 5 Segundos, instalei a impressora HP Deskjet F4280 subiu para 2 Minutos e 20 segundos.

E antes o tempo que levava era menos de 1 minuto, o que será que está havendo ?

<!> Em decorrência dos softwares que foram instalados,à posteriore,pode estar havendo conflitos.

Será que vamos conseguir resolver este problema ? Vale resaltar que o tempo que estava caiu consideravelmente...

<!> Procure desinstalar programas não-essenciais,que inicializam com o Windows,na diminuição desse tempo. Atente,inclusive,para algumas entradas da HP que podem ser desabilitadas.

000000000000000000000000

<@> Baixe: < XPSP2_NetSvcs > ( ...by sUBs )

<@> Descompacte-o para o desktop!

<!> Atualizado! :seta: < XPSP3_NetSvcs >

<@> Execute o ( .reg ),com um duplo-clique.

<@> Confirme a inserção ao registro --> Reinicie!

000000000000000000000000

<@> Abra o avz4 e clique em AVZGuard --> Enable AVZGuard --> OK.

<@> Clique em "File" --> "Custom scripts".

<@> Cole,no campo,em "Runing scripts",estas informações que estão no Code:

beginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('E:\p.exe','');QuarantineFile('E:\QMLLBp.Exe','');QuarantineFile('E:\ws.exe','');QuarantineFile('E:\windrive.exe','');QuarantineFile('E:\lmpx.exe','');QuarantineFile('E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe','');QuarantineFile('E:\pozuda\malena.exe','');QuarantineFile('E:\LaunchU3.exe','');DeleteFile('E:\LaunchU3.exe');DeleteFile('E:\pozuda\malena.exe');DeleteFile('E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe');DeleteFile('E:\lmpx.exe');DeleteFile('E:\windrive.exe');DeleteFile('E:\ws.exe');DeleteFile('E:\QMLLBp.Exe');DeleteFile('E:\p.exe');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{050c58ac-3c0b-11df-8065-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84806-3793-11df-805d-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84807-3793-11df-805d-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c93538f-4256-11df-8082-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c935391-4256-11df-8082-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4e0d22-a83b-11de-8fcd-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54b4cebc-68a7-11de-8f1d-00016c0678f9}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550a36ad-a129-11de-8fbd-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5baea245-9ed0-11de-8fb9-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95679f72-249b-11df-bffc-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf8b3d94-44b3-11df-8092-00016c066432}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc6e0379-67fc-11de-8f1c-00016c0678f9}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65b7be4-6bff-11de-8f23-00016c0678f9}');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7e1644c-335d-11df-8034-00016c066432}');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);end.

<@> Busque erros no scripts,clicando em "Check syntax" --> OK.

<@> Não havendo erros,clique em Run. <-- Aguarde!

<@> Para completar as remoções,o computador irá reiniciar.

<@> Terminando,clique em "Save".

<@> Salve este relatório no desktop,nomeado como: AVZScript.log <-- Poste!

<@> No menu AVZGuard,clique em "Disable AVZGuard" --> OK.

000000000000000000000000

<@> Execute,novamente,o OTS.exe

<@> Ps: Marque em Extras,todas as caixinhas.

<@> Ps: Desmarque a caixinha que habilita a verificação para Pcs "64 Bits".

<@> Clique em:

<@> Ps: Poste seu relatório,ao concluir.

Abraços!

Bechir Bitar · Abril 20, 2010

Boa tarde DigRamn

Ai estão os log´s para sua analize

Mais uma vez obrigado pela atenção.

-----

AVZ Antiviral Toolkit log; AVZ version is 4.32

Scanning started at 20/04/2010 10:56:38

Database loaded: signatures - 271172, NN profile(s) - 2, malware removal microprograms - 56, signature database released 19.04.2010 23:35

Heuristic microprograms loaded: 382

PVS microprograms loaded: 9

Digital signatures of system files loaded: 195743

Heuristic analyzer mode: Medium heuristics mode

Malware removal mode: enabled

Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights

System Restore: enabled

1. Searching for Rootkits and other software intercepting API functions

Searching for Rootkits and API hooks has been disabled by user

2. Scanning RAM

Number of processes found: 31

Number of modules loaded: 352

Scanning RAM - complete

3. Scanning disks

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\temp\~DF3268.tmp

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\temp\~DF4A25.tmp

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\temp\~DF8DD6.tmp

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\temp\~DF9DEE.tmp

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\temp\~DF9E81.tmp

Direct reading: C:\Documents and Settings\B&J Cyber\Configurações locais\temp\~DF9F73.tmp

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious software

Checking - disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun is allowed

>> Network drives autorun is allowed

>> Removable media autorun is allowed

Checking - complete

Files scanned: 139132, extracted from archives: 117174, malicious software found 0, suspicions - 0

Scanning finished at 20/04/2010 11:09:15

Time of scanning: 00:12:38

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

----------------

OTS logfile created on: 20/04/2010 13:19:44 - Run 2

OTS by OldTimer - Version 3.1.28.1 Folder = C:\Documents and Settings\B&J Cyber\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

959,00 Mb Total Physical Memory | 570,00 Mb Available Physical Memory | 59,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 20,02 Gb Total Space | 5,56 Gb Free Space | 27,76% Space Free | Partition Type: NTFS

Drive D: | 17,27 Gb Total Space | 7,87 Gb Free Space | 45,55% Space Free | Partition Type: FAT32

Drive E: | 982,05 Mb Total Space | 24,81 Mb Free Space | 2,53% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SERVIDOR400

Current User Name: B&J Cyber

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Quick Scan

[Processes - Safe List]

a2service.exe -> D:\A-Download\Programas\a-squared Free\a2service.exe -> [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH)

ots.exe -> C:\Documents and Settings\B&J Cyber\Desktop\OTS.exe -> [2010/04/11 22:38:49 | 000,638,464 | ---- | M] (OldTimer Tools)

jusched.exe -> C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe -> [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.)

clamtray.exe -> C:\Arquivos de programas\ClamWin\bin\ClamTray.exe -> [2009/11/03 21:49:02 | 000,086,016 | ---- | M] (alch)

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

sistray.exe -> C:\WINDOWS\system32\sistray.exe -> [2005/07/13 01:53:38 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation)

easyserver.exe -> D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe -> [2003/04/14 18:20:34 | 002,593,280 | ---- | M] ()

mdm.exe -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation)

[Modules - Safe List]

ots.exe -> C:\Documents and Settings\B&J Cyber\Desktop\OTS.exe -> [2010/04/11 22:38:49 | 000,638,464 | ---- | M] (OldTimer Tools)

framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]

(a2free) a-squared Free Service [Auto | Running] -> D:\A-Download\Programas\a-squared Free\a2service.exe -> [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH)

(MDM) Machine Debug Manager [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ ->

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->

HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com.br/ ->

HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->

< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\FireFox\Profiles\rzhc27jr.default\prefs.js ->

browser.startup.homepage -> "http://www.google.com.br/" ->

extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 ->

extensions.enabledItems -> jqs@sun.com:1.0 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->

network.proxy.ftp -> "localhost" ->

network.proxy.ftp_port -> 8080 ->

network.proxy.gopher -> "localhost" ->

network.proxy.gopher_port -> 8080 ->

network.proxy.http -> "localhost" ->

network.proxy.http_port -> 8080 ->

network.proxy.no_proxies_on -> "http://192.168.0.9:918,http://192.168.1.9:918" ->

network.proxy.socks -> "localhost" ->

network.proxy.socks_port -> 1080 ->

network.proxy.ssl -> "localhost" ->

network.proxy.ssl_port -> 8080 ->

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\extensions -> ->

HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\ARQUIVOS DE PROGRAMAS\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2010/03/16 16:58:57 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->

HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Arquivos de programas\Mozilla Firefox\components [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/03 19:18:08 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Arquivos de programas\Mozilla Firefox\plugins [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\PLUGINS] -> [2010/04/19 13:50:00 | 000,000,000 | ---D | M]

< FireFox Extensions [user Folders] > ->

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Extensions -> [2010/03/17 16:50:16 | 000,000,000 | ---D | M]

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org -> [2009/08/10 14:06:27 | 000,000,000 | ---D | M]

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\extensions -> [2009/06/22 20:36:30 | 000,000,000 | ---D | M]

No name found -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/06/24 18:43:55 | 000,000,000 | ---D | M]

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\extensions -> [2010/04/19 14:49:02 | 000,000,000 | ---D | M]

No name found -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash -> [2010/04/15 11:23:11 | 000,000,000 | ---D | M]

DownThemAll! -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2010/04/04 22:17:35 | 000,000,000 | ---D | M]

< FireFox Extensions [Program Folders] > ->

-> C:\Arquivos de programas\Mozilla Firefox\extensions -> [2010/04/19 14:49:02 | 000,000,000 | ---D | M]

Java Console -> C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/04/19 13:50:02 | 000,000,000 | ---D | M]

< HOSTS File > ([2010/04/19 13:15:40 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->

Reset Hosts

127.0.0.1 localhost

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2008/03/27 23:51:18 | 000,322,880 | ---- | M] (Hewlett-Packard Co.)

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/04/03 20:36:42 | 000,075,200 | ---- | M] (Adobe Systems Incorporated)

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)

{bf00e119-21a3-4fd1-b178-3b8537e75c92} [HKLM] -> D:\MegaIEMn.dll [ieMonitorBho Class] -> [2009/12/01 16:49:14 | 000,108,544 | ---- | M] (Megaupload Limited)

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/03/27 23:51:18 | 000,501,056 | ---- | M] (Hewlett-Packard Co.)

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"Adobe ARM" -> C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe ["C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/03/24 15:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated)

"ClamWin" -> C:\Arquivos de programas\ClamWin\bin\ClamTray.exe ["C:\Arquivos de programas\ClamWin\bin\ClamTray.exe" --logon] -> [2009/11/03 21:49:02 | 000,086,016 | ---- | M] (alch)

"SiSPower" -> C:\WINDOWS\System32\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> [2005/07/12 15:55:30 | 000,049,152 | R--- | M] (Silicon Integrated Systems Corporation)

"SunJavaUpdateSched" -> C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe ["C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"] -> [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.)

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar ->

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk -> C:\WINDOWS\system32\sistray.exe -> [2005/07/13 01:53:38 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation)

< B&J Cyber Startup Folder > -> C:\Documents and Settings\B&J Cyber\Menu Iniciar\Programas\Inicializar ->

< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions

\Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found

< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"HonorAutoRunSetting" -> [0] -> File not found

\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found

\\"NoDriveAutoRun" -> [255] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDeletePrinter" -> [0] -> File not found

\\"NoAddPrinter" -> [0] -> File not found

\\"NoSetTaskbar" -> [0] -> File not found

\\"NoNetHood" -> [0] -> File not found

\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found

\\"NoDriveAutoRun" -> [255] -> File not found

\\"HonorAutoRunSetting" -> [0] -> File not found

< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"NoSecCPL" -> [0] -> File not found

\\"NoPwdpage" -> [0] -> File not found

\\"NoProfilePage" -> [0] -> File not found

\\"NoDevMgrPage" -> [0] -> File not found

\\"NoConfigpage" -> [0] -> File not found

\\"NoFileSysPage" -> [0] -> File not found

\\"NoVirtMemPage" -> [0] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

&Download All using 4shared Desktop -> D:\A-Download\Diversos\RUI ALVES - SIGE PLUS\4shared Desktop\down_all.htm [D:\A-Download\Diversos\RUI ALVES - SIGE PLUS\4shared Desktop\down_all.htm] -> File not found

Download Link Using Mega Manager... -> D:\mm_file.htm [D:\mm_file.htm] -> [2006/04/05 19:06:12 | 000,001,453 | ---- | M] ()

E&xportar para o Microsoft Excel -> C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE [res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2009/12/13 11:35:18 | 009,158,656 | ---- | M] (Microsoft Corporation)

Google Sidewiki... -> C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [button: Seleção HP Smart] -> [2008/03/27 23:51:18 | 000,501,056 | ---- | M] (Hewlett-Packard Co.)

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->

CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> [Reg Error: Key error.] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1571 domain(s) found. ->

www.ead_sebrae.com.br [http] -> Trusted sites ->

www_webaula.com.br [*] -> Trusted sites ->

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->

{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Value error.] ->

{9EC30204-384D-11D3-9CA3-00A024F0AF03} [HKLM] -> https://cpne.bradesco.com.br/certifexp.cab [ValidaUsuario Class] ->

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [shockwave Flash Object] ->

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->

{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab [Windows Live Hotmail Photo Upload Tool] ->

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{C7406FA5-7351-496B-92E4-D557BAB81CAE}\\NameServer -> 192.168.1.1 (SiS 900-Based PCI Fast Ethernet Adapter) ->

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 12:14:04 | 001,556,480 | ---- | M] (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/12 00:04:04 | 000,107,864 | ---- | M] (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 21:21:20 | 000,247,128 | ---- | M] (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2008/03/26 02:25:20 | 000,237,568 | ---- | M] (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/03/20 09:36:38 | 003,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/03/13 09:34:26 | 000,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/03/20 09:36:40 | 000,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" -> C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe [C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->

"C:\Arquivos de programas\BitComet\BitComet.exe" -> C:\Arquivos de programas\BitComet\BitComet.exe [C:\Arquivos de programas\BitComet\BitComet.exe:*:Enabled:BitComet.exe] -> File not found

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 12:14:04 | 001,556,480 | ---- | M] (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/12 00:04:04 | 000,107,864 | ---- | M] (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 21:21:20 | 000,247,128 | ---- | M] (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2008/03/26 02:25:20 | 000,237,568 | ---- | M] (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/03/20 09:36:38 | 003,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/03/13 09:34:26 | 000,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/03/20 09:36:40 | 000,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" -> C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec] -> [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation)

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -> C:\Arquivos de programas\Mozilla Firefox\firefox.exe [C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2010/04/03 19:18:00 | 000,910,296 | ---- | M] (Mozilla Corporation)

"C:\Arquivos de programas\TinaSoft\Easy Cafe Client\client.exe" -> C:\Arquivos de programas\TinaSoft\Easy Cafe Client\client.exe [C:\Arquivos de programas\TinaSoft\Easy Cafe Client\client.exe:*:Enabled:client] -> [2003/04/14 17:37:48 | 000,451,072 | ---- | M] ()

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" -> C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe [C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)

"C:\Documents and Settings\B&J Cyber\temp\TeamViewer\Version4\TeamViewer.exe" -> C:\Documents and Settings\B&J Cyber\temp\TeamViewer\Version4\TeamViewer.exe [C:\Documents and Settings\B&J Cyber\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application] -> [2009/06/25 04:37:36 | 004,356,392 | ---- | M] (TeamViewer GmbH)

"D:\A-Download\Programas\TeamViewerPortable_pt\TeamViewer.exe" -> D:\A-Download\Programas\TeamViewerPortable_pt\TeamViewer.exe [D:\A-Download\Programas\TeamViewerPortable_pt\TeamViewer.exe:*:Enabled:Aplicação de controle remoto TeamViewer] -> [2009/06/25 09:58:08 | 004,369,192 | ---- | M] (TeamViewer GmbH)

"D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe" -> D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe [D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe:*:Enabled:EasyServer] -> [2003/04/14 18:20:34 | 002,593,280 | ---- | M] ()

"D:\eMule\emule.exe" -> D:\eMule\emule.exe [D:\eMule\emule.exe:*:Enabled:eMule] -> [2009/12/13 10:53:58 | 005,668,864 | ---- | M] (http://www.emule-project.net)

"D:\Ferramentas\TeamViewerPortable_pt\TeamViewer.exe" -> D:\Ferramentas\TeamViewerPortable_pt\TeamViewer.exe [D:\Ferramentas\TeamViewerPortable_pt\TeamViewer.exe:*:Enabled:Aplicação de controle remoto TeamViewer] -> File not found

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 ->

"DisplayName" -> Driver de CD-ROM ->

"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > -> ->

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/01/04 01:11:32 | 000,000,000 | ---- | M] ()

C:\autorun.inf [] -> C:\autorun.inf [ NTFS ] -> [2010/03/23 15:57:20 | 000,000,000 | RHSD | M]

D:\autorun.inf [] -> D:\autorun.inf [ FAT32 ] -> [2010/03/23 15:57:22 | 000,000,000 | RHSD | M]

E:\autorun.inf [] -> E:\autorun.inf [ FAT32 ] -> [2010/03/23 15:57:22 | 000,000,000 | ---D | M]

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

\{050c58ac-3c0b-11df-8065-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{050c58ac-3c0b-11df-8065-00016c066432}\Shell

\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\AutoRun\command

\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found

\{15ea0171-40e5-11df-807f-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}\Shell\AutoRun\command

\{15ea0171-40e5-11df-807f-00016c066432}\Shell\AutoRun\command\\"" -> E:\pozuda\malena.exe [E:\pozuda/malena.exe] -> File not found

\{15ea0171-40e5-11df-807f-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}\Shell\explore\command

\{15ea0171-40e5-11df-807f-00016c066432}\Shell\explore\command\\"" -> E:\pozuda\malena.exe [E:\pozuda/malena.exe] -> File not found

\{15ea0171-40e5-11df-807f-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}\Shell\open\command

\{15ea0171-40e5-11df-807f-00016c066432}\Shell\open\command\\"" -> E:\pozuda\malena.exe [E:\pozuda/malena.exe] -> File not found

\{1fc84806-3793-11df-805d-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84806-3793-11df-805d-00016c066432}\Shell

\{1fc84806-3793-11df-805d-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{1fc84807-3793-11df-805d-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84807-3793-11df-805d-00016c066432}\Shell\AutoRun\command

\{1fc84807-3793-11df-805d-00016c066432}\Shell\AutoRun\command\\"" -> E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe [E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe] -> File not found

\{1fc84807-3793-11df-805d-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84807-3793-11df-805d-00016c066432}\Shell\open\command

\{1fc84807-3793-11df-805d-00016c066432}\Shell\open\command\\"" -> E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe [E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe] -> File not found

\{222b8f48-7f9f-11de-8f70-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutOPLay\command

\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutOPLay\command\\"" -> E:\lmpx.exe [E:\lmpx.exe] -> File not found

\{222b8f48-7f9f-11de-8f70-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutoRun\command

\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutoRun\command\\"" -> E:\lmpx.exe [E:\lmpx.exe] -> File not found

\{222b8f48-7f9f-11de-8f70-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\expLORe\COmMand

\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\expLORe\COmMand\\"" -> E:\lmpx.exe [E:\lmpx.exe] -> File not found

\{222b8f48-7f9f-11de-8f70-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\opEn\command

\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\opEn\command\\"" -> E:\lmpx.exe [E:\lmpx.exe] -> File not found

\{3c93538f-4256-11df-8082-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c93538f-4256-11df-8082-00016c066432}\Shell

\{3c93538f-4256-11df-8082-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{3c935390-4256-11df-8082-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c935390-4256-11df-8082-00016c066432}\Shell

\{3c935390-4256-11df-8082-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{3c935391-4256-11df-8082-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c935391-4256-11df-8082-00016c066432}\shell\Open(&0)\command

\{3c935391-4256-11df-8082-00016c066432}\shell\Open(&0)\command\\"" -> [windrive.exe] -> File not found

\{3e4e0d22-a83b-11de-8fcd-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4e0d22-a83b-11de-8fcd-00016c066432}\Shell

\{3e4e0d22-a83b-11de-8fcd-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{53a9a3ca-a1f7-11de-8fbe-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\AutoRun\command

\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\AutoRun\command\\"" -> E:\DRIVER\\vozacka.exe [E:\DRIVER///vozacka.exe] -> File not found

\{53a9a3ca-a1f7-11de-8fbe-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\explore\command

\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\explore\command\\"" -> E:\DRIVER\vozacka.exe [E:\DRIVER//vozacka.exe] -> File not found

\{53a9a3ca-a1f7-11de-8fbe-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\open\command

\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\open\command\\"" -> E:\DRIVER\vozacka.exe [E:\DRIVER//vozacka.exe] -> File not found

\{54b4cebc-68a7-11de-8f1d-00016c0678f9}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\AutoRun\command

\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\AutoRun\command\\"" -> E:\ws.exe [E:\ws.exe] -> File not found

\{54b4cebc-68a7-11de-8f1d-00016c0678f9}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\open\Command

\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\open\Command\\"" -> E:\ws.exe [E:\ws.exe] -> File not found

\{550a36ad-a129-11de-8fbd-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550a36ad-a129-11de-8fbd-00016c066432}\Shell

\{550a36ad-a129-11de-8fbd-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{5baea245-9ed0-11de-8fb9-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\AutoRun\command

\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\AutoRun\command\\"" -> E:\QMLLBp.Exe [E:\QMLLBp.Exe] -> File not found

\{5baea245-9ed0-11de-8fb9-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\oPEN\ComManD

\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\oPEN\ComManD\\"" -> E:\qMLLbp.exe [E:\qMLLbp.exe] -> File not found

\{95679f72-249b-11df-bffc-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95679f72-249b-11df-bffc-00016c066432}\Shell

\{95679f72-249b-11df-bffc-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{9f09a9a4-4817-11df-809b-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\AutoRun\command

\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\AutoRun\command\\"" -> E:\ji83j.exe [E:\ji83j.exe] -> File not found

\{9f09a9a4-4817-11df-809b-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\open\Command

\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\open\Command\\"" -> E:\ji83j.exe [E:\ji83j.exe] -> File not found

\{bf8b3d94-44b3-11df-8092-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf8b3d94-44b3-11df-8092-00016c066432}\Shell

\{bf8b3d94-44b3-11df-8092-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{bf8b3d95-44b3-11df-8092-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf8b3d95-44b3-11df-8092-00016c066432}\Shell

\{bf8b3d95-44b3-11df-8092-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

\{cc6e0379-67fc-11de-8f1c-00016c0678f9}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc6e0379-67fc-11de-8f1c-00016c0678f9}\Shell

\{cc6e0379-67fc-11de-8f1c-00016c0678f9}\Shell\\"" -> [AutoRun] -> File not found

\{e65b7be4-6bff-11de-8f23-00016c0678f9}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\AutoRun\command

\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\AutoRun\command\\"" -> [p.exe] -> File not found

\{e65b7be4-6bff-11de-8f23-00016c0678f9}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\open\Command

\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\open\Command\\"" -> [p.exe] -> File not found

\{e7e1644c-335d-11df-8034-00016c066432}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7e1644c-335d-11df-8034-00016c066432}\Shell

\{e7e1644c-335d-11df-8034-00016c066432}\Shell\\"" -> [AutoRun] -> File not found

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->

comfile [open] -> "%1" %* ->

exefile [open] -> "%1" %* ->

< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.com [@ = ComFile] -> "%1" %* ->

.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]

< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->

{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Arquivos de programas\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2010/04/12 18:35:02 | 000,270,336 | ---- | M] (Sun Microsystems, Inc.)

{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Processamento de gráficos vetoriais (VML); IsInstalled: 01 00 00 00 [binary data]] -> File not found

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [stubPath] -> [ComponentID: NetShow; IsInstalled: 1] ->

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [stubPath] -> [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] ->

{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [stubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] ->

{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Ligação de dados de HTML dinâmico para Java; IsInstalled: 1] -> File not found

{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found

{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Cancelar inscrição; IsInstalled: 1] -> File not found

{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Criação avançada; IsInstalled: 1] -> File not found

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [stubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] ->

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [stubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] ->

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found

{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found

{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found

{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Classes DirectAnimation para Java; IsInstalled: 1] -> File not found

{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.8; IsInstalled: 1] -> File not found

{5945c046-1e7d-11d1-bc44-00c04fd912be} [stubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] ->

{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found

{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found

{6BF52A52-394A-11d3-B153-00C04F79FAA6} [stubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] ->

{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found

{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [stubPath] -> [(default): Pastas da Web; IsInstalled: 1] ->

{7790769C-0471-11d2-AF11-00C04FA35D02} [stubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Catálogo de endereços 6; IsInstalled: 1] ->

{80E0DA10-F4F6-34B3-8840-D5B5058DF8EF} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found

{89820200-ECBD-11cf-8B85-00AA005B4340} [stubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Atualização da área de trabalho do Windows; IsInstalled: 1] ->

{89820200-ECBD-11cf-8B85-00AA005B4383} [stubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] ->

{89B4C1CD-B018-4511-B0A1-5476DBF70820} [stubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] ->

{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found

{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found

{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found

{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Agendador de tarefas; IsInstalled: 1] -> File not found

{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00 [binary data]] -> File not found

{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [(default): Adobe Flash Player; IsInstalled: 01 00 00 00 [binary data]] -> [2010/01/26 21:58:36 | 003,981,080 | R--- | M] (Adobe Systems, Inc.)

{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found

{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00 [binary data]] -> File not found

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [stubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Atualização de Versão do Internet Explorer; IsInstalled: 1] ->

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [stubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] ->

>{26923b43-4d38-484f-9b9e-de460746276c} [stubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] ->

>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [stubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] ->

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [stubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Personalização do navegador; IsInstalled: 1] ->

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [stubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] ->

< ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found

< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->

AcroRd32.exe -> C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> [2010/04/04 02:57:52 | 000,349,616 | ---- | M] (Adobe Systems Incorporated)

bckgzm.exe -> C:\Arquivos de programas\MSN Gaming Zone\Windows\bckgzm.exe [C:\Arquivos de programas\MSN Gaming Zone\Windows\bckgzm.exe] -> [2001/10/28 15:06:10 | 000,042,577 | ---- | M] (Microsoft Corporation)

ccleaner.exe -> C:\Arquivos de programas\CCleaner\CCleaner.exe [C:\Arquivos de programas\CCleaner\ccleaner.exe] -> [2010/01/26 12:45:18 | 001,724,728 | ---- | M] (Piriform Ltd)

chkrzm.exe -> C:\Arquivos de programas\MSN Gaming Zone\Windows\chkrzm.exe [C:\Arquivos de programas\MSN Gaming Zone\Windows\chkrzm.exe] -> [2001/10/28 15:06:12 | 000,042,575 | ---- | M] (Microsoft Corporation)

chrome.exe -> C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe [C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe] -> [2010/03/28 00:13:16 | 000,530,416 | ---- | M] (Google Inc.)

combofix.exe -> D:\A-Download\Programas\ComboFix.exe [D:\A-Download\Programas\ComboFix.exe] -> [2010/03/19 22:05:30 | 003,895,220 | R--- | M] ()

CONF.EXE -> C:\Arquivos de programas\NetMeeting\conf.exe [C:\Arquivos de programas\NetMeeting\conf.exe] -> [2008/04/13 19:20:54 | 001,040,384 | ---- | M] (Microsoft Corporation)

dialer.exe -> C:\Arquivos de programas\Windows NT\dialer.exe [C:\Arquivos de programas\Windows NT\dialer.exe] -> [2008/04/13 19:20:56 | 000,545,280 | ---- | M] (Microsoft Corporation)

Dreamweaver.exe -> C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe [C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe] -> [2003/02/05 02:26:26 | 010,276,864 | ---- | M] (Macromedia, Inc.)

Excel.exe -> C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE [C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE] -> [2009/12/13 11:35:18 | 009,158,656 | ---- | M] (Microsoft Corporation)

Extension Manager.exe -> C:\Arquivos de programas\Macromedia\Extension Manager\Extension Manager.exe [C:\Arquivos de programas\Macromedia\Extension Manager\Extension Manager.exe] -> [2003/02/05 02:30:48 | 000,090,112 | ---- | M] (Macromedia Inc.)

firefox.exe -> C:\Arquivos de programas\Mozilla Firefox\firefox.exe [C:\Arquivos de programas\Mozilla Firefox\firefox.exe] -> [2010/04/03 19:18:00 | 000,910,296 | ---- | M] (Mozilla Corporation)

frontpg.exe -> C:\Arquivos de programas\Microsoft Office\Office10\FRONTPG.EXE [C:\ARQUIV~1\MICROS~2\Office10\FRONTPG.EXE] -> [2009/12/13 11:35:26 | 002,654,208 | ---- | M] (Microsoft Corporation)

HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [%Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008/04/13 19:21:02 | 000,769,024 | ---- | M] (Microsoft Corporation)

HijackThis.exe -> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis\hijackthis.exe] -> [2010/03/18 13:04:43 | 000,396,288 | ---- | M] (Trend Micro Inc.)

HpqPSApl.exe -> C:\Arquivos de programas\HP\Digital Imaging\bin\HpqPSApl.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\HpqPSApl.exe] -> [2008/03/20 09:36:40 | 000,080,288 | ---- | M] (Hewlett-Packard)

hpqpsapp.exe -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe] -> [2008/03/20 09:36:38 | 003,782,048 | ---- | M] (Hewlett-Packard Development Co. L.P.)

hpqpse.exe -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe [C:\Arquivos de programas\HP\Digital Imaging\Bin\hpqpse.exe] -> [2008/03/13 09:34:26 | 000,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)

hpqqpawp.exe -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqqpawp.exe [C:\Arquivos de programas\HP\Digital Imaging\Bin\hpqqpawp.exe] -> [2006/02/02 17:01:44 | 000,348,160 | ---- | M] (Hewlett-Packard Development Co. L.P.)

Hpqsudi.exe -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe [C:\Arquivos de programas\HP\Digital Imaging\Bin\hpqsudi.exe] -> [2008/03/20 09:36:40 | 000,135,168 | ---- | M] (Hewlett-Packard Development Co. L.P.)

hrtzzm.exe -> C:\Arquivos de programas\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Arquivos de programas\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2001/10/28 15:06:36 | 000,042,573 | ---- | M] (Microsoft Corporation)

hypertrm.exe -> C:\Arquivos de programas\Windows NT\hypertrm.exe ["C:\Arquivos de programas\Windows NT\hypertrm.exe"] -> [2001/10/28 15:06:36 | 000,028,160 | ---- | M] (Hilgraeve, Inc.)

ICWCONN1.EXE -> C:\Arquivos de programas\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Arquivos de programas\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008/04/13 19:21:02 | 000,217,600 | ---- | M] (Microsoft Corporation)

ICWCONN2.EXE -> C:\Arquivos de programas\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Arquivos de programas\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008/04/13 19:21:02 | 000,086,016 | ---- | M] (Microsoft Corporation)

INETWIZ.EXE -> C:\Arquivos de programas\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Arquivos de programas\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008/04/13 19:21:04 | 000,020,480 | ---- | M] (Microsoft Corporation)

install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found

ISIGNUP.EXE -> C:\Arquivos de programas\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Arquivos de programas\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2001/10/28 15:06:40 | 000,016,384 | ---- | M] (Microsoft Corporation)

javaws.exe -> C:\Arquivos de programas\Java\jre6\bin\javaws.exe [C:\Arquivos de programas\Java\jre6\bin\javaws.exe] -> [2010/04/19 13:49:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)

mbam.exe -> C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe] -> [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation)

migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008/04/13 19:21:08 | 000,250,368 | ---- | M] (Microsoft Corporation)

moviemk.exe -> C:\Arquivos de programas\Movie Maker\moviemk.exe [C:\Arquivos de programas\Movie Maker\moviemk.exe] -> [2008/04/13 19:21:10 | 003,558,912 | ---- | M] (Microsoft Corporation)

mplayer2.exe -> C:\Arquivos de programas\Windows Media Player\mplayer2.exe ["C:\Arquivos de programas\Windows Media Player\mplayer2.exe"] -> [2008/04/13 19:21:10 | 000,004,639 | ---- | M] (Microsoft Corporation)

MSACCESS.EXE -> C:\Arquivos de programas\Microsoft Office\Office10\MSACCESS.EXE [C:\ARQUIV~1\MICROS~2\Office10\MSACCESS.EXE] -> [2001/03/07 16:15:32 | 005,768,608 | R--- | M] (Microsoft Corporation)

MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2008/04/13 19:21:10 | 000,171,520 | ---- | M] (Microsoft Corporation)

msimn.exe -> C:\Arquivos de programas\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008/04/13 19:21:12 | 000,060,416 | ---- | M] (Microsoft Corporation)

msinfo32.exe -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo\msinfo32.exe [C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2001/10/28 15:07:02 | 000,040,448 | ---- | M] (Microsoft Corporation)

MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found

OUTLOOK.EXE -> C:\Arquivos de programas\Microsoft Office\Office10\OUTLOOK.EXE [C:\ARQUIV~1\MICROS~2\Office10\OUTLOOK.EXE] -> [2001/03/07 16:15:54 | 000,046,496 | R--- | M] (Microsoft Corporation)

pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009/12/17 04:41:40 | 000,345,600 | ---- | M] (Microsoft Corporation)

pinball.exe -> C:\Arquivos de programas\Windows NT\Pinball\pinball.exe [C:\Arquivos de programas\Windows NT\Pinball\pinball.exe] -> [2008/04/13 19:21:16 | 000,283,648 | ---- | M] (Cinematronics)

PowerPnt.exe -> C:\Arquivos de programas\Microsoft Office\Office10\POWERPNT.EXE [C:\ARQUIV~1\MICROS~2\Office10\POWERPNT.EXE] -> [2001/02/26 10:54:02 | 005,974,136 | R--- | M] (Microsoft Corporation)

revouninstaller.exe -> C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\revouninstaller.exe [C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\revouninstaller.exe] -> [2009/12/19 11:37:02 | 000,605,112 | ---- | M] (VS Revo Group)

rvsezm.exe -> C:\Arquivos de programas\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Arquivos de programas\MSN Gaming Zone\Windows\rvsezm.exe] -> [2001/10/28 15:07:24 | 000,042,574 | ---- | M] (Microsoft Corporation)

setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found

shvlzm.exe -> C:\Arquivos de programas\MSN Gaming Zone\Windows\shvlzm.exe [C:\Arquivos de programas\MSN Gaming Zone\Windows\shvlzm.exe] -> [2001/10/28 15:07:26 | 000,042,573 | ---- | M] (Microsoft Corporation)

Simulado.exe -> C:\Arquivos de programas\Tecnodata\Simulado\Simulado.exe [C:\Arquivos de programas\Tecnodata\Simulado\Simulado.exe] -> [2000/05/03 17:45:52 | 003,661,824 | ---- | M] (Vixen)

table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found

UltraDev.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found

wab.exe -> C:\Arquivos de programas\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008/04/13 19:21:24 | 000,046,080 | ---- | M] (Microsoft Corporation)

wabmig.exe -> C:\Arquivos de programas\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008/04/13 19:21:24 | 000,030,208 | ---- | M] (Microsoft Corporation)

winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found

WinRAR.exe -> C:\Arquivos de programas\WinRAR\WinRAR.exe [C:\Arquivos de programas\WinRAR\WinRAR.exe] -> [2010/03/15 11:26:37 | 001,039,360 | ---- | M] ()

wmplayer.exe -> C:\Arquivos de programas\Windows Media Player\wmplayer.exe [C:\Arquivos de programas\Windows Media Player\wmplayer.exe] -> [2006/05/17 21:15:24 | 000,062,976 | ---- | M] (Microsoft Corporation)

< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->

"{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Arquivos de programas\Microsoft Office\Office10\OLKFSTUB.DLL [Microsoft Outlook Custom Icon Handler] -> [2001/03/14 15:03:28 | 000,054,704 | ---- | M] (Microsoft Corporation)

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Arquivos de programas\Arquivos comuns\System\Ole DB\oledb32.dll [Vinculação de dados Microsoft] -> [2008/04/13 19:20:38 | 000,487,424 | ---- | M] (Microsoft Corporation)

"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Arquivos de programas\Outlook Express\wabfind.dll [&Pessoas...] -> [2008/04/13 19:20:42 | 000,032,768 | ---- | M] (Microsoft Corporation)

"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Arquivos de programas\Microsoft Office\Office10\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> [2001/02/13 08:59:14 | 000,079,264 | ---- | M] (Microsoft Corporation)

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> [Extensão do 'Painel de controle' para panorâmica de vídeo] -> File not found

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> Reg Error: Value error. [shell Extension for Malware scanning] -> File not found

"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Extensões do shell para compactação de arquivos] -> File not found

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Menu de contexto de criptografia] -> File not found

"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Extensão de ícone do HyperTerminal] -> [2001/10/28 15:06:36 | 000,044,544 | ---- | M] (Hilgraeve, Inc.)

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] -> C:\Arquivos de programas\WinRAR\RarExt.dll [WinRAR shell extension] -> [2010/03/15 11:28:22 | 000,141,824 | ---- | M] ()

"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" [HKLM] -> Reg Error: Key error. [Microsoft Browser Architecture] -> File not found

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\MSONSEXT.DLL [Pastas da Web] -> [2001/02/15 04:45:52 | 001,318,912 | ---- | M] (Microsoft Corporation)

"{EBDF1F20-C829-11D1-8233-0020AF3E97A9}" [HKLM] -> Reg Error: Key error. [4shared_Desktop] -> File not found

"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" [HKLM] -> Reg Error: Key error. [iE User Assist] -> File not found

< Approved Shell Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ ->

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\MSONSEXT.DLL [Pastas da Web] -> [2001/02/15 04:45:52 | 001,318,912 | ---- | M] (Microsoft Corporation)

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->

0 -> [Key] ->

0 -> FriendlyName = Minha página inicial atual ->

0 -> Source = About:Home ->

0 -> SubscribedURL = About:Home ->

< Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General ->

WallPaper -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Microsoft\Internet Explorer\internet explorer wallpaper.bmp ->

BackupWallPaper -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Microsoft\Internet Explorer\internet explorer wallpaper.bmp ->

< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->

C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk -> C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe -> [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)

< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->

BitComet hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Arquivos de programas\BitComet\BitComet.exe -> File not found

Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe -> [2010/04/05 14:03:06 | 000,136,176 | ---- | M] (Google Inc.)

< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->

"bootini" -> 0 ->

"services" -> 0 ->

"startup" -> 2 ->

"system.ini" -> 0 ->

"win.ini" -> 0 ->

< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->

"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 19:21:26 | 000,199,680 | ---- | M] (Intel Corporation)

"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 19:18:46 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)

"msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009/07/26 16:44:56 | 000,048,448 | ---- | M] (Microsoft Corporation)

"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:19:38 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)

"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2001/10/28 15:07:34 | 000,008,192 | ---- | M] (DSP GROUP, INC.)

"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 19:20:30 | 000,080,384 | ---- | M] (Radius Inc.)

"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001/10/28 15:06:38 | 000,199,168 | ---- | M] ()

"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2001/10/28 15:06:38 | 000,199,168 | ---- | M] ()

"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:21:26 | 000,848,384 | ---- | M] (Intel Corporation)

"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 19:20:30 | 000,755,200 | ---- | M] (Intel Corporation)

"VIDC.MP42" -> C:\WINDOWS\System32\MPG4C32.DLL [mpg4c32.dll] -> [2000/06/02 14:48:46 | 000,427,520 | ---- | M] (Microsoft Corporation)

"VIDC.MPG4" -> C:\WINDOWS\System32\MPG4C32.DLL [mpg4c32.dll] -> [2000/06/02 14:48:46 | 000,427,520 | ---- | M] (Microsoft Corporation)

< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->

{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Arquivos de programas\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)

{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/04/19 13:49:46 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKCU] -> C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,108,320 | ---- | M] ()

{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Arquivos de programas\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Ferramenta de Carregamento do Windows Live] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M] (Microsoft Corporation)

{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010/04/03 20:22:06 | 000,660,912 | ---- | M] (Adobe Systems, Inc.)

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKCU] -> C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,108,320 | ---- | M] ()

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} [HKCU] -> C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,108,320 | ---- | M] ()

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKCU] -> C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,108,320 | ---- | M] ()

{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/19 13:49:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)

{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/19 13:49:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Controle de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)

{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [shockwave Flash Object] -> [2010/01/26 21:58:36 | 003,981,080 | R--- | M] (Adobe Systems, Inc.)

{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Arquivos de programas\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Arquivos de programas\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)

{F9152AEC-3462-4632-8087-EEE3C3CDDA24} [HKLM] -> C:\Arquivos de programas\Google\Google Earth\plugin\ie\5.2.0.5920\plugin_ax.dll [GEPluginCoClass Object] -> [2010/04/02 08:29:32 | 005,102,064 | ---- | M] (Google)

{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKLM] -> C:\Arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/04/05 12:49:04 | 000,220,656 | ---- | M] (Google Inc.)

{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKCU] -> C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/04/05 14:03:06 | 000,220,656 | ---- | M] (Google Inc.)

< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->

{0329E7D6-6F54-462D-93F6-F5C3118BADF2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2008/03/27 23:51:18 | 000,322,880 | ---- | M] (Hewlett-Packard Co.)

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Facilitador de Leitor de Link Adobe PDF] -> [2010/04/03 20:36:48 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/04/03 20:36:42 | 000,075,200 | ---- | M] (Adobe Systems Incorporated)

{22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{38212B94-1B42-433B-8B47-D89F99E1B166} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)

{9EC30204-384D-11D3-9CA3-00A024F0AF03} [HKLM] -> C:\WINDOWS\system32\Logof.dll [ValidaUsuario Class] -> [2009/09/10 16:38:44 | 000,552,960 | ---- | M] (Scopus Tecnologia Ltda)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{BF00E119-21A3-4FD1-B178-3B8537E75C92} [HKLM] -> D:\MegaIEMn.dll [ieMonitorBho Class] -> [2009/12/01 16:49:14 | 000,108,544 | ---- | M] (Megaupload Limited)

{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Arquivos de programas\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Ferramenta de Carregamento do Windows Live] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M] (Microsoft Corporation)

{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [shockwave Flash Object] -> [2010/01/26 21:58:36 | 003,981,080 | R--- | M] (Adobe Systems, Inc.)

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll [Windows Live Hotmail Photo Upload Tool] -> [2009/08/19 11:55:44 | 000,829,288 | ---- | M] ()

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{F81D52BF-F2F1-4F49-BF5F-05664E803039} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FF7C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/03/27 23:51:18 | 000,501,056 | ---- | M] (Hewlett-Packard Co.)

< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{0329E7D6-6F54-462D-93F6-F5C3118BADF2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2008/03/27 23:51:18 | 000,322,880 | ---- | M] (Hewlett-Packard Co.)

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Facilitador de Leitor de Link Adobe PDF] -> [2010/04/03 20:36:48 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found

{11CE9B1D-5936-D951-124F-A86661DB38E1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/04/03 20:36:42 | 000,075,200 | ---- | M] (Adobe Systems Incorporated)

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 19:26:35 | 000,128,512 | ---- | M] (Microsoft Corporation)

{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{38212B94-1B42-433B-8B47-D89F99E1B166} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{38481807-CA0E-42D2-BF39-B33AF135CC4D} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Smart Tag\IETAG.DLL [iETag Factory] -> [2001/02/13 07:21:26 | 000,103,840 | ---- | M] (Microsoft Corporation)

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{3F888695-9B41-4B29-9F44-6B560E464A16} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{43CF38F3-5AEC-45A3-AD31-04EB06E9C6CA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/04/19 13:49:46 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)

{594FACEB-1595-43A6-AAEF-CC383662D31A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{6EF05952-B48D-4944-AA91-57A6A1A48EF8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\WINDOWS\system32\msnetobj.dll [Windows Media Services DRM Storage object] -> [2006/05/09 21:26:34 | 000,212,480 | ---- | M] (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Arquivos de programas\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKCU] -> C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_20] -> [2010/04/19 13:49:46 | 000,108,320 | ---- | M] ()

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)

{9E30754B-29A9-41CE-8892-70E9E07D15DC} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\MSInfo\OFFPRV10.EXE [OfficeObj10 Class] -> [2000/10/23 17:45:00 | 000,065,536 | ---- | M] (Microsoft Corporation)

{9EC30204-384D-11D3-9CA3-00A024F0AF03} [HKLM] -> C:\WINDOWS\system32\Logof.dll [ValidaUsuario Class] -> [2009/09/10 16:38:44 | 000,552,960 | ---- | M] (Scopus Tecnologia Ltda)

{A8DC7D60-AD8F-491E-9A84-8FF901E7556E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{B801CA65-A1FC-11D0-85AD-444553540000} [HKLM] -> C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe [Adobe Acrobat Document] -> [2010/04/04 02:57:52 | 000,349,616 | ---- | M] (Adobe Systems Incorporated)

{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:20:34 | 000,143,360 | ---- | M] (Microsoft Corporation)

{BF00E119-21A3-4FD1-B178-3B8537E75C92} [HKLM] -> D:\MegaIEMn.dll [ieMonitorBho Class] -> [2009/12/01 16:49:14 | 000,108,544 | ---- | M] (Megaupload Limited)

{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Arquivos de programas\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Ferramenta de Carregamento do Windows Live] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M] (Microsoft Corporation)

{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010/04/03 20:22:06 | 000,660,912 | ---- | M] (Adobe Systems, Inc.)

{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/19 13:49:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)

{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Controle de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)

{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [shockwave Flash Object] -> [2010/01/26 21:58:36 | 003,981,080 | R--- | M] (Adobe Systems, Inc.)

{DDE87865-83C5-48C4-8357-2F5B1AA84522} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> [2008/03/27 23:51:18 | 000,501,056 | ---- | M] (Hewlett-Packard Co.)

{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Arquivos de programas\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)

{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll [Windows Live Hotmail Photo Upload Tool] -> [2009/08/19 11:55:44 | 000,829,288 | ---- | M] ()

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{F81D52BF-F2F1-4F49-BF5F-05664E803039} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FEC76531-D69B-448D-840F-AD7865DD9F7B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKLM] -> C:\Arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/04/05 12:49:04 | 000,220,656 | ---- | M] (Google Inc.)

{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKCU] -> C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/04/05 14:03:06 | 000,220,656 | ---- | M] (Google Inc.)

{FF6C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FF7C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/03/27 23:51:18 | 000,501,056 | ---- | M] (Hewlett-Packard Co.)

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.bat [@ = batfile] -> "%1" %* ->

.cmd [@ = cmdfile] -> "%1" %* ->

.com [@ = ComFile] -> "%1" %* ->

.exe [@ = exefile] -> "%1" %* ->

.pif [@ = piffile] -> "%1" %* ->

.scr [@ = scrfile] -> "%1" /S ->

< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ ->

.html [@ = htmlfile] -> Reg Error: Key error. -> File not found

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->

*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->

6to4 -> -> File not found

Ias -> C:\WINDOWS\system32\ias -> [2008/01/04 01:11:00 | 000,000,000 | ---D | M]

Iprip -> -> File not found

Irmon -> -> File not found

NWCWorkstation -> -> File not found

Nwsapagent -> -> File not found

WmdmPmSp -> -> File not found

*MultiFile Done* -> ->

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> [2001/01/22 03:25:24 | 000,872,448 | ---- | M] (Microsoft Corporation)

ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2001/02/12 02:25:24 | 001,187,840 | ---- | M] (Microsoft Corporation)

msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2001/02/12 02:25:24 | 001,187,840 | ---- | M] (Microsoft Corporation)

msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2001/02/12 02:25:24 | 001,187,840 | ---- | M] (Microsoft Corporation)

mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2001/02/24 02:36:24 | 007,436,272 | ---- | M] (Microsoft Corporation)

< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->

{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers

{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive

{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive

{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller

{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc

{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard

{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse

{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters

{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter

{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System

{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive

{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy

{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume

{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices

Base -> Driver Group

Boot Bus Extender -> Driver Group

Boot file system -> Driver Group

File system -> Driver Group

Filter -> Driver Group

PCI Configuration -> Driver Group

PNP Filter -> Driver Group

Primary disk -> Driver Group

SCSI Class -> Driver Group

System Bus Extender -> Driver Group

vds -> Service

vga.sys -> Driver

< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->

{1a3e09be-1e45-494b-9174-d7385b45bbf5} -> Reg Error: Value error.

{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers

{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive

{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive

{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller

{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc

{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard

{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse

{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net

{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient

{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService

{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans

{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters

{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter

{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System

{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive

{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume

{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices

Base -> Driver Group

Boot Bus Extender -> Driver Group

Boot file system -> Driver Group

File system -> Driver Group

Filter -> Driver Group

NDIS Wrapper -> Driver Group

NetBIOSGroup -> Driver Group

NetDDEGroup -> Driver Group

Network -> Driver Group

NetworkProvider -> Driver Group

PCI Configuration -> Driver Group

PNP Filter -> Driver Group

PNP_TDI -> Driver Group

Primary disk -> Driver Group

SCSI Class -> Driver Group

Streams Drivers -> Driver Group

System Bus Extender -> Driver Group

TDI -> Driver Group

vga.sys -> Driver

< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\\"FirstRunDisabled" -> [1] -> File not found

\\"AntiVirusOverride" -> [0] -> File not found

\\"FirewallOverride" -> [0] -> File not found

\\"FirewallDisableNotify" -> [0] -> File not found

\\"AntiVirusDisableNotify" -> [0] -> File not found

\\"UpdatesDisableNotify" -> [1] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

\\"EnableFirewall" -> [1] -> File not found

\\"DoNotAllowExceptions" -> [0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->

< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->

"ExcludeFromKnownDlls" -> [binary data] ->

*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->

\Windows -> \Windows -> [2010/04/19 18:22:06 | 000,000,000 | ---D | M]

\RPC Control -> -> File not found

*MultiFile Done* -> ->

< Session Manager AppCertDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls ->

< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->

"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/13 19:20:54 | 000,400,896 | ---- | M] (Microsoft Corporation)

"TEMP" -> C:\WINDOWS\temp -> [2010/04/20 13:07:15 | 000,000,000 | ---D | M]

"TMP" -> C:\WINDOWS\temp -> [2010/04/20 13:07:15 | 000,000,000 | ---D | M]

"windir" -> C:\WINDOWS -> [2010/04/19 18:22:06 | 000,000,000 | ---D | M]

*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->

%SystemRoot%\system32 -> C:\WINDOWS\system32 -> [2010/04/19 19:57:37 | 000,000,000 | ---D | M]

%SystemRoot% -> C:\WINDOWS -> [2010/04/19 18:22:06 | 000,000,000 | ---D | M]

%SystemRoot%\system32\wbem -> C:\WINDOWS\system32\wbem -> [2009/06/24 18:55:37 | 000,000,000 | ---D | M]

C:\Arquivos de programas\Samsung\Samsung PC Studio 3 -> -> File not found

*MultiFile Done* -> ->

*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->

.COM -> -> File not found

.EXE -> -> File not found

.BAT -> -> File not found

.CMD -> -> File not found

.VBS -> -> File not found

.VBE -> -> File not found

.JS -> -> File not found

.JSE -> -> File not found

.WSF -> -> File not found

.WSH -> -> File not found

*MultiFile Done* -> ->

< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations ->

< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls ->

"advapi32" -> C:\WINDOWS\System32\advapi32.dll -> [2008/04/13 19:20:24 | 000,683,520 | ---- | M] (Microsoft Corporation)

"comdlg32" -> C:\WINDOWS\System32\comdlg32.dll -> [2008/04/13 19:20:26 | 000,275,968 | ---- | M] (Microsoft Corporation)

"DllDirectory" -> C:\WINDOWS\system32 -> [2010/04/19 19:57:37 | 000,000,000 | ---D | M]

"gdi32" -> C:\WINDOWS\System32\gdi32.dll -> [2008/10/23 09:37:45 | 000,286,720 | ---- | M] (Microsoft Corporation)

"imagehlp" -> C:\WINDOWS\System32\imagehlp.dll -> [2008/04/13 19:20:30 | 000,144,384 | ---- | M] (Microsoft Corporation)

"kernel32" -> C:\WINDOWS\System32\kernel32.dll -> [2008/04/13 19:20:30 | 001,028,608 | ---- | M] (Microsoft Corporation)

"lz32" -> C:\WINDOWS\System32\lz32.dll -> [2001/10/28 15:06:56 | 000,002,560 | ---- | M] (Microsoft Corporation)

"ole32" -> C:\WINDOWS\System32\ole32.dll -> [2008/04/13 19:20:38 | 001,287,168 | ---- | M] (Microsoft Corporation)

"oleaut32" -> C:\WINDOWS\System32\oleaut32.dll -> [2008/04/13 19:20:38 | 000,551,936 | ---- | M] (Microsoft Corporation)

"olecli32" -> C:\WINDOWS\System32\olecli32.dll -> [2008/04/13 19:20:38 | 000,075,264 | ---- | M] (Microsoft Corporation)

"olecnv32" -> C:\WINDOWS\System32\olecnv32.dll -> [2008/04/13 19:20:38 | 000,037,376 | ---- | M] (Microsoft Corporation)

"olesvr32" -> C:\WINDOWS\System32\olesvr32.dll -> [2001/10/28 15:07:16 | 000,022,016 | ---- | M] (Microsoft Corporation)

"olethk32" -> C:\WINDOWS\System32\olethk32.dll -> [2001/10/28 15:07:16 | 000,069,120 | ---- | M] (Microsoft Corporation)

"rpcrt4" -> C:\WINDOWS\System32\rpcrt4.dll -> [2009/04/15 11:53:54 | 000,585,216 | ---- | M] (Microsoft Corporation)

"shell32" -> C:\WINDOWS\System32\shell32.dll -> [2008/06/17 16:02:01 | 008,491,008 | ---- | M] (Microsoft Corporation)

"url" -> C:\WINDOWS\System32\url.dll -> [2009/03/08 04:34:28 | 000,105,984 | ---- | M] (Microsoft Corporation)

"urlmon" -> C:\WINDOWS\System32\urlmon.dll -> [2009/12/21 16:08:00 | 001,208,832 | ---- | M] (Microsoft Corporation)

"user32" -> C:\WINDOWS\System32\user32.dll -> [2008/04/13 19:20:42 | 000,579,072 | ---- | M] (Microsoft Corporation)

"version" -> C:\WINDOWS\System32\version.dll -> [2008/04/13 19:20:42 | 000,018,944 | ---- | M] (Microsoft Corporation)

"wininet" -> C:\WINDOWS\System32\wininet.dll -> [2009/12/21 16:08:00 | 000,916,480 | ---- | M] (Microsoft Corporation)

"wldap32" -> C:\WINDOWS\System32\wldap32.dll -> [2008/04/13 19:20:44 | 000,172,544 | ---- | M] (Microsoft Corporation)

< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC ->

"CommonFilesDir" -> C:\Arquivos de programas\Arquivos comuns -> [2010/04/09 11:04:16 | 000,000,000 | ---D | M]

"ProgramFilesDir" -> C:\Arquivos de programas -> [2010/04/19 18:10:26 | 000,000,000 | ---D | M]

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->

batfile [open] -> "%1" %* ->

cmdfile [open] -> "%1" %* ->

comfile [open] -> "%1" %* ->

exefile [open] -> "%1" %* ->

htmlfile [edit] -> "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" %1 -> [2001/02/13 08:59:26 | 000,066,976 | ---- | M] (Microsoft Corporation)

htmlfile [print] -> "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" /p %1 -> [2001/02/13 08:59:26 | 000,066,976 | ---- | M] (Microsoft Corporation)

piffile [open] -> "%1" %* ->

scrfile [config] -> "%1" ->

scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:21:26 | 000,137,216 | ---- | M] (Microsoft Corporation)

scrfile [open] -> "%1" /S ->

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->

Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->

{0289B35E-DC07-4c7a-9710-BBD686EA4B7D} -> Status

{08C0729E-3E50-11DF-9D81-005056806466} -> Google Earth

{09633A5E-3089-41A8-9FF1-382171423C5D} -> PSSWCORE

{1185566F-12ED-3EF0-89CC-38866DCE1EEE} -> Microsoft .NET Framework 3.0 Client Service Pack 2

{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Ferramenta de Carregamento do Windows Live

{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT

{22F761D1-8063-4170-ADF7-2D2F47834CA9} -> VideoToolkit01

{2695AE49-2FA7-3D48-BD77-23439E688F63} -> Microsoft .NET Framework 3.5 Client Profile - Language Pack (PTB)

{26A24AE4-039D-4CA4-87B4-2F83216020FF} -> Java 6 Update 20

{27197499-7680-4208-8FD8-5439CDB0FDC1} -> HPProductAssistant

{32BC546A-8AA3-4239-AE92-9CF3291C35A6} -> Windows Live Call

{350C9416-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP

{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform

{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2} -> Mega Manager

{41BB38A4-ED84-4682-8329-042FEBD8C30B} -> Mega Manager

{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater

{4A3D0CF8-60FF-4CEF-91A4-A1F001424602} -> DocProc

{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48} -> Assistente de Conexão do Windows Live

{593A6CAF-E114-4e31-884F-74FF349E8E36} -> SolutionCenter

{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751} -> DJ_AIO_03_F4200_Software

{6365C963-4B72-43F8-8392-2A5441EC2A86} -> DJ_AIO_03_F4200_ProductContext

{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder

{80E0DA10-F4F6-34B3-8840-D5B5058DF8EF} -> Microsoft .NET Framework 2.0 Client Service Pack 2 - Language Pack (PTB)

{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable

{87E2B986-07E8-477a-93DC-AF0B6758B192} -> DocProcQFolder

{8B4AB829-DFD3-436D-B808-D9733D76C590} -> Macromedia Dreamweaver MX

{90280416-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional com FrontPage

{923DED41-1143-11D4-B133-0000B434DE24} -> Simulado

{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting

{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03} -> TrayApp

{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI

{A5BA14E0-7384-11D4-BAE7-00409631A2C8} -> Macromedia Extension Manager

{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper

{AA2E8A46-B45E-4aea-8A23-88AB57D04523} -> WebReg

{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder

{AC76BA86-7AD7-1046-7B44-A93000000001} -> Adobe Reader 9.3.2 - Português

{B5ED7AB0-3838-4389-8549-7C8E22DD48F4} -> Windows Live Messenger

{B61A79BE-E94C-42C0-921D-8B7E5217069C} -> F4200

{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1 -> CoolSMS 2.05 beta

{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8} -> DJ_AIO_03_F4200_Software_Min

{BF08AB1C-3357-4f20-A200-8EBB8EF27C59} -> BufferChm

{C3B6AEB1-390C-4792-8677-CD87F8B2C959} -> HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3

{C645AAA5-DA3D-3CDB-82BA-ABC1D078676A} -> Microsoft .NET Framework 3.0 Client Profile - Language Pack (PTB)

{C89B5E3A-690F-4CEE-909A-BF869E198B0A} -> Scan

{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440} -> Microsoft .NET Framework 2.0 Client Service Pack 2

{CC0E1AE3-091D-4969-B151-7AC142062C28} -> SmartWebPrinting

{D16B4BE6-8B10-422f-8034-96D1CA9483B5} -> GPBaseService

{D617A4DC-C915-3F25-BE43-57E5FD99B441} -> Microsoft .NET Framework 3.5 Client Service Pack 1

{D74CFE48-087F-46E1-80E6-E2950E1A8DCE} -> HP Photosmart Essential 2.5

{DC226AC9-0314-496C-BE6A-B6A132628466} -> SiSAGP driver

{E133E97F-5186-4503-BEC8-752EB9E8EBD7} -> Copy

{E535C94A-B87F-4182-BEA8-1E9322078D3E} -> Cards_Calendar_OrderGift_DoMorePlugout

{E96B0085-6659-486b-A221-5042A042728D} -> Toolbox

{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A} -> Samsung PC Studio 3 USB Driver Installer

{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65} -> DeviceDiscovery

{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96} -> Destination Component

{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard

{F2CD4651-F948-467C-B014-71FD981B7F59} -> Windows Live Essentials

{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB} -> 32 Bit HP CIO Components Installer

{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D} -> F4200_Help

{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio

6194C28A8F62DD817EA1B918E6E46E806A21B452 -> Pacote de Driver do Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

65B6FE5418CE28F4D72543FB2D964C3CEC83F161 -> Pacote de Driver do Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin

a-squared Free_is1 -> a-squared Free 4.5

CCleaner -> CCleaner

ClamWin Free Antivirus_is1 -> ClamWin Free Antivirus 0.95.3

EasyCafe Server 2.2 (Firewall Edition) -> EasyCafe Server 2.2 (Firewall Edition)

HijackThis -> HijackThis 2.0.2

HP Imaging Device Functions -> HP Imaging Device Functions 11.0

HP Photosmart Essential -> HP Photosmart Essential 3.0

HP Solution Center & Imaging Support Tools -> HP Solution Center 11.0

HPOCR -> OCR Software by I.R.I.S. 11.0

IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs

ie7 -> Windows Internet Explorer 7

ie8 -> Windows Internet Explorer 8

Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware

Microsoft.Net.Client.3.5 -> Microsoft .NET Framework Client Profile

Microsoft.Net.Client.3.5.LangPack.ptb -> Pacote de Idiomas do Microsoft .NET Framework Client Profile - PTB

Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)

NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs

Revo Uninstaller -> Revo Uninstaller 1.85

SAMSUNG Mobile Composite Device -> SAMSUNG Mobile Composite Device Software

SAMSUNG Mobile Modem -> SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver -> Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem -> SAMSUNG Mobile USB Modem Software

SAMSUNG Mobile USB Modem 1.0 -> SAMSUNG Mobile USB Modem 1.0 Software

SiS VGA Driver -> SiS VGA Utilities

Windows Media Format Runtime -> Windows Media Format 11 runtime

Windows Media Player -> Windows Media Player 11

Windows XP Service Pack -> Windows XP Service Pack 3

WinLiveSuite_Wave3 -> Windows Live Essentials

WinRAR archiver -> Compressor WinRAR

WMFDist11 -> Windows Media Format 11 runtime

wmp11 -> Windows Media Player 11

Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->

Google Chrome -> Google Chrome

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description

Application [ Error ] 09/04/2010 04:11:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 09/04/2010 04:57:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 09/04/2010 05:11:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 09/04/2010 05:57:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 09/04/2010 06:11:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 09/04/2010 06:57:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 09/04/2010 10:32:14 Computer Name = SERVIDOR400 | Source = MsiInstaller | ID = 11705 -> Description = Produto: HP Update -- Erro 1705. Uma instalação anterior deste produto está em andamento. Você deve desfazer as alterações feitas por essa instalação para continuar. Deseja desfazer essas alterações?

Application [ Error ] 16/04/2010 07:57:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 16/04/2010 08:11:14 Computer Name = SERVIDOR400 | Source = Google Update | ID = 20 -> Description =

Application [ Error ] 19/04/2010 17:11:03 Computer Name = SERVIDOR400 | Source = MsiInstaller | ID = 11904 -> Description = Produto: SolutionCenter -- Error 1904. Módulo C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx falhou ao registrar. HRESULT -2147220473. Entre em contato com a equipe de suporte.

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

[Files/Folders - Created Within 14 Days]

HP Product Assistant -> C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant -> [2010/04/19 18:10:47 | 000,000,000 | ---D | C]

HP -> C:\Arquivos de programas\Arquivos comuns\HP -> [2010/04/19 18:10:28 | 000,000,000 | ---D | C]

Hewlett-Packard -> C:\Arquivos de programas\Hewlett-Packard -> [2010/04/19 18:10:26 | 000,000,000 | ---D | C]

Java -> C:\Arquivos de programas\Java -> [2010/04/19 13:49:43 | 000,000,000 | ---D | C]

Microsoft -> C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft -> [2010/04/19 13:07:01 | 000,000,000 | ---D | M]

My Downloads -> C:\Documents and Settings\B&J Cyber\Meus documentos\My Downloads -> [2010/04/18 13:29:33 | 000,000,000 | ---D | C]

Megaupload -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Megaupload -> [2010/04/18 12:43:43 | 000,000,000 | ---D | C]

Help -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Help -> [2010/04/17 16:09:46 | 000,000,000 | ---D | C]

Help -> C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Help -> [2010/04/17 16:09:46 | 000,000,000 | ---D | C]

a-squared Free -> C:\Documents and Settings\B&J Cyber\Meus documentos\a-squared Free -> [2010/04/17 09:17:38 | 000,000,000 | ---D | C]

FixPolicies -> C:\Documents and Settings\B&J Cyber\Desktop\FixPolicies -> [2010/04/15 09:51:21 | 000,000,000 | ---D | C]

OTS.exe -> C:\Documents and Settings\B&J Cyber\Desktop\OTS.exe -> [2010/04/11 22:38:49 | 000,638,464 | ---- | C] (OldTimer Tools)

ToolBar SD -> C:\ToolBar SD -> [2010/04/09 22:44:50 | 000,000,000 | ---D | C]

GenProc -> C:\GenProc -> [2010/04/09 11:42:27 | 000,000,000 | ---D | C]

TuneUp Software -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\TuneUp Software -> [2010/04/08 22:56:15 | 000,000,000 | ---D | C]

TuneUp Software -> C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software -> [2010/04/08 22:55:47 | 000,000,000 | ---D | C]

{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} -> C:\Documents and Settings\All Users\Dados de aplicativos\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} -> [2010/04/08 18:28:38 | 000,000,000 | -HSD | C]

Recent -> C:\Documents and Settings\B&J Cyber\Recent -> [2010/04/08 17:00:21 | 000,000,000 | RH-D | C]

Microsoft -> C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft -> [2010/03/31 16:56:43 | 000,000,000 | ---D | M]

Microsoft -> C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft -> [2010/03/31 16:56:42 | 000,000,000 | --SD | M]

Microsoft -> C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft -> [2010/03/31 16:56:42 | 000,000,000 | --SD | M]

Hagel Technologies -> C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Hagel Technologies -> [2010/01/12 20:37:09 | 000,000,000 | ---D | M]

Google -> C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google -> [2009/09/08 11:39:04 | 000,000,000 | ---D | M]

Google -> C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google -> [2009/09/08 11:24:28 | 000,000,000 | ---D | M]

TeamViewer -> C:\Documents and Settings\LocalService\Dados de aplicativos\TeamViewer -> [2009/07/02 09:47:13 | 000,000,000 | ---D | M]

Adobe -> C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe -> [2009/05/13 12:22:52 | 000,000,000 | ---D | M]

implode.dll -> C:\WINDOWS\System32\implode.dll -> [2008/01/05 11:23:13 | 000,018,944 | ---- | C] ( )

[Files/Folders - Modified Within 14 Days]

GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-725345543-1003UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-725345543-1003UA.job -> [2010/04/20 13:08:00 | 000,001,160 | ---- | M] ()

GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/04/20 13:07:09 | 000,001,044 | ---- | M] ()

SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/20 13:06:51 | 000,000,006 | -H-- | M] ()

bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/20 13:06:48 | 000,002,048 | --S- | M] ()

ntuser.dat -> C:\Documents and Settings\B&J Cyber\ntuser.dat -> [2010/04/20 13:05:57 | 008,912,896 | ---- | M] ()

ntuser.ini -> C:\Documents and Settings\B&J Cyber\ntuser.ini -> [2010/04/20 13:05:55 | 000,000,330 | -HS- | M] ()

IconCache.db -> C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\IconCache.db -> [2010/04/20 13:05:31 | 010,168,526 | -H-- | M] ()

GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/04/20 12:54:00 | 000,001,048 | ---- | M] ()

User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job -> [2010/04/20 12:15:06 | 000,000,462 | -H-- | M] ()

win.ini -> C:\WINDOWS\win.ini -> [2010/04/20 10:30:03 | 000,000,784 | ---- | M] ()

system.ini -> C:\WINDOWS\system.ini -> [2010/04/20 10:30:03 | 000,000,379 | ---- | M] ()

boot.ini -> C:\boot.ini -> [2010/04/20 10:30:03 | 000,000,281 | RHS- | M] ()

PDOXUSRS.NET -> C:\PDOXUSRS.NET -> [2010/04/19 21:45:44 | 000,013,030 | ---- | M] ()

Ÿ9Ÿ9 -> C:\Documents and Settings\B&J Cyber\Ÿ9Ÿ9 -> [2010/04/19 18:22:25 | 000,000,000 | ---- | M] ()

hpoins28.dat -> C:\WINDOWS\hpoins28.dat -> [2010/04/19 18:14:20 | 000,176,159 | ---- | M] ()

HP Photosmart Essential 3.0.lnk -> C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk -> [2010/04/19 18:13:17 | 000,001,936 | ---- | M] ()

Central de Soluções HP.lnk -> C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk -> [2010/04/19 18:11:00 | 000,001,070 | ---- | M] ()

GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-725345543-1003Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-789336058-725345543-1003Core.job -> [2010/04/19 14:08:00 | 000,001,108 | ---- | M] ()

sistema digestório.doc -> C:\Documents and Settings\B&J Cyber\Desktop\sistema digestório.doc -> [2010/04/18 21:55:39 | 000,139,776 | ---- | M] ()

Microsoft Word.lnk -> C:\Documents and Settings\B&J Cyber\Desktop\Microsoft Word.lnk -> [2010/04/18 21:48:13 | 000,002,545 | ---- | M] ()

MegaManager.INI -> C:\WINDOWS\MegaManager.INI -> [2010/04/18 13:28:47 | 000,000,050 | ---- | M] ()

Mega Manager.lnk -> C:\Documents and Settings\All Users\Desktop\Mega Manager.lnk -> [2010/04/18 12:43:40 | 000,000,324 | ---- | M] ()

wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/18 10:32:27 | 000,002,206 | ---- | M] ()

Da Sobrecarga de Trabalho.doc -> C:\Documents and Settings\B&J Cyber\Meus documentos\Da Sobrecarga de Trabalho.doc -> [2010/04/17 14:39:30 | 000,020,480 | ---- | M] ()

a-squared Free.lnk -> C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk -> [2010/04/17 09:17:59 | 000,000,562 | ---- | M] ()

Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/04/16 14:17:53 | 000,001,779 | ---- | M] ()

FixPolicies.exe -> C:\Documents and Settings\B&J Cyber\Desktop\FixPolicies.exe -> [2010/04/15 09:47:04 | 000,169,398 | ---- | M] ()

Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/04/14 22:20:20 | 000,001,981 | ---- | M] ()

orkut - Fórum Classificados Hardware Redes.url -> C:\Documents and Settings\B&J Cyber\Desktop\orkut - Fórum Classificados Hardware Redes.url -> [2010/04/12 21:17:32 | 000,000,133 | ---- | M] ()

orkut - Fórum Classificados Manaus.url -> C:\Documents and Settings\B&J Cyber\Desktop\orkut - Fórum Classificados Manaus.url -> [2010/04/12 21:08:57 | 000,000,134 | ---- | M] ()

GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\GDIPFONTCACHEV1.DAT -> [2010/04/12 19:30:30 | 000,021,408 | ---- | M] ()

GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT -> [2010/04/12 19:22:55 | 000,021,408 | ---- | M] ()

FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/04/12 10:38:02 | 000,124,520 | ---- | M] ()

OTS.exe -> C:\Documents and Settings\B&J Cyber\Desktop\OTS.exe -> [2010/04/11 22:38:49 | 000,638,464 | ---- | M] (OldTimer Tools)

P029-05.doc -> C:\Documents and Settings\B&J Cyber\Meus documentos\P029-05.doc -> [2010/04/10 13:37:04 | 000,103,936 | ---- | M] ()

ToolBarSD.exe -> C:\Documents and Settings\B&J Cyber\Desktop\ToolBarSD.exe -> [2010/04/09 22:38:22 | 000,343,020 | ---- | M] ()

Globocop sobrevoa Rio das Pedras (RJ) - Globo Vídeos Player.url -> C:\Documents and Settings\B&J Cyber\Desktop\Globocop sobrevoa Rio das Pedras (RJ) - Globo Vídeos Player.url -> [2010/04/09 22:04:46 | 000,000,298 | ---- | M] ()

Rapport - GenProc[1].URL -> C:\Documents and Settings\B&J Cyber\Desktop\Rapport - GenProc[1].URL -> [2010/04/09 11:44:16 | 000,000,132 | ---- | M] ()

Raccourci - GenProc.lnk -> C:\Documents and Settings\B&J Cyber\Desktop\Raccourci - GenProc.lnk -> [2010/04/09 11:42:50 | 000,001,372 | ---- | M] ()

cc_20100408_170105.reg -> C:\Documents and Settings\B&J Cyber\Meus documentos\cc_20100408_170105.reg -> [2010/04/08 17:01:10 | 000,000,314 | ---- | M] ()

wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/04/08 16:03:53 | 000,000,051 | ---- | M] ()

hpoins28.dat.temp -> C:\WINDOWS\hpoins28.dat.temp -> [2010/04/08 16:03:46 | 000,176,236 | ---- | M] ()

FLEXFORM.url -> C:\Documents and Settings\B&J Cyber\Desktop\FLEXFORM.url -> [2010/04/08 12:10:37 | 000,000,139 | ---- | M] ()

Número do Benefício.doc -> C:\Documents and Settings\B&J Cyber\Meus documentos\Número do Benefício.doc -> [2010/04/08 10:38:05 | 000,051,712 | ---- | M] ()

Radio Vanderlirio.url -> C:\Documents and Settings\B&J Cyber\Desktop\Radio Vanderlirio.url -> [2010/04/07 18:04:44 | 000,000,121 | ---- | M] ()

70 C:\Documents and Settings\B&J Cyber\Configurações locais\temp\*.tmp files -> C:\Documents and Settings\B&J Cyber\Configurações locais\temp\*.tmp ->

2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->

[Files - No Company Name]

HP Photosmart Essential 3.0.lnk -> C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk -> [2010/04/19 18:13:17 | 000,001,936 | ---- | C] ()

Central de Soluções HP.lnk -> C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk -> [2010/04/19 18:11:00 | 000,001,070 | ---- | C] ()

hpoins28.dat -> C:\WINDOWS\hpoins28.dat -> [2010/04/19 18:05:20 | 000,176,159 | ---- | C] ()

hpomdl28.dat -> C:\WINDOWS\hpomdl28.dat -> [2010/04/19 18:05:19 | 000,000,796 | ---- | C] ()

sistema digestório.doc -> C:\Documents and Settings\B&J Cyber\Desktop\sistema digestório.doc -> [2010/04/18 21:49:34 | 000,139,776 | ---- | C] ()

MegaManager.INI -> C:\WINDOWS\MegaManager.INI -> [2010/04/18 12:46:06 | 000,000,050 | ---- | C] ()

Mega Manager.lnk -> C:\Documents and Settings\All Users\Desktop\Mega Manager.lnk -> [2010/04/18 12:43:40 | 000,000,324 | ---- | C] ()

Da Sobrecarga de Trabalho.doc -> C:\Documents and Settings\B&J Cyber\Meus documentos\Da Sobrecarga de Trabalho.doc -> [2010/04/17 13:31:14 | 000,020,480 | ---- | C] ()

a-squared Free.lnk -> C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk -> [2010/04/17 09:17:58 | 000,000,562 | ---- | C] ()

FixPolicies.exe -> C:\Documents and Settings\B&J Cyber\Desktop\FixPolicies.exe -> [2010/04/15 09:47:04 | 000,169,398 | ---- | C] ()

Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/04/14 22:20:20 | 000,001,981 | ---- | C] ()

orkut - Fórum Classificados Hardware Redes.url -> C:\Documents and Settings\B&J Cyber\Desktop\orkut - Fórum Classificados Hardware Redes.url -> [2010/04/12 21:17:32 | 000,000,133 | ---- | C] ()

orkut - Fórum Classificados Manaus.url -> C:\Documents and Settings\B&J Cyber\Desktop\orkut - Fórum Classificados Manaus.url -> [2010/04/12 21:08:57 | 000,000,134 | ---- | C] ()

P029-05.doc -> C:\Documents and Settings\B&J Cyber\Meus documentos\P029-05.doc -> [2010/04/10 13:37:03 | 000,103,936 | ---- | C] ()

ToolBarSD.exe -> C:\Documents and Settings\B&J Cyber\Desktop\ToolBarSD.exe -> [2010/04/09 22:38:19 | 000,343,020 | ---- | C] ()

Globocop sobrevoa Rio das Pedras (RJ) - Globo Vídeos Player.url -> C:\Documents and Settings\B&J Cyber\Desktop\Globocop sobrevoa Rio das Pedras (RJ) - Globo Vídeos Player.url -> [2010/04/09 22:04:44 | 000,000,298 | ---- | C] ()

Rapport - GenProc[1].URL -> C:\Documents and Settings\B&J Cyber\Desktop\Rapport - GenProc[1].URL -> [2010/04/09 11:44:16 | 000,000,132 | ---- | C] ()

Raccourci - GenProc.lnk -> C:\Documents and Settings\B&J Cyber\Desktop\Raccourci - GenProc.lnk -> [2010/04/09 11:42:49 | 000,001,372 | ---- | C] ()

cc_20100408_170105.reg -> C:\Documents and Settings\B&J Cyber\Meus documentos\cc_20100408_170105.reg -> [2010/04/08 17:01:08 | 000,000,314 | ---- | C] ()

FLEXFORM.url -> C:\Documents and Settings\B&J Cyber\Desktop\FLEXFORM.url -> [2010/04/08 12:10:37 | 000,000,139 | ---- | C] ()

Número do Benefício.doc -> C:\Documents and Settings\B&J Cyber\Meus documentos\Número do Benefício.doc -> [2010/04/08 10:38:04 | 000,051,712 | ---- | C] ()

Radio Vanderlirio.url -> C:\Documents and Settings\B&J Cyber\Desktop\Radio Vanderlirio.url -> [2010/04/07 18:04:44 | 000,000,121 | ---- | C] ()

wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/03/19 21:47:32 | 000,000,051 | ---- | C] ()

FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat -> [2010/01/08 11:00:58 | 000,056,768 | ---- | C] ()

cavscan.INI -> C:\WINDOWS\cavscan.INI -> [2009/11/17 11:20:46 | 000,000,156 | ---- | C] ()

cfplogvw.INI -> C:\WINDOWS\cfplogvw.INI -> [2009/10/21 11:22:38 | 000,000,253 | ---- | C] ()

unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2009/10/18 14:39:51 | 000,178,176 | ---- | C] ()

StarOpen.sys -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2009/09/18 15:21:58 | 000,005,632 | ---- | C] ()

ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/01/04 01:56:43 | 000,000,421 | ---- | C] ()

VGAsetup.ini -> C:\WINDOWS\VGAsetup.ini -> [2008/01/04 01:29:25 | 000,075,230 | ---- | C] ()

VGAunistlog.ini -> C:\WINDOWS\System32\VGAunistlog.ini -> [2008/01/04 01:29:10 | 000,074,453 | ---- | C] ()

avrack.ini -> C:\WINDOWS\avrack.ini -> [2008/01/04 01:28:09 | 000,000,164 | R--- | C] ()

RTLCPAPI.dll -> C:\WINDOWS\System32\RTLCPAPI.dll -> [2008/01/04 01:27:58 | 000,156,672 | R--- | C] ()

GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()

[File - Lop Check]

Hagel Technologies -> C:\Documents and Settings\All Users\Dados de aplicativos\Hagel Technologies -> [2010/01/28 23:01:18 | 000,000,000 | ---D | M]

SpeedBit -> C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit -> [2009/07/06 21:55:26 | 000,000,000 | ---D | M]

TEMP -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP -> [2009/10/17 11:59:00 | 000,000,000 | ---D | M]

TuneUp Software -> C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software -> [2010/04/09 11:34:48 | 000,000,000 | ---D | M]

{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} -> C:\Documents and Settings\All Users\Dados de aplicativos\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} -> [2010/04/08 18:28:38 | 000,000,000 | -HSD | M]

DNA -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\DNA -> [2009/06/24 18:43:55 | 000,000,000 | ---D | M]

Haihaisoft -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Haihaisoft -> [2009/09/29 10:34:20 | 000,000,000 | ---D | M]

Haihaisoft Universal Player -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Haihaisoft Universal Player -> [2009/09/29 10:36:27 | 000,000,000 | ---D | M]

IObit -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\IObit -> [2010/03/19 20:17:32 | 000,000,000 | ---D | M]

LimeWire -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\LimeWire -> [2009/10/06 20:12:53 | 000,000,000 | ---D | M]

Megaupload -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Megaupload -> [2010/04/18 12:43:43 | 000,000,000 | ---D | M]

Remote Queue Manager -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Remote Queue Manager -> [2009/07/28 20:51:18 | 000,000,000 | ---D | M]

Shadow Defender -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Shadow Defender -> [2009/10/14 14:03:45 | 000,000,000 | ---D | M]

TeamViewer -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\TeamViewer -> [2009/07/01 13:58:09 | 000,000,000 | ---D | M]

TuneUp Software -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\TuneUp Software -> [2010/04/08 22:56:15 | 000,000,000 | ---D | M]

TweakNow WinSecret 2009 -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\TweakNow WinSecret 2009 -> [2010/02/23 21:25:45 | 000,000,000 | ---D | M]

uniblue -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\uniblue -> [2010/01/08 11:14:27 | 000,000,000 | ---D | M]

VSRevoGroup -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\VSRevoGroup -> [2010/03/31 19:00:24 | 000,000,000 | ---D | M]

User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job -> [2010/04/20 12:15:06 | 000,000,462 | -H-- | M] ()

[File - Purity Scan]

< End of report >

Bechir Bitar · Abril 21, 2010

Veja este logo do claWin

Scan Started Tue Apr 20 20:11:00 2010

-------------------------------------------------------------------------------

C:\Documents and Settings\All Users\.clamwin\quarantine\A0134272.ini.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\A0134277.inf.infected not moved/copied since already in quarantine

C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\9194abb3-fc55-4e93-9967-e5a744d8c7cc\DBStore\contacts.edb: Permission denied

C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\9194abb3-fc55-4e93-9967-e5a744d8c7cc\DBStore\tempedb.edb: Permission denied

C:\pagefile.sys: Permission denied

C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

C:\WINDOWS\system32\config\default: Permission denied

C:\WINDOWS\system32\config\SAM: Permission denied

C:\WINDOWS\system32\config\SECURITY: Permission denied

C:\WINDOWS\system32\config\software: Permission denied

C:\WINDOWS\system32\config\system: Permission denied

C:\Documents and Settings\All Users\.clamwin\quarantine\A0134272.ini.infected: Backdoor.Poison-4 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\A0134277.inf.infected: Worm.Autorun-1792 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 756546

Engine version: 0.95.3

Scanned directories: 4837

Scanned files: 56955

Infected files: 2

Not copied: 2

Data scanned: 12675.36 MB

Data read: 15290.22 MB (ratio 0.83:1)

Time: 5296.063 sec (88 m 16 s)

--------------------------------------

Completed

--------------------------------------

Scan Started Tue Apr 20 22:04:08 2010

-------------------------------------------------------------------------------

D:\System Volume Information\_restoreC70F14DE-9D8D-4A4F-A71D-996D80C4A438\RP288\A0148766.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0148766.exe.infected'

D:\A-Download\Programas\avz4\avz4\Quarantine\2010-04-19\avz00001.dta: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\avz00001.dta.infected'

D:\System Volume Information\_restoreC70F14DE-9D8D-4A4F-A71D-996D80C4A438\RP288\A0148766.exe: Trojan.Agent-118978 FOUND

D:\A-Download\Programas\avz4\avz4\Quarantine\2010-04-19\avz00001.dta: Trojan.PSW.Agent-10 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 756546

Engine version: 0.95.3

Scanned directories: 442

Scanned files: 4280

Infected files: 2

Data scanned: 3831.55 MB

Data read: 5469.38 MB (ratio 0.70:1)

Time: 1172.157 sec (19 m 32 s)

--------------------------------------

Completed

--------------------------------------

DigRam · Abril 21, 2010

Boa Tarde! Bechir Bitar

<!> As detecções em ClamWin,mostraram apenas ficheiros quarantinados,em sua maioria.

00000000000000000000000

<@> Abra o OTS.exe,com um duplo-clique.

[Kill Explorer][Unregister Dlls][Registry - Safe List]< MountPoints2 [HKEY_CURRENT_USER] > -> YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->\{050c58ac-3c0b-11df-8065-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\\"" -> [AutoRun] YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\AutoRun\command\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] \{15ea0171-40e5-11df-807f-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}\Shell\AutoRun\command\{15ea0171-40e5-11df-807f-00016c066432}\Shell\AutoRun\command\\"" -> E:\pozuda\malena.exe [E:\pozuda/malena.exe] \{15ea0171-40e5-11df-807f-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}\Shell\explore\command\{15ea0171-40e5-11df-807f-00016c066432}\Shell\explore\command\\"" -> E:\pozuda\malena.exe [E:\pozuda/malena.exe] \{15ea0171-40e5-11df-807f-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}\Shell\open\command\{15ea0171-40e5-11df-807f-00016c066432}\Shell\open\command\\"" -> E:\pozuda\malena.exe [E:\pozuda/malena.exe] \{1fc84806-3793-11df-805d-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84806-3793-11df-805d-00016c066432}\Shell\{1fc84806-3793-11df-805d-00016c066432}\Shell\\"" -> [AutoRun]\{1fc84807-3793-11df-805d-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84807-3793-11df-805d-00016c066432}\Shell\AutoRun\command\{1fc84807-3793-11df-805d-00016c066432}\Shell\AutoRun\command\\"" -> E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe [E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe] -> File not found\{1fc84807-3793-11df-805d-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fc84807-3793-11df-805d-00016c066432}\Shell\open\command\{1fc84807-3793-11df-805d-00016c066432}\Shell\open\command\\"" -> E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe [E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe] -> File not found\{222b8f48-7f9f-11de-8f70-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutOPLay\command\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutOPLay\command\\"" -> E:\lmpx.exe [E:\lmpx.exe] \{222b8f48-7f9f-11de-8f70-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutoRun\command\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\AutoRun\command\\"" -> E:\lmpx.exe [E:\lmpx.exe]\{222b8f48-7f9f-11de-8f70-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\expLORe\COmMand\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\expLORe\COmMand\\"" -> E:\lmpx.exe [E:\lmpx.exe] \{222b8f48-7f9f-11de-8f70-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\opEn\command\{222b8f48-7f9f-11de-8f70-00016c066432}\sHell\opEn\command\\"" -> E:\lmpx.exe [E:\lmpx.exe]\{3c93538f-4256-11df-8082-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c93538f-4256-11df-8082-00016c066432}\Shell\{3c93538f-4256-11df-8082-00016c066432}\Shell\\"" -> [AutoRun] \{3c935390-4256-11df-8082-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c935390-4256-11df-8082-00016c066432}\Shell\{3c935390-4256-11df-8082-00016c066432}\Shell\\"" -> [AutoRun] \{3c935391-4256-11df-8082-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c935391-4256-11df-8082-00016c066432}\shell\Open(&0)\command\{3c935391-4256-11df-8082-00016c066432}\shell\Open(&0)\command\\"" -> [windrive.exe] \{3e4e0d22-a83b-11de-8fcd-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4e0d22-a83b-11de-8fcd-00016c066432}\Shell\{3e4e0d22-a83b-11de-8fcd-00016c066432}\Shell\\"" -> [AutoRun] \{53a9a3ca-a1f7-11de-8fbe-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\AutoRun\command\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\AutoRun\command\\"" -> E:\DRIVER\\vozacka.exe [E:\DRIVER///vozacka.exe] \{53a9a3ca-a1f7-11de-8fbe-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\explore\command\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\explore\command\\"" -> E:\DRIVER\vozacka.exe [E:\DRIVER//vozacka.exe]\{53a9a3ca-a1f7-11de-8fbe-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\open\command\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\open\command\\"" -> E:\DRIVER\vozacka.exe [E:\DRIVER//vozacka.exe] \{54b4cebc-68a7-11de-8f1d-00016c0678f9}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\AutoRun\command\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\AutoRun\command\\"" -> E:\ws.exe [E:\ws.exe] \{54b4cebc-68a7-11de-8f1d-00016c0678f9}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\open\Command\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\open\Command\\"" -> E:\ws.exe [E:\ws.exe] \{550a36ad-a129-11de-8fbd-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550a36ad-a129-11de-8fbd-00016c066432}\Shell\{550a36ad-a129-11de-8fbd-00016c066432}\Shell\\"" -> [AutoRun] \{5baea245-9ed0-11de-8fb9-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\AutoRun\command\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\AutoRun\command\\"" -> E:\QMLLBp.Exe [E:\QMLLBp.Exe] \{5baea245-9ed0-11de-8fb9-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\oPEN\ComManD\{5baea245-9ed0-11de-8fb9-00016c066432}\SHELl\oPEN\ComManD\\"" -> E:\qMLLbp.exe [E:\qMLLbp.exe] \{95679f72-249b-11df-bffc-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95679f72-249b-11df-bffc-00016c066432}\Shell\{95679f72-249b-11df-bffc-00016c066432}\Shell\\"" -> [AutoRun] \{9f09a9a4-4817-11df-809b-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\AutoRun\command\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\AutoRun\command\\"" -> E:\ji83j.exe [E:\ji83j.exe] \{9f09a9a4-4817-11df-809b-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\open\Command\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\open\Command\\"" -> E:\ji83j.exe [E:\ji83j.exe] \{bf8b3d94-44b3-11df-8092-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf8b3d94-44b3-11df-8092-00016c066432}\Shell\{bf8b3d94-44b3-11df-8092-00016c066432}\Shell\\"" -> [AutoRun] \{bf8b3d95-44b3-11df-8092-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf8b3d95-44b3-11df-8092-00016c066432}\Shell\{bf8b3d95-44b3-11df-8092-00016c066432}\Shell\\"" -> [AutoRun]\{cc6e0379-67fc-11de-8f1c-00016c0678f9}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc6e0379-67fc-11de-8f1c-00016c0678f9}\Shell\{cc6e0379-67fc-11de-8f1c-00016c0678f9}\Shell\\"" -> [AutoRun] \{e65b7be4-6bff-11de-8f23-00016c0678f9}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\AutoRun\command\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\AutoRun\command\\"" -> [p.exe] \{e65b7be4-6bff-11de-8f23-00016c0678f9}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\open\Command\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\open\Command\\"" -> [p.exe]\{e7e1644c-335d-11df-8034-00016c066432}YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7e1644c-335d-11df-8034-00016c066432}\Shell\{e7e1644c-335d-11df-8034-00016c066432}\Shell\\"" -> [AutoRun][Files/Folders - Modified Within 14 Days]NY -> 70 C:\Documents and Settings\B&J Cyber\Configurações locais\temp\*.tmp files -> C:\Documents and Settings\B&J Cyber\Configurações locais\temp\*.tmp ->NY -> 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->  [Empty Temp Folders][Start Explorer]

<@> Cole estas informações que estão no Code,para o campo: "Paste Fix Here"

<@> Clique em Run Fix --> Aguarde!

<@> Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt <--

00000000000000000000000

<@> Poste,também,um novo relatório do UsbFix + HijackThis atualizado.

Abraços!

Bechir Bitar · Abril 21, 2010

Boa tarde DigRam !!!

O OTL, não gerou log quando terminou de executar deu boot na maqina e não deu chance de salvar o log.

############################## | UsbFix V6.100 |

User : B&J Cyber (Administradores) # SERVIDOR400

Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 16:52:03 | 21/04/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

AMD Sempron Processor 2800+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AntiVir Desktop 9.0.1.30 [ Enabled | Updated ]

C:\ -> Disco fixo local # 20,02 Go (5,44 Go free) [Clonador_C] # NTFS

D:\ -> Disco fixo local # 17,27 Go (7,37 Go free) [CLONADOR_D] # FAT32

E:\ -> Disco removível # 954,05 Mo (245,12 Mo free) [bECHIR] # FAT

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Recycler\S-1-5-21-1547161642-789336058-725345543-1003

Supprimido ! E:\autorun.inf

Supprimido ! E:\.\RECYCLER\RECYCLER\autorun.exe

Supprimido ! E:\.\RECYCLER\RECYCLER

Supprimido ! E:\bjj3iccf.com

Supprimido ! E:\e.cmd

Supprimido ! E:\iqe68o.bat

Supprimido ! E:\itsduel.exe

Supprimido ! E:\kg2v.com

Supprimido ! E:\lgqig.exe

Supprimido ! E:\lgqig.scr

Supprimido ! E:\o1.com

Supprimido ! E:\p1y2.cmd

Supprimido ! E:\pnt.com

Supprimido ! E:\svchost.exe

Supprimido ! E:\boabu.exe

Supprimido ! E:\boabu.scr

Supprimido ! E:\kapeg.exe

Supprimido ! E:\kapeg.scr

Supprimido ! E:\Documents.lnk

Supprimido ! E:\Music.lnk

Supprimido ! E:\New Folder.lnk

Supprimido ! E:\Passwords.lnk

Supprimido ! E:\Pictures.lnk

Supprimido ! E:\Video.lnk

Supprimido ! E:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

Supprimido ! E:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

Supprimido ! E:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

Supprimido ! E:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

Supprimido ! E:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213\Desktop.ini

Supprimido ! E:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213

Supprimido ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

Supprimido ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

Supprimido ! E:\Restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe

Supprimido ! E:\Restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

Supprimido ! E:\Restore\S-1-5-21-1482476501-1644491937-682003330-1013

Supprimido ! E:\Recycler\S-1-6-22-2134031345-1609158761-021649731-3160

################## | Registro |

################## | Mountpoints2 |

Supprimido ! HKCU\...\Explorer\MountPoints2\{050c58ac-3c0b-11df-8065-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{15ea0171-40e5-11df-807f-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{1fc84806-3793-11df-805d-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{1fc84807-3793-11df-805d-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{222b8f48-7f9f-11de-8f70-00016c066432}\Shell\AutOPLay\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{3c93538f-4256-11df-8082-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{3c935390-4256-11df-8082-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{3c935391-4256-11df-8082-00016c066432}\Shell\Open(&0)\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{3e4e0d22-a83b-11de-8fcd-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{53a9a3ca-a1f7-11de-8fbe-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{54b4cebc-68a7-11de-8f1d-00016c0678f9}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{550a36ad-a129-11de-8fbd-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{5baea245-9ed0-11de-8fb9-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{6d5f0c12-76eb-11de-8f4f-00016c0678f9}\Shell\AutoPLAY\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{9f09a9a4-4817-11df-809b-00016c066432}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{bf8b3d94-44b3-11df-8092-00016c066432}\Shell\Auto\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{bf8b3d95-44b3-11df-8092-00016c066432}\Shell\Auto\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{cc6e0379-67fc-11de-8f1c-00016c0678f9}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{e65b7be4-6bff-11de-8f23-00016c0678f9}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{e7e1644c-335d-11df-8034-00016c066432}\Shell\AutoRun\Command

################## | Listing |

[04/01/2008 01:11|--a------|0] C:\AUTOEXEC.BAT

[08/03/2010 17:57|--a------|211] C:\Boot.bak

[20/04/2010 10:30|-rahs----|281] C:\boot.ini

[28/10/2001 15:06|-rahs----|4952] C:\Bootfont.bin

[03/08/2004 23:00|--a------|261856] C:\cmldr

[04/01/2008 01:11|--a------|0] C:\CONFIG.SYS

[04/01/2008 01:11|-rahs----|0] C:\IO.SYS

[07/04/2010 12:40|--a------|100] C:\mbam-error.txt

[04/01/2008 01:11|-rahs----|0] C:\MSDOS.SYS

[03/08/2004 23:38|-rahs----|47564] C:\NTDETECT.COM

[10/08/2008 13:01|-rahs----|251696] C:\ntldr

[?|?|?] C:\pagefile.sys

[21/04/2010 16:38|--a------|13030] C:\PDOXUSRS.NET

[22/03/2010 08:12|--a------|288654] C:\SafeBootKeyRepair.exe

[11/04/2010 18:55|--a------|1948] C:\TB.txt

[21/04/2010 16:55|--a------|5529] C:\UsbFix.txt

[22/06/2009 12:45|--a------|27262976] C:\VIRTPART.DAT

[30/01/2009 00:44|--a------|142] D:\company.url

[20/04/2010 22:37|--a------|1161728] D:\Controle De Entrada.xls

[01/12/2009 16:46|-ra------|62464] D:\hs_regex.dll

[01/12/2009 16:47|--a------|19968] D:\MegaIeFn.dll

[01/12/2009 16:49|--a------|108544] D:\MegaIEMn.dll

[01/12/2009 16:46|-ra------|839680] D:\libeay32.dll

[27/07/2006 17:36|--a------|9702] D:\logo.gif

[20/07/2004 11:32|--a------|2728] D:\HS_License.html

[25/03/2010 12:11|--a------|23552] D:\Taga Inform tica - Bechir Bitar diz.doc

[01/12/2009 16:46|-ra------|1264286] D:\mega.smf

[05/04/2006 19:06|--a------|1453] D:\mm_file.htm

[01/12/2009 16:49|--a------|27321] D:\megamanager-1.1.xpi

[02/05/2000 03:17|--a------|212480] D:\PCDLIB32.DLL

[20/10/2009 14:25|--a------|151] D:\product.url

[16/11/2009 09:26|--a------|2052608] D:\MegaManager.exe

[13/11/2009 16:10|--a------|1349] D:\readme.txt

[01/12/2009 16:49|--a------|299520] D:\res.dll

[01/12/2009 16:46|-ra------|159744] D:\ssleay32.dll

[15/01/2009 14:52|--a------|142] D:\support.url

[01/12/2009 16:48|--a------|55808] D:\wwwapp.dll

[26/02/2010 15:02|--a------|7866] D:\mbam-log-2010-02-26 (15-02-27).txt

[29/01/2009 16:25|--a------|168] D:\thirdPartyNotice.txt

[01/12/2009 16:48|--a------|27648] D:\wwwcache.dll

[01/12/2009 16:48|--a------|141312] D:\wwwcore.dll

[01/12/2009 16:48|--a------|20480] D:\wwwdir.dll

[01/12/2009 16:47|--a------|7168] D:\wwwdll.dll

[01/12/2009 16:48|--a------|24064] D:\wwwfile.dll

[13/08/2003 16:20|--a------|4164] D:\W3C_License.html

[01/12/2009 16:48|--a------|36352] D:\wwwftp.dll

[01/12/2009 16:48|--a------|54784] D:\wwwhtml.dll

[01/12/2009 16:48|--a------|69120] D:\wwwhttp.dll

[01/12/2009 16:48|--a------|19456] D:\wwwinit.dll

[01/12/2009 16:48|--a------|32768] D:\wwwmime.dll

[01/12/2009 16:48|--a------|15360] D:\wwwssl.dll

[06/01/2010 12:37|--a------|247298] D:\Capitulo_10_10.pdf

[01/12/2009 16:48|--a------|20992] D:\wwwtrans.dll

[01/12/2009 16:48|--a------|25600] D:\wwwstream.dll

[04/10/2009 19:12|--a------|23192064] D:\Trabalho Karine.doc

[01/12/2009 16:47|--a------|38400] D:\wwwutils.dll

[05/09/2009 17:44|---hs----|2193] D:\AlbumArtSmall.jpg

[05/09/2009 17:44|---hs----|9028] D:\Folder.jpg

[05/09/2009 17:44|---hs----|9028] D:\AlbumArt_{ED215DC1-657D-4724-AD87-A5499957EF06}_Large.jpg

[05/09/2009 17:44|---hs----|2193] D:\AlbumArt_{ED215DC1-657D-4724-AD87-A5499957EF06}_Small.jpg

[19/07/2009 20:14|--ahs----|107520] D:\Thumbs.db

[17/03/2010 21:18|--a------|2052] E:\BOOTEX.LOG

[17/03/2010 17:28|--a------|1384060] E:\wrar393pt.exe

[01/11/2008 18:01|--a------|7519] E:\VirtualDJ Local Database v5.xml

[17/03/2010 14:28|--a------|25505304] E:\AdbeRdr930_pt_BR.exe

[14/04/2010 20:28|--a------|5907503] E:\Windows_XP_Genuine_Maker_By_AnOn.rar

[08/03/2010 13:17|--a------|82107432] E:\avg_free_stf_pb_90_790a2730.exe

[15/12/2008 12:51|--a------|169579] E:\MsnCleaner+limpa+seu+messenger+tira+virus+[www.helpfree-s-a.blogspot.com].zip

[09/04/2009 01:56|--a------|296] E:\WMPInfo.xml

[17/03/2010 14:23|--a------|8154064] E:\Firefox Setup 3.6.exe

################## | Vaccinação |

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# D:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# E:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

################## | Upload |

Favor enviar o arquivo : C:\UsbFix_Upload_Me_SERVIDOR400.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

################## | ! Fim do relatório # UsbFix V6.100 ! |

__________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:31:36, on 21/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

D:\A-Download\Programas\a-squared Free\a2service.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ClamWin\bin\ClamTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EASYSERVER.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R3 - Default URLSearchHook is missing

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [ClamWin] "C:\Arquivos de programas\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - D:\A-Download\Diversos\RUI ALVES - SIGE PLUS\4shared Desktop\down_all.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - D:\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.ead.sebrae.com.br

O15 - Trusted Zone: www.webaula.com.br

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7406FA5-7351-496B-92E4-D557BAB81CAE}: NameServer = 192.168.1.1

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\A-Download\Programas\a-squared Free\a2service.exe

O23 - Service: Google Update Service (gupdate1cad4ccfbe98022) (gupdate1cad4ccfbe98022) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 6499 bytes

DigRam · Abril 22, 2010

Bom Dia! Bechir Bitar

O OTL, não gerou log quando terminou de executar deu boot na maqina e não deu chance de salvar o log.

<!> Verifique aqui: C:\_OTS\MovedFiles\OTS.txt <-- Neste caminho!

################## | Upload |

Favor enviar o arquivo : C:\UsbFix_Upload_Me_SERVIDOR400.zip : http://chiquitine.ch...mple/Upload.php

Obrigado pela sua contribuição.

<!> Caso queira,colabore enviando o ficheiro,em destaque,para o endereço àcima.

00000000000000000000000

<@> Baixe: < securitycenterrestore.reg >

<@> Salve-a no desktop,como arquivo de entradas de registro. ( .reg ) < >

<@> Ps: Não salve-as como texto,onde sua inserção ao registro,seria inócua.

<@> Reinicie o computador,em Modo de segurança.

<@> Execute o arquivo ( .reg ),e confirme sua inserção ao registro.

<@> Terminando,reinicie o computador!

00000000000000000000000

<!> Poste um novo relatório do OTS,em seu escaneamento rápido. ( QuickScan )

Abraços!

Bechir Bitar · Abril 26, 2010

Boa noite DigRam

Verifique aqui: C:\_OTS\MovedFiles\OTS.txt <-- Neste caminho!

Já procurei nele e não foi salvo

--------------------------------------------------------------------------------------------------------------

Favor enviar o arquivo : C:\UsbFix_Upload_Me_SERVIDOR400.zip : http://chiquitine.ch...mple/Upload.php

Já tentei mais este link nâo existe.

A lentidão para diponibilizar o dispositivo de rede continua.

Abraços

--------------------------------------------------------------------------------------------------------------

O Log do OTS

OTS logfile created on: 25/04/2010 20:30:59 - Run 3

OTS by OldTimer - Version 3.1.28.1 Folder = C:\Documents and Settings\B&J Cyber\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

959,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 50,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 20,02 Gb Total Space | 5,57 Gb Free Space | 27,80% Space Free | Partition Type: NTFS

Drive D: | 17,27 Gb Total Space | 3,60 Gb Free Space | 20,84% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SERVIDOR400

Current User Name: B&J Cyber

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Quick Scan

[Processes - Safe List]

a2service.exe -> D:\A-Download\Programas\a-squared Free\a2service.exe -> [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH)

ots.exe -> C:\Documents and Settings\B&J Cyber\Desktop\OTS.exe -> [2010/04/11 22:38:49 | 000,638,464 | ---- | M] (OldTimer Tools)

jusched.exe -> C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe -> [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.)

clamtray.exe -> C:\Arquivos de programas\ClamWin\bin\ClamTray.exe -> [2009/11/03 21:49:02 | 000,086,016 | ---- | M] (alch)

wlcomm.exe -> C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation)

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation)

sistray.exe -> C:\WINDOWS\system32\sistray.exe -> [2005/07/13 01:53:38 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation)

easyserver.exe -> D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe -> [2003/04/14 18:20:34 | 002,593,280 | ---- | M] ()

mdm.exe -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation)

[Modules - Safe List]

ots.exe -> C:\Documents and Settings\B&J Cyber\Desktop\OTS.exe -> [2010/04/11 22:38:49 | 000,638,464 | ---- | M] (OldTimer Tools)

framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]

(a2free) a-squared Free Service [Auto | Running] -> D:\A-Download\Programas\a-squared Free\a2service.exe -> [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH)

(MDM) Machine Debug Manager [Auto | Running] -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://fr.msn.com/ ->

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->

HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com.br/ ->

HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->

< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\FireFox\Profiles\rzhc27jr.default\prefs.js ->

browser.startup.homepage -> "http://www.google.com.br/" ->

extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 ->

extensions.enabledItems -> jqs@sun.com:1.0 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->

network.proxy.ftp -> "localhost" ->

network.proxy.ftp_port -> 8080 ->

network.proxy.gopher -> "localhost" ->

network.proxy.gopher_port -> 8080 ->

network.proxy.http -> "localhost" ->

network.proxy.http_port -> 8080 ->

network.proxy.no_proxies_on -> "http://192.168.0.9:918,http://192.168.1.9:918" ->

network.proxy.socks -> "localhost" ->

network.proxy.socks_port -> 1080 ->

network.proxy.ssl -> "localhost" ->

network.proxy.ssl_port -> 8080 ->

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\extensions -> ->

HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com -> C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\ARQUIVOS DE PROGRAMAS\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2010/03/16 16:58:57 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->

HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Arquivos de programas\Mozilla Firefox\components [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/03 19:18:08 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Arquivos de programas\Mozilla Firefox\plugins [C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\PLUGINS] -> [2010/04/19 13:50:00 | 000,000,000 | ---D | M]

< FireFox Extensions [user Folders] > ->

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Extensions -> [2010/03/17 16:50:16 | 000,000,000 | ---D | M]

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org -> [2009/08/10 14:06:27 | 000,000,000 | ---D | M]

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\extensions -> [2009/06/22 20:36:30 | 000,000,000 | ---D | M]

No name found -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/06/24 18:43:55 | 000,000,000 | ---D | M]

-> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\extensions -> [2010/04/22 12:55:20 | 000,000,000 | ---D | M]

No name found -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash -> [2010/04/15 11:23:11 | 000,000,000 | ---D | M]

DownThemAll! -> C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2010/04/04 22:17:35 | 000,000,000 | ---D | M]

< FireFox Extensions [Program Folders] > ->

-> C:\Arquivos de programas\Mozilla Firefox\extensions -> [2010/04/23 16:46:25 | 000,000,000 | ---D | M]