[Arquivado] Solicitação de análise log

catiadsf · Junho 5, 2010

Há cerca de um mês tento acessar e instalar algumas ferramentas como Silverlight e MSN, que estavam instaladas e eram de uso periódico em meu pc anteriormente, porém recebo uma mensagem de que o aplicativo não se encontra instalado, e também não consigo avançar para instalá-lo. Além disso, todas as vezes que faço login, aparece uma mensagem dizendo que o java console não está ativado mas que isso não impactará em nenhum outro aplicativo java. Também o Explorer 8 mostra mensagens de erro sempre que me logo e utilizo o Firefox como browser principal.

Segue meu log.

Grata desde já!

Logfile of HijackThis v1.99.1

Scan saved at 23:25:51, on 4/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\pdf\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3A163F2-E5A2-46C9-9F3E-A0510BF0AF43}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

DigRam · Junho 6, 2010

Boa Tarde! catiadsf

<@> Baixe: < > ( ...by sUBs )

<!> Link-2 --> < ForoSpyware >

<!> Link-3 --> < GeeksToGo >

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

catiadsf · Junho 6, 2010

Olá, DigRam

Acho possível que meu problema seja mais sério do que eu imaginava, pois quando rodei o ComboFix conforme pedido, ele iniciou normalmente, porém quando apareceu a mensagem:

"O Combofix está preparando para iniciar"

O meu sistema deu Boot e quando reiniciou apareceu a uma mensagem de erro dizendo que o sistema havia se recuperado de um erro grave!!!

Dados do erro => Assinatura erro

BCCode : 51 BCP1 : 00000004 BCP2 : 00000001 BCP3 : E125C3B0

BCP4 : 0115E8B0 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

Arquivos incluídos no relatório de erros:

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\WERbdb7.dir00\Mini060610-02.dmp

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\WERbdb7.dir00\sysdata.xml

Aguardo resposta, muito obrigada.

DigRam · Junho 6, 2010

Boa Noite! catiadsf

<!> Tentou,após isso,executar o ComboFix.exe em Modo de Segurança?

Abraços!

catiadsf · Junho 7, 2010

Boa noite DigRam!

Tentei no modo de segurança com o ComboFix.exe e também refazendo o download e salvando como Kombo.exe nos modos normal e de segurança. Em ambos os casos aparece a mensagem:"O editor não pôde ser verificado. Tem certeza de que deseja executar este software?". Optei por cancelar e reportar o problema para você.

Como devo proceder?

Obrigada!

DigRam · Junho 7, 2010

Boa noite DigRam!

Tentei no modo de segurança com o ComboFix.exe e também refazendo o download e salvando como Kombo.exe nos modos normal e de segurança. Em ambos os casos aparece a mensagem:"O editor não pôde ser verificado. Tem certeza de que deseja executar este software?". Optei por cancelar e reportar o problema para você.

Como devo proceder?

Obrigada!

////////////\\\\\\\\\\\

Opa! catiadsf

<!> Execute-o! Em Modo Seguro e poste o relatório.

Abraços!

catiadsf · Junho 7, 2010

Olá DigRam!

Executei o ComboFix no modo de segurança porém novamente apareceu a mensagem "O Combofix está preparando para iniciar" e em seguida o meu sistema deu boot, e quando reiniciou apareceu a mensagem de erro dizendo que o sistema havia se recuperado de um erro grave. Assim, mais uma vez ele não chegou a gerar o relatório de erros.

Você teria alguma outra recomendação?

Obrigada!

DigRam · Junho 7, 2010

Olá DigRam!

Executei o ComboFix no modo de segurança porém novamente apareceu a mensagem "O Combofix está preparando para iniciar" e em seguida o meu sistema deu boot, e quando reiniciou apareceu a mensagem de erro dizendo que o sistema havia se recuperado de um erro grave. Assim, mais uma vez ele não chegou a gerar o relatório de erros.

Você teria alguma outra recomendação?

Obrigada!

//////////\\\\\\\\\\\

Opa! catiadsf

<@> Agende,para o próximo boot,o scandisk.

<@> Vá em Iniciar --> Executar --> Digite: cmd --> Clique: OK

<@> Na janela do prompt,digite: chkdsk /r --> Aperte Enter.

<@> Tecle "S" --> Aperte Enter.

<@> O scandisk foi selecionado para o próximo boot.

<@> Para sair,digite exit --> Aperte Enter.

<@> Reinicie o computador,para que tenha início o scandisk.

arquivos e pastas

índices

descritores de segurança

dados de arquivos

espaço disponível

<@> Aguarde,pacientemente,a conclusão de todas as verificações.

<@> Ao final,o computador reiniciará automáticamente.

000000000000000000

oooooooooooooooooo

<@> Baixe: < genproc.exe >

<@> Salve-o no desktop!

<@> Execute-o,clicando em GenProc.exe --> Enter --> Aguarde!

Rapport GenProc 2.660 [2] - dom 10/01/2010 à 18:02:17
@ Windows XP Service Pack 3 - Mode normal

@ Mozilla Firefox 3.5.7 (pt-BR) [Navigateur par défaut]

~~ ECHEC DU TELECHARGEMENT DE CM ~~

~~ ECHEC DU TELECHARGEMENT DE MBR.EXE ~~

~~ ECHEC DU TELECHARGEMENT D'HIJACKTHIS ~~

~~ ECHEC DU TELECHARGEMENT DE ZHP ~~

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 http://www.eset-nod32.fr/scanner.html (il faut utiliser Internet Explorer)

- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :

C:\Program Files\EsetOnlineScanner\log.txt

----------------------------------------------------------------------

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

----------------------------------------------------------------------

~~ Fin à 18:03:09 ~~

<@> Terminando,clique em Sim.

<@> Conforme a Quote,surgirá uma pop-up contendo o relatório. ( Rapport GenProc )

Abraços!

catiadsf · Junho 8, 2010

Olá DigRam!

Segue o relatório gerado pelo GenPro.exe

Rapport GenProc 2.660 [1] - ter 08/06/2010 à 20:23:51

@ Windows XP Service Pack 2 - Mode normal

@ Mozilla Firefox 3.6.3 (en-US) [Navigateur par défaut]

~~ CM DISK ERROR ~~

# Etape 1/ Télécharge :

- CCleaner http://www.ccleaner.com/download/builds/downloading-slim (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Toolbar-S&D http://eric71.geekstogo.com/tools/ToolBarSD.exe (Eric_71) sur ton Bureau.

Redémarre en mode sans échec comme indiqué ici http://www.pcloisirs.eu/mode_sans_echec.htm ; Choisis ta session courante *** Administrador *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

# Etape 2/

Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport TB.txt situé dans C:\ ;

- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~

# Détections [1] GenProc 2.660 ter 08/06/2010 à 20:24:03

Toolbar:le ter 08/06/2010 à 20:25:11 "C:\Arquivos de programas\Myway"

----------------------------------------------------------------------

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

----------------------------------------------------------------------

~~ Fin à 20:25:42 ~~

Obrigada!

DigRam · Junho 9, 2010

Boa Noite! catiadsf

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt ) <--

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < >

<@> Ps: Sigamos,agora,com sua configuração!

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

<!> Data de Criação >> Escolha: 14 dias

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

<!> 10 - Arquivos Criados Desde:

<!> Marque: Data de Criação

<!> 11 - Arquivos Modificados Desde:

<!> Marque: Data de Criação

<!> Marque as caixas:

[] Verificar Lop

[] Verificar Purity

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

<!> <1> OTL.txt <--

<!> <2> Extra.txt <--

Abraços!

catiadsf · Junho 21, 2010

Olá DigRam!

Só hoje pude realizar os últimos steps por você recomendados. Seguem os resultados:

ToolBar S&D

Após realizar o passo-a-passo 3 vezes, não foi criado nenhum arquivo TB_1.txt no C:\ToolBar SD. Apenas foi criado um arquivo TB.txt no C:\ com o conteúdo abaixo:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Sempron )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Administrador ( Administrator )

BOOT : Fail-safe boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:37 Go (Free:27 Go)

D:\ (CD or DVD)

F:\ (Local Disk) - NTFS - Total:465 Go (Free:421 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( dom 20/06/2010|21:24 )

OTL

1 - Conteúdo do TL.txt:

OTL logfile created on: 20/6/2010 21:35:27 - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

479,00 Mb Total Physical Memory | 157,00 Mb Available Physical Memory | 33,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 37,30 Gb Total Space | 26,65 Gb Free Space | 71,44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 465,76 Gb Total Space | 421,47 Gb Free Space | 90,49% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CLIENTE-7DD35FB

Current User Name: Administrador

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrador\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Arquivos de programas\Winamp\winampa.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\system32\pctspk.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrador\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (NMIndexingService) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (IDriverT) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (slnt) -- C:\WINDOWS\system32\drivers\slnt.sys (Silan Micro-Electronics Inc.)

DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)

DRV - (SiSide) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)

DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)

DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)

DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)

DRV - (Vvoice) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys (PCtel, Inc.)

DRV - (Vmodem) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys (PCTEL, INC.)

DRV - (Vpctcom) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys (PCtel, Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-839522115-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://uol.com.br"

FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.7.20

FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/20 10:11:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/06/16 22:17:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/06/03 15:02:50 | 000,000,000 | ---D | M]

[2008/09/14 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions

[2010/06/17 21:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\extensions

[2010/05/30 13:02:35 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}

[2010/01/25 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

[2010/06/04 22:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\extensions\firefox@red-cog.com

[2008/06/26 21:50:18 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\searchplugins\merriam-webster.xml

[2008/08/30 16:43:25 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\searchplugins\wikipedia-eng.xml

[2007/06/02 14:53:15 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\searchplugins\wikipedia.png

[2008/09/26 21:42:21 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\iofm9enb.default\searchplugins\winamp-search.xml

[2010/06/20 12:02:13 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/06/02 21:45:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/06/02 21:45:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/01/02 10:08:16 | 000,221,631 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 7777 more lines...

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\pdf\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1409082233-839522115-682003330-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-1409082233-839522115-682003330-500\..\Toolbar\WebBrowser: (no name) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - No CLSID value found.

O3 - HKU\S-1-5-21-1409082233-839522115-682003330-500\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [LanguageShortcut] C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe ()

O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)

O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} http://corp.globalenglish.com/html/setup/cabs/ge.cab (GlobalEnglish Learning Technology)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://img2.orkut.com/activex/10035/photouploader.cab (UploadListView Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (ZoneIntro Class)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.115 201.6.0.101

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-8198858521-0844078547-086202154-0227\sysdata.exe) - C:\RECYCLER\S-1-5-21-8198858521-0844078547-086202154-0227\sysdata.exe File not found

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/12/31 23:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/04/16 12:53:09 | 000,095,034 | RHS- | M] () - F:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{283f9a0b-9c57-11db-aedc-00115b5d835b}\Shell - "" = AutoRun

O33 - MountPoints2\{351095ce-577e-11de-b45a-00e030001a4a}\Shell\AutoRun\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe -- File not found

O33 - MountPoints2\{351095ce-577e-11de-b45a-00e030001a4a}\Shell\open\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe -- File not found

O33 - MountPoints2\{961487bb-a6fa-11de-b4ad-00e030001a4a}\Shell - "" = AutoRun

O33 - MountPoints2\{d4cce650-539a-11dd-b046-00e030001a4a}\Shell - "" = AutoRun

O33 - MountPoints2\{ef690902-40b8-11dd-b034-00e030001a4a}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/12/31 23:34:09 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: oyuycqhdr - C:\WINDOWS\system32\roztyx.dll ()

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk - C:\pdf\Reader\reader_sl.exe - (Adobe Systems Incorporated)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk - C:\ARQUIV~1\ASSIST~1\bin\matcli.exe - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk - C:\ARQUIV~1\MICROS~2\Office\OSA9.EXE - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk - - File not found

MsConfig - StartUpReg: AltnetPointsManager - hkey= - key= - C:\Program Files\Altnet\Points Manager\Points Manager.exe File not found

MsConfig - StartUpReg: Bej2Setup_TryGames.exe - hkey= - key= - C:\games\WINBEJ~1.EXE File not found

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found

MsConfig - StartUpReg: DataLayer - hkey= - key= - C:\Arquivos de programas\Arquivos comuns\PCSuite\DataLayer\DataLayer.exe File not found

MsConfig - StartUpReg: Discador iG - hkey= - key= - C:\Arquivos de programas\iGv6\Discador iG.exe File not found

MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Arquivos de programas\Google\Google Talk\googletalk.exe File not found

MsConfig - StartUpReg: KAZAA - hkey= - key= - C:\Arquivos de programas\Kazaa\kazaa.exe File not found

MsConfig - StartUpReg: Motive SmartBridge - hkey= - key= - C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe File not found

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: P2P Networking - hkey= - key= - File not found

MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe File not found

MsConfig - StartUpReg: PcSync - hkey= - key= - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe File not found

MsConfig - StartUpReg: SiS Windows KeyHook - hkey= - key= - File not found

MsConfig - StartUpReg: SiSUSBRG - hkey= - key= - C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: swg - hkey= - key= - C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe File not found

MsConfig - StartUpReg: Worms2.exe - hkey= - key= - C:\games\WORMS2~1.EXE File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PEVSystemStart - Service

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: procexp90.Sys - Driver

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PEVSystemStart - Service

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: procexp90.Sys - Driver

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {28ABC5C0-4FCB-11CF-AAX5-21CX1C643131} - C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - Silverlight 2.0

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{7d7da24d-3181-4063-a5ed-289a1406ac6a} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 14 Days ==========

[2010/06/20 21:29:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2010/06/20 11:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

[2010/06/20 11:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\HP

[2010/06/20 10:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

[2010/06/20 10:08:38 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\HP

[2010/06/19 16:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\HpUpdate

[2010/06/19 16:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP

[2010/06/19 16:01:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[2010/06/19 16:00:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HP

[2010/06/19 16:00:15 | 000,000,000 | -H-D | C] -- C:\Config.Msi

[2010/06/10 22:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2010/06/10 21:54:30 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/10 21:18:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent

[2010/06/10 20:51:42 | 000,000,000 | ---D | C] -- C:\ToolBar SD

[2010/06/08 20:23:25 | 000,000,000 | ---D | C] -- C:\GenProc

[2010/06/06 22:37:58 | 000,000,000 | --SD | C] -- C:\Kombo

[2010/06/06 21:56:13 | 002,059,528 | ---- | C] (Rosetta Stone Ltd., .) -- C:\Documents and Settings\Administrador\Desktop\setup.exe

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/06/20 21:38:01 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2010/06/20 21:33:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrador\Desktop\~$stou 08 junho 2010.doc

[2010/06/20 21:29:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2010/06/20 21:25:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/20 21:25:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/20 21:25:36 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/20 21:19:53 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Administrador\NTUSER.DAT

[2010/06/20 21:19:33 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini

[2010/06/20 21:17:09 | 000,001,176 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-839522115-682003330-500UA.job

[2010/06/20 21:09:16 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Postou 08 junho 2010.doc

[2010/06/20 20:42:08 | 000,003,502 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\dominio.xml

[2010/06/20 20:42:08 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\XMLNet.dat

[2010/06/20 20:42:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\CLSID.dat

[2010/06/20 20:05:44 | 001,558,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/20 11:52:32 | 000,071,264 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/06/20 11:41:18 | 000,176,021 | ---- | M] () -- C:\WINDOWS\hpoins37.dat

[2010/06/20 11:40:21 | 000,000,702 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/20 10:10:11 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk

[2010/06/20 10:09:53 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Loja de Suprimentos HP.lnk

[2010/06/20 10:09:08 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

[2010/06/18 23:35:10 | 000,003,502 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\dom.temp

[2010/06/18 22:57:28 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/06/18 22:52:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/17 22:17:01 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-839522115-682003330-500Core.job

[2010/06/17 21:54:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/06/10 23:12:57 | 004,323,260 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db

[2010/06/10 21:54:22 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/06/10 20:18:45 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Google Chrome.lnk

[2010/06/06 21:56:49 | 002,059,528 | ---- | M] (Rosetta Stone Ltd., .) -- C:\Documents and Settings\Administrador\Desktop\setup.exe

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 21:33:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrador\Desktop\~$stou 08 junho 2010.doc

[2010/06/20 21:25:36 | 502,845,440 | -HS- | C] () -- C:\hiberfil.sys

[2010/06/20 21:09:16 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Postou 08 junho 2010.doc

[2010/06/20 11:39:02 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp

[2010/06/20 10:10:11 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk

[2010/06/20 10:09:53 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Loja de Suprimentos HP.lnk

[2010/06/20 10:09:08 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

[2010/06/20 10:04:02 | 000,176,021 | ---- | C] () -- C:\WINDOWS\hpoins37.dat

[2010/06/20 10:04:01 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat

[2010/06/19 15:57:15 | 000,005,955 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log

[2010/02/28 12:47:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2010/01/03 22:00:58 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI

[2008/09/24 21:11:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008/09/24 21:11:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2008/09/24 21:11:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/09/24 21:11:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/09/24 21:11:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/09/24 21:11:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008/09/24 21:11:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008/08/31 19:46:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2007/04/07 10:47:57 | 000,005,361 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.ini

[2005/04/09 17:48:22 | 000,000,127 | ---- | C] () -- C:\WINDOWS\REC-NET.INI

[2005/03/20 00:15:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005/02/19 23:53:52 | 000,000,420 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2005/02/19 23:09:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\smdat32m.sys

[2004/08/04 00:45:24 | 000,166,555 | RHS- | C] () -- C:\WINDOWS\System32\roztyx.dll

[2002/12/31 23:55:03 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll

[2002/12/31 23:54:56 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2002/12/31 23:54:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2002/12/31 23:52:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2002/12/31 23:51:30 | 000,108,023 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini

[2002/12/31 23:50:21 | 000,103,037 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2002/12/31 23:45:47 | 000,000,415 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2002/10/16 15:01:56 | 000,176,704 | ---- | C] () -- C:\WINDOWS\System32\mozctl.dll

[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2007/07/29 14:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AVG7

[2008/04/21 18:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer

[2008/04/21 18:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer Pro

[2006/09/17 20:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DataLayer

[2010/01/15 19:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Leadertech

[2010/01/25 20:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\netexp20

[2006/09/25 20:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Nokia

[2006/09/17 19:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PC Suite

[2010/06/02 22:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Uniblue

[2010/04/16 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

[2007/07/29 21:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

[2007/10/23 21:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2007/02/20 14:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

[2010/06/17 21:54:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/02/15 21:20:28 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job

[2010/02/15 21:24:15 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2005/07/12 22:52:43 | 000,040,589 | ---- | M] () -- C:\ADOMTS.EXE

[2005/02/10 17:53:20 | 000,329,766 | ---- | M] () -- C:\discador_itelefonica_2_1_0_20050131.exe

[2004/06/17 08:44:06 | 004,217,352 | ---- | M] () -- C:\DivX511.exe

[2005/02/16 11:06:16 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\HijackThis.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\system32\eventlog.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\system32\scecli.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >

[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\system32\sfcfiles.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\system32\netlogon.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< End of report >

2 - Conteúdo do Extra.txt:

OTL Extras logfile created on: 20/6/2010 21:35:27 - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

479,00 Mb Total Physical Memory | 157,00 Mb Available Physical Memory | 33,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 37,30 Gb Total Space | 26,65 Gb Free Space | 71,44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 465,76 Gb Total Space | 421,47 Gb Free Space | 90,49% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CLIENTE-7DD35FB

Current User Name: Administrador

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1409082233-839522115-682003330-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Arquivos de programas\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Arquivos de programas\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Arquivos de programas\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"8362:TCP" = 8362:TCP:*:Enabled:BitComet 8362 TCP

"8362:UDP" = 8362:UDP:*:Enabled:BitComet 8362 UDP

"6652:TCP" = 6652:TCP:*:Enabled:ikgdpqc

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" = C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe" = C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\kazaa.exe" = C:\kazaa.exe:*:Enabled:Kazaa Media Desktop -- File not found

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" = C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

"C:\Arquivos de programas\Kazaa\kazaa.exe" = C:\Arquivos de programas\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe" = C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)

"C:\Arquivos de programas\BitComet\BitComet.exe" = C:\Arquivos de programas\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found

"C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found

"C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Arquivos de programas\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found

"C:\Arquivos de programas\Winamp Remote\bin\Orb.exe" = C:\Arquivos de programas\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found

"C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" = C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found

"C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found

"C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)