Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Allan²

Soundmix.exe não deixa eu abrir nada corretamente

Recommended Posts

Eu já procurei de vários jeitos acabar com esse vírus. ele não deixa executar nada, tudo tem que ser com o "abrir com"

Aí eu procurei em um tópico que dizia como deletar qualquer arquivo. Eu baixei esse programa (killbox) e consegui deletar o soundmix.exe!

Só que aí veio outro problema: quando eu deletei ele, eu fiz um scan e me certifiquei que ele não tava mais no pc. Mas continua tendo que abrir os programas com "abrir com"!

Se alguém já passou por esse problema me fala como ajudar! e se eu tiver feito esse tópico no lugar errado me digam porque esse é o meu segundo post, no primeiro o usuário antonio vieira disse que devia postar aqui...

Mas eu não consigo instalar os programas que o fórum pede...

já faz algum tempo que eu to tentando...

E agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Allan

Desculpe-nos pela demora, mas se ainda precisa de ajuda, por favor faça novos logs de acordo com este tópico:

Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Foi mal pela demora...

    Tá difícil pra mim entrar no pc

    No tópico diz pra mim baixar um programa chamado DDS e instalá-lo, mas como vou faze-lo se eu não consigo abrir normalmente? é pra mim botar pra "abrir com" com que programa? com esse cmd.exe?

    Aqui vai o log que fiz com o gmer:

    GMER 1.0.15.15087 - http://www.gmer.net

    Rootkit scan 2009-10-02 20:50:12

    Windows 5.1.2600 Service Pack 3

    Running: gmer.exe; Driver: C:\DOCUME~1\Alisson\CONFIG~1\Temp\axtdapow.sys

    ---- System - GMER 1.0.15 ----

    SSDT F7C1A0B4 ZwCreateThread

    SSDT F7C1A0A0 ZwOpenProcess

    SSDT F7C1A0A5 ZwOpenThread

    SSDT F7C1A0AF ZwTerminateProcess

    SSDT F7C1A0AA ZwWriteVirtualMemory

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[592] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 10032480 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 100324E0 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 10032370 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 100322C0 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 10032440 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 10032300 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 100323B0 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 10032330 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 100323F0 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    .text C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe[4048] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 10032280 C:\Arquivos de programas\TIM Web Banda Larga\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

    ---- EOF - GMER 1.0.15 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Eu baixei o dds.

    Cliquei duas vezes nele aí pediu para "abrir com"

    É aqui que tá o problema depois que esse vírus chegou não consigo executar as coisas corretamente...

    Quando dá para executar, eu faço assim:

    clico no programa (aí abre a tela do abrir com)

    aí eu procuro o programa no windows e ele abre...

    mas tem alguns programas que não abre assim, como esse dds

    eu boto para abrir com o cmd.exe do windows só que não acontece nada...

    aparece na tela escrito assim:

    Microsoft Widows XP [versão 5.1.2006]

    © Copyright 1985-2001 Microsoft Corp

    C:\DOCUME~1\Alisson\CONFIG~1\Temp\RarSFX4>

    *Alisson é o nome do PC(meu irmão)

    obrigado desde já

    Editado por Allan²
    Deixei imcompleto

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Foi mal pela demora o estabilizador do pc tinha quebrado ai eu tava sem...

    tentei os links sim

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Allan

    Faça o donwload do OtListIt2 by OldTimer

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Deixe a tela principal configurada conforme figura abaixo:

    3979150940_a60b769ff4_o.jpg

    • Clique no botão 3978388475_e858baec2d_o.jpg
    • Não interrompa o scan em hipótese alguma;
    • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
    • Poste os dois em sua próxima resposta.
    • Não exclua o OtListIt2

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não gerou nenhum log na área de trabalho...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Não gerou nenhum log na área de trabalho...
    Você tem que estar executando o OtListIt2 na Área de Trabalho, certo?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ah... ai vai o log: ( a hora do pc ta errada por que nao da para ajeitar o horario)

    OTL logfile created on: 17/11/2009 13:15:56 - Run 2

    OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Alisson\Meus documentos\Downloads

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    1014,48 Mb Total Physical Memory | 449,79 Mb Available Physical Memory | 44,34% Memory free

    2,38 Gb Paging File | 1,87 Gb Available in Paging File | 78,51% Paging File free

    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 34,18 Gb Total Space | 1,68 Gb Free Space | 4,93% Space Free | Partition Type: NTFS

    Drive D: | 40,34 Gb Total Space | 3,53 Gb Free Space | 8,74% Space Free | Partition Type: NTFS

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    Drive G: | 11,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: ELIENE

    Current User Name: Alisson

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: All users

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2009/11/15 12:39:25 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alisson\Meus documentos\Downloads\OTL.exe

    PRC - [2009/09/10 12:30:25 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Meus documentos\Allan\Programas\Mozilla Firefox\firefox.exe

    PRC - [2009/06/06 17:14:37 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    PRC - [2009/02/20 15:07:14 | 01,715,400 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

    PRC - [2009/02/18 20:19:38 | 00,110,592 | ---- | M] () -- C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

    PRC - [2009/02/09 10:49:48 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

    PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    PRC - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

    PRC - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

    PRC - [2008/09/11 12:02:10 | 00,421,888 | ---- | M] () -- C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe

    PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    PRC - [2008/04/13 23:21:24 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

    PRC - [2008/04/13 23:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

    PRC - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

    PRC - [2006/04/14 10:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

    PRC - [2006/04/14 10:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

    PRC - [2006/04/14 10:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

    ========== Win32 Services (SafeList) ==========

    SRV - [2009/06/06 17:14:37 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

    SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])

    SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

    SRV - [2009/02/12 18:55:00 | 02,777,850 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])

    SRV - [2008/12/22 22:09:12 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

    SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

    SRV - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])

    SRV - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

    SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

    SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

    SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

    SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])

    SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

    SRV - [2008/04/13 23:20:37 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])

    SRV - [2008/04/13 23:20:37 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])

    SRV - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

    SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [Disabled | Stopped])

    SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

    SRV - [2006/10/26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])

    SRV - [2006/04/14 10:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

    SRV - [2006/04/14 10:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])

    SRV - [2006/04/14 10:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])

    SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

    ========== Driver Services (SafeList) ==========

    DRV - [2009/05/31 15:29:59 | 00,075,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

    DRV - [2009/05/31 15:26:20 | 00,052,056 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])

    DRV - [2009/05/31 15:26:01 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])

    DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

    DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

    DRV - [2009/01/26 22:35:40 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

    DRV - [2008/12/22 17:30:14 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

    DRV - [2008/04/13 15:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])

    DRV - [2008/04/13 15:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys -- (NWRDR [On_Demand | Running])

    DRV - [2008/04/13 13:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

    DRV - [2008/04/13 13:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

    DRV - [2008/03/17 11:03:46 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])

    DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

    DRV - [2006/04/14 12:04:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])

    DRV - [2006/04/04 03:17:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])

    DRV - [2006/03/02 09:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])

    DRV - [2006/03/02 09:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])

    DRV - [2006/03/02 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

    DRV - [2006/02/07 12:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])

    DRV - [2005/12/09 08:48:00 | 04,123,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

    DRV - [2005/09/16 01:09:00 | 00,846,792 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])

    DRV - [2005/09/09 17:56:12 | 00,006,144 | ---- | M] (http://www.internals.com) -- C:\WINDOWS\System32\WinIo.sys -- (WINIO [system | Running])

    DRV - [2005/07/13 18:58:00 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])

    DRV - [2005/07/11 19:00:00 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])

    DRV - [2005/01/13 09:22:00 | 00,005,504 | ---- | M] (EnE Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\EKBfltr.sys -- (EKBfltr [On_Demand | Running])

    DRV - [2004/10/10 12:24:00 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])

    DRV - [2003/10/23 04:27:00 | 00,095,970 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])

    DRV - [2002/10/01 13:43:32 | 00,119,798 | ---- | M] (SP) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\S-1-5-21-4188901036-2405506098-2406177752-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

    FF - prefs.js..extensions.enabledItems: 6

    FF - prefs.js..extensions.enabledItems: 2

    FF - prefs.js..extensions.enabledItems: 44

    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1

    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5

    FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1

    FF - prefs.js..extensions.enabledItems: {04426594-bce6-4705-b811-bcdba2fd9c7b}:0.92

    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17

    FF - prefs.js..extensions.enabledItems: {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6

    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019

    FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02

    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3

    FF - prefs.js..extensions.enabledItems: refractor@developer.mozilla.org:1.0b2

    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

    FF - prefs.js..extensions.enabledItems: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.6

    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918

    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3

    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

    FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/06/06 17:14:38 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 16:37:38 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/09/26 19:56:28 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Mozilla Firefox\components

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Mozilla Firefox\plugins

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Meus documentos\Allan\Programas\Mozilla Firefox\components [2009/10/01 22:48:09 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Meus documentos\Allan\Programas\Mozilla Firefox\plugins [2009/09/26 19:56:32 | 00,000,000 | ---D | M]

    [2009/05/17 20:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions

    [2006/01/01 02:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

    [2009/03/06 19:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions\mozswing@mozswing.org

    [2009/05/17 20:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions\prism@developer.mozilla.org

    [2009/11/16 21:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions

    [2009/05/01 02:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}

    [2009/05/21 21:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}(2)

    [2009/11/15 20:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

    [2009/09/11 16:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    [2009/09/13 00:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}

    [2009/11/15 20:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}

    [2009/10/02 23:58:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}

    [2009/09/23 16:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

    [2009/05/01 02:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

    [2009/09/11 16:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

    [2006/01/01 00:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

    [2009/05/21 21:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}(2)

    [2009/05/21 21:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\anycolor.pavlos256@gmail(2).com

    [2009/05/21 21:12:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\chromifox@altmusictv(2).com

    [2009/07/18 22:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\chromifox@altmusictv.com

    [2009/05/21 21:12:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\doubleclickreloadtabs@mavrev(2)

    [2009/06/02 17:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\moveplayer@movenetworks.com

    [2009/10/02 23:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\personas@christopher.beard

    [2009/07/20 02:32:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\piclens@cooliris.com

    [2009/07/18 20:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\refractor@developer.mozilla.org

    [2009/11/15 21:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\SkipScreen@SkipScreen

    [2009/03/17 21:48:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\splash@aldreneo.com

    [2009/02/25 23:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\tabpopup@adarsh.tp

    [2009/07/18 20:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\refractor@developer.mozilla.org\prism\extensions

    O1 HOSTS File: (900 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

    O1 - Hosts: 61.129.115.198 www.xldd.com

    O1 - Hosts: 61.129.115.198 www.ojiang.com

    O1 - Hosts: 61.129.115.198 www.shuixian.net

    O1 - Hosts: 61.129.115.198 www.xlarea.com

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (Google Inc.)

    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo! com bloqueador de pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    O3 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (Google Inc.)

    O3 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O3 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\Toolbar\WebBrowser: (Barra de Ferramentas do Yahoo! com bloqueador de pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

    O4 - HKLM..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

    O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

    O4 - HKLM..\Run: [EOUApp] C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

    O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

    O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

    O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

    O4 - HKLM..\Run: [intelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

    O4 - HKLM..\Run: [intelZeroConfig] C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

    O4 - HKLM..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Dados de aplicativos\live 64 math does\bits mail.exe File not found

    O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

    O4 - HKLM..\Run: [NET Monitoring] C:\Arquivos de programas\NET Monitoring\lssas.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [QuickTime Task] C:\Arquivos de programas\QuickTime\QTTask.exe (Apple Inc.)

    O4 - HKLM..\Run: [silent Mode] C:\Arquivos de programas\Silent Mode\SilentMode.exe ()

    O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

    O4 - HKLM..\Run: [soundmix] C:\WINDOWS\System32\soundmix.exe File not found

    O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

    O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [bind hide] C:\Documents and Settings\Alisson\Dados de aplicativos\holdloveheart\Dupe bias meal.exe (Iatis buttons)

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (BitTorrent, Inc.)

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

    O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} http://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)

    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp - No CLSID value found

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp - No CLSID value found

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

    O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

    O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

    O31 - SafeBoot: AlternateShell - cmd.exe

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2008/12/22 16:57:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2008/04/23 18:44:40 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]

    O32 - AutoRun File - [2008/07/24 18:35:24 | 00,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]

    O33 - MountPoints2\{0238978a-3aa7-11de-b5ee-001302693d92}\Shell\AutoRun\command - "" = H:\em8tqm.cmd -- File not found

    O33 - MountPoints2\{0238978a-3aa7-11de-b5ee-001302693d92}\Shell\open\Command - "" = H:\em8tqm.cmd -- File not found

    O33 - MountPoints2\{071b0f88-fea9-11dd-b45c-001302693d92}\Shell - "" = AutoRun

    O33 - MountPoints2\{071b0f88-fea9-11dd-b45c-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

    O33 - MountPoints2\{071b0f89-fea9-11dd-b45c-001302693d92}\Shell - "" = AutoRun

    O33 - MountPoints2\{071b0f89-fea9-11dd-b45c-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

    O33 - MountPoints2\{0e0ac0d2-f138-11dd-b3ca-001302693d92}\Shell\AutoRun\command - "" = F:\

    O33 - MountPoints2\{0e0ac0d2-f138-11dd-b3ca-001302693d92}\Shell\explore\Command - "" = F:\RECYCLER\autorun.exe -- File not found

    O33 - MountPoints2\{0e0ac0d2-f138-11dd-b3ca-001302693d92}\Shell\open\Command - "" = F:\RECYCLER\autorun.exe -- File not found

    O33 - MountPoints2\{7a20b254-fe12-11dd-b457-001302693d92}\Shell - "" = AutoRun

    O33 - MountPoints2\{7a20b254-fe12-11dd-b457-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

    O33 - MountPoints2\{7a20b258-fe12-11dd-b457-001302693d92}\Shell - "" = AutoRun

    O33 - MountPoints2\{7a20b258-fe12-11dd-b457-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

    O33 - MountPoints2\{81a85b1a-9176-11de-b81d-001302693d92}\Shell - "" = AutoRun

    O33 - MountPoints2\{81a85b1a-9176-11de-b81d-001302693d92}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

    O33 - MountPoints2\{8bf0aa56-5b01-11de-b6a5-001302693d92}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

    O33 - MountPoints2\{8bf0aa56-5b01-11de-b6a5-001302693d92}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

    O33 - MountPoints2\{a467695e-39d6-11de-b5e9-001302693d92}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe -- File not found

    O33 - MountPoints2\{a467695e-39d6-11de-b5e9-001302693d92}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe -- File not found

    O33 - MountPoints2\{de9d6562-fe1f-11dd-b459-001302693d92}\Shell - "" = AutoRun

    O33 - MountPoints2\{de9d6562-fe1f-11dd-b459-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

    O33 - MountPoints2\{de9d6563-fe1f-11dd-b459-001302693d92}\Shell - "" = AutoRun

    O33 - MountPoints2\{de9d6563-fe1f-11dd-b459-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

    O33 - MountPoints2\F\Shell - "" = AutoRun

    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

    O34 - HKLM BootExecute: (autocheck) - File not found

    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

    O34 - HKLM BootExecute: (*) - File not found

    O35 - comfile [open] -- "%1" %* File not found

    O35 - exefile [open] -- soundmix "%1" %* File not found

    ========== Files/Folders - Created Within 30 Days ==========

    File not found -- C:\WINDOWS\System32\dllcache\zipexr.VIR001

    File not found -- C:\WINDOWS\System32\dllcache\zipexr.VIR000

    File not found -- C:\WINDOWS\System32\dllcache\zipexr.VIR

    File not found -- C:\WINDOWS\System32\dllcache\zipexr.dll

    [2009/12/09 10:54:52 | 01,107,500 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Alisson\Desktop\SC2-battlereport-3_ESRB-downloader.exe

    [2004/11/24 15:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

    ========== Files - Modified Within 30 Days ==========

    [10 C:\WINDOWS\System32\*.tmp files]

    [5 C:\WINDOWS\*.tmp files]

    [2009/12/10 06:36:56 | 00,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87816FB5-2280-4307-888B-263096E78918}.job

    [2009/12/09 10:54:52 | 01,107,500 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Alisson\Desktop\SC2-battlereport-3_ESRB-downloader.exe

    [2009/12/07 22:21:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

    [2009/12/07 22:21:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

    [2009/11/17 13:02:22 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

    [2009/11/17 13:01:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2009/11/17 13:01:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    [2009/11/17 13:01:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2009/11/17 13:01:03 | 10,638,33600 | -HS- | M] () -- C:\hiberfil.sys

    [2009/11/17 12:00:00 | 00,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\B1398784918E3818.job

    [2009/11/17 08:47:40 | 01,107,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

    [2009/11/17 08:47:40 | 00,500,948 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

    [2009/11/17 08:47:40 | 00,464,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2009/11/17 08:47:40 | 00,090,904 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

    [2009/11/17 08:47:40 | 00,078,820 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2009/11/16 22:44:09 | 13,506,9778 | ---- | M] () -- C:\Documents and Settings\Alisson\Meus documentos\SN.5x06.GF.rmvb.part

    [2009/11/15 23:53:36 | 00,000,520 | ---- | M] () -- C:\Documents and Settings\Alisson\Meus documentos\spider.sav

    [2009/11/15 21:44:20 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

    [2009/11/15 13:00:31 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\Alisson\Desktop\Windows Live Messenger.lnk

    ========== Files - No Company Name ==========

    [2009/12/07 22:21:40 | 00,000,268 | -H-- | C] () -- C:\sqmdata16.sqm

    [2009/12/07 22:21:39 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm

    [2009/11/16 22:44:09 | 13,506,9778 | ---- | C] () -- C:\Documents and Settings\Alisson\Meus documentos\SN.5x06.GF.rmvb.part

    [2009/11/15 13:00:31 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Alisson\Desktop\Windows Live Messenger.lnk

    [2009/09/27 01:41:05 | 07,431,822 | -H-- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\IconCache.db

    [2009/08/25 10:06:25 | 00,001,226 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\FASTWiz.html

    [2009/08/25 09:59:16 | 00,099,894 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\FASTWiz.log

    [2009/03/12 06:17:57 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2009/02/24 07:10:42 | 00,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\QTSBandwidthCache

    [2009/01/16 23:04:45 | 00,000,503 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2008/12/24 02:31:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

    [2008/12/22 21:05:01 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini

    [2008/12/22 21:05:01 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini

    [2008/12/22 17:41:38 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\fusioncache.dat

    [2008/12/22 17:41:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Alisson\Dados de aplicativos\desktop.ini

    [2008/12/22 17:32:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

    [2008/12/22 17:29:07 | 00,000,068 | ---- | C] () -- C:\WINDOWS\I_DMI.INI

    [2008/12/22 17:06:45 | 00,003,685 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

    [2008/12/22 14:43:43 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

    [2008/12/22 14:34:27 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

    [2008/12/22 14:34:27 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

    [2008/12/22 14:34:27 | 00,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

    [2008/12/22 14:34:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

    [2008/12/22 14:34:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

    [2008/12/22 14:34:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

    [2008/12/22 14:34:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

    [2008/12/22 14:34:26 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

    [2008/12/22 14:34:26 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

    [2008/07/05 07:14:48 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

    [2008/07/05 07:14:44 | 03,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

    [2008/07/05 07:13:16 | 00,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

    [2008/06/22 13:34:00 | 00,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

    [2008/06/13 07:39:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

    [2008/06/12 14:36:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

    [2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

    [2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

    [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

    [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

    [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

    [2007/07/10 12:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

    [2006/05/03 14:44:44 | 00,001,042 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

    [2006/03/02 09:00:00 | 00,000,794 | ---- | C] () -- C:\WINDOWS\win.ini

    [2006/03/02 09:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini

    [2006/01/01 01:24:36 | 00,077,536 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

    [2005/07/05 17:07:32 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

    [2004/10/03 13:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Allan

    Veja:

    Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
    Está faltando o segundo log (vermelho)!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ah foi mal xD

    OTL Extras logfile created on: 15/11/2009 12:41:26 - Run 1

    OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Alisson\Meus documentos\Downloads

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    1014,48 Mb Total Physical Memory | 475,18 Mb Available Physical Memory | 46,84% Memory free

    2,38 Gb Paging File | 1,89 Gb Available in Paging File | 79,27% Paging File free

    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 34,18 Gb Total Space | 1,26 Gb Free Space | 3,70% Space Free | Partition Type: NTFS

    Drive D: | 40,34 Gb Total Space | 3,80 Gb Free Space | 9,42% Space Free | Partition Type: NTFS

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    Drive G: | 11,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: ELIENE

    Current User Name: Alisson

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: All users

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

    .exe [@ = exefile] -- soundmix "%1" %*

    .html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Classes\<extension>]

    .html [@ = FirefoxHTML] -- D:\Meus documentos\Allan\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %* File not found

    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)

    cmdfile [open] -- "%1" %* File not found

    comfile [open] -- "%1" %* File not found

    exefile [open] -- soundmix "%1" %* File not found

    htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

    htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

    htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

    htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

    http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

    https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

    piffile [open] -- "%1" %* File not found

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1" File not found

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

    scrfile [open] -- "%1" /S File not found

    txtfile [edit] -- Reg Error: Key error.

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Directory [mega] -- "D:\Meus documentos\Allan\Programas\Megacubo\" "%1" [2009/08/08 17:22:20 | 00,000,000 | ---D | M]

    Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "FirstRunDisabled" = 1

    "AntiVirusDisableNotify" = 0

    "FirewallDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    "AntiVirusOverride" = 0

    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "EnableFirewall" = 1

    "DoNotAllowExceptions" = 0

    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    "58935:TCP" = 58935:TCP:*:Enabled:Pando Media Booster

    "58935:UDP" = 58935:UDP:*:Enabled:Pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    "C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

    "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

    "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

    "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

    "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

    "C:\Documents and Settings\Alisson\Meus documentos\Allan\Jogos\Grand Chase\main.exe" = C:\Documents and Settings\Alisson\Meus documentos\Allan\Jogos\Grand Chase\main.exe:*:Enabled:GrandChase -- File not found

    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    "C:\Documents and Settings\Alisson\Meus documentos\Allan\Grand Chase\main.exe" = C:\Documents and Settings\Alisson\Meus documentos\Allan\Grand Chase\main.exe:*:Enabled:GrandChase -- File not found

    "C:\Arquivos de programas\Messenger\msmsgs.exe" = C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

    "C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

    "C:\Arquivos de programas\Orbitdownloader\orbitdm.exe" = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

    "C:\Arquivos de programas\Orbitdownloader\orbitnet.exe" = C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

    "C:\Arquivos de programas\Internet Explorer\iexplore.exe" = C:\Arquivos de programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)

    "C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme" = C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound -- File not found

    "C:\UT2004Demo\System\UT2004.exe" = C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004 -- File not found

    "C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Limewire\LimeWire.exe" = C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Limewire\LimeWire.exe:*:Enabled:LimeWire -- File not found

    "C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Megacubo\megacubo.exe" = C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo -- File not found

    "C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

    "C:\Arquivos de programas\EA Games\Command and Conquer Generals\game.dat" = C:\Arquivos de programas\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game -- File not found

    "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" = C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

    "C:\Arquivos de programas\iTunes\iTunes.exe" = C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

    "C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

    "C:\Arquivos de programas\Sony\Media Manager for PSP\MediaManager.exe" = C:\Arquivos de programas\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0 -- (Sony Creative Software Inc.)

    "D:\Meus documentos\Allan\Jogos\Grand Chase\main.exe" = D:\Meus documentos\Allan\Jogos\Grand Chase\main.exe:*:Enabled:GrandChase -- ()

    "D:\Meus documentos\Allan\Jogos\Warcraft III\Warcraft III.exe" = D:\Meus documentos\Allan\Jogos\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)

    "D:\Meus documentos\Allan\Jogos\Warcraft III\War3.exe" = D:\Meus documentos\Allan\Jogos\Warcraft III\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)

    "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" = C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

    "C:\Arquivos de programas\Taikodom\launcher.exe" = C:\Arquivos de programas\Taikodom\launcher.exe:*:Enabled:Taikodom -- ()

    "D:\Meus documentos\Allan\Programas\EA Download Manager\EADM\Core.exe" = D:\Meus documentos\Allan\Programas\EA Download Manager\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found

    "D:\Meus documentos\Allan\Jogos\Taikodom\taikodom-game.exe" = D:\Meus documentos\Allan\Jogos\Taikodom\taikodom-game.exe:*:Enabled:taikodom-game -- File not found

    "D:\Meus documentos\Allan\Programas\Limewire\LimeWire.exe" = D:\Meus documentos\Allan\Programas\Limewire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

    "D:\Meus documentos\Allan\Jogos\LandMass\LandMass\system\Launcher.exe" = D:\Meus documentos\Allan\Jogos\LandMass\LandMass\system\Launcher.exe:*:Enabled:LandMass Launcher -- File not found

    "C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

    "C:\Arquivos de programas\Taikodom\taikodom-game.exe" = C:\Arquivos de programas\Taikodom\taikodom-game.exe:*:Enabled:taikodom-game -- ()

    "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistente para transferência de arquivos e configurações -- (Microsoft Corporation)

    "C:\Arquivos de programas\Microsoft Games\Rise of Nations\rise.exe" = C:\Arquivos de programas\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- File not found

    "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

    "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

    "{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

    "{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

    "{21C6344A-918B-4D35-ADB6-7614F97B78EA}" = Sony Media Manager for PSP 3.0

    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

    "{30079632-F8CB-4A11-8850-FCDA4B859F71}" = CD-ROM Biologia 1

    "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

    "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

    "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13

    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

    "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

    "{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes

    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

    "{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    "{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go

    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

    "{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

    "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

    "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

    "{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

    "{AC76BA86-7AD7-1046-7B44-A81300000003}" = Adobe Reader 8.1.5 - Português

    "{AC76BA86-7AD7-1046-7B44-A81300000003}_814" = KB408682

    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

    "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support

    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

    "{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU

    "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

    "{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation®Network Downloader

    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

    "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

    "{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera

    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5

    "Age of Mythology 1.0" = Age of Mythology

    "Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion

    "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

    "Cabal Online" = Cabal Online

    "CCleaner" = CCleaner (remove only)

    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

    "DVD Shrink_is1" = DVD Shrink 3.2

    "eMule" = eMule

    "ENTERPRISE" = Microsoft Office Enterprise 2007

    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

    "ie7" = Windows Internet Explorer 7

    "ie8" = Windows Internet Explorer 8

    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

    "LimeWire" = LimeWire 5.1.1

    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)

    "Megacubo_is1" = Megacubo 6.0.3

    "Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)

    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)

    "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

    "Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition

    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

    "Orbit_is1" = Orbit Downloader

    "Palavras Cruzadas Rk_is1" = Palavras Cruzadas Rk 1.4.5

    "ProInst" = Software do Intel® PROSet/Wireless

    "RealPlayer 12.0" = RealPlayer

    "RiseOfNations 1.0" = Microsoft Rise Of Nations

    "Silent Mode_is1" = Silent Mode 1.0 (build 0001)

    "SMSERIAL" = Motorola SM56 Data Fax Modem

    "SopCast" = SopCast 3.0.3

    "TIM Web Banda Larga" = TIM Web Banda Larga

    "Windows Media Format Runtime" = Windows Media Format 11 runtime

    "Windows Media Player" = Windows Media Player 11

    "Windows XP Service Pack" = Windows XP Service Pack 3

    "WinLiveSuite_Wave3" = Windows Live Essentials

    "WinRAR archiver" = Arquivo do WinRAR

    "WMFDist11" = Windows Media Format 11 runtime

    "wmp11" = Windows Media Player 11

    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    "XP Codec Pack" = XP Codec Pack

    "Yahoo! Companion" = Barra de Ferramentas do Yahoo! com bloqueador de pop-up

    "Yahoo! Toolbar" = Yahoo! Toolbar

    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Muziic Player & Encoder" = Muziic Player & Encoder

    "Taikodom" = Taikodom

    "uTorrent" = µTorrent

    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]

    Error - 29/4/2009 19:21:07 | Computer Name = NOTE_ALISSON | Source = Windows Live Messenger | ID = 1000

    Description =

    Error - 30/4/2009 13:39:52 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16827, módulo com

    falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 30/4/2009 21:17:30 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha iFrmewrk.exe, versão 10.1.1.19, módulo com falha

    hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 30/4/2009 21:17:30 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha iFrmewrk.exe, versão 10.1.1.19, módulo com falha

    hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 1/5/2009 00:04:32 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha orbitdm.exe, versão 2.8.0.5, módulo com falha

    hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 1/5/2009 00:04:32 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha orbitdm.exe, versão 2.8.0.5, módulo com falha

    hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 1/5/2009 00:04:34 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha orbitdm.exe, versão 2.8.0.5, módulo com falha

    hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 3/5/2009 22:23:23 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha main.exe, versão 0.0.0.0, módulo com falha hungapp,

    versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 3/5/2009 22:31:00 | Computer Name = NOTE_ALISSON | Source = Application Hang | ID = 1002

    Description = Aplicativo com falha main.exe, versão 0.0.0.0, módulo com falha hungapp,

    versão 0.0.0.0, endereço com falha 0x00000000.

    Error - 5/5/2009 12:54:24 | Computer Name = NOTE_ALISSON | Source = Application Error | ID = 1000

    Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16827, módulo com

    falha flash10a.ocx, versão 10.0.12.36, endereço com falha 0x00208c88.

    [ OSession Events ]

    Error - 31/12/2005 23:03:13 | Computer Name = NOTE_ALISSON | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14

    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]

    Error - 21/5/2009 03:14:39 | Computer Name = NOTE_ALISSON | Source = DCOM | ID = 10010

    Description = O servidor {DC0C2640-1415-4644-875C-6F4D769839BA} não se registrou

    com o DCOM dentro do tempo limite requerido.

    Error - 21/5/2009 03:15:14 | Computer Name = NOTE_ALISSON | Source = DCOM | ID = 10010

    Description = O servidor {DC0C2640-1415-4644-875C-6F4D769839BA} não se registrou

    com o DCOM dentro do tempo limite requerido.

    Error - 21/5/2009 03:21:26 | Computer Name = NOTE_ALISSON | Source = DCOM | ID = 10010

    Description = O servidor {DC0C2640-1415-4644-875C-6F4D769839BA} não se registrou

    com o DCOM dentro do tempo limite requerido.

    Error - 21/4/2009 07:15:21 | Computer Name = NOTE_ALISSON | Source = DCOM | ID = 10005

    Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço helpsvc com

    argumentos "" para iniciar o servidor: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

    Error - 21/4/2009 20:35:17 | Computer Name = NOTE_ALISSON | Source = DCOM | ID = 10010

    Description = O servidor {DC0C2640-1415-4644-875C-6F4D769839BA} não se registrou

    com o DCOM dentro do tempo limite requerido.

    Error - 21/4/2009 20:35:48 | Computer Name = NOTE_ALISSON | Source = Service Control Manager | ID = 7034

    Description = O serviço iPod Service foi encerrado inesperadamente. Isso aconteceu

    1 vez(es).

    Error - 21/4/2009 20:35:50 | Computer Name = NOTE_ALISSON | Source = Service Control Manager | ID = 7031

    Description = O serviço Dispositivo Celular da Apple foi finalizado inesperadamente.

    Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos:

    Reiniciar o serviço.

    Error - 21/4/2009 20:37:40 | Computer Name = NOTE_ALISSON | Source = Service Control Manager | ID = 7034

    Description = O serviço Java Quick Starter foi encerrado inesperadamente. Isso

    aconteceu 1 vez(es).

    Error - 21/4/2009 20:37:46 | Computer Name = NOTE_ALISSON | Source = Service Control Manager | ID = 7031

    Description = O serviço Dispositivo Celular da Apple foi finalizado inesperadamente.

    Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos:

    Reiniciar o serviço.

    Error - 21/4/2009 20:37:51 | Computer Name = NOTE_ALISSON | Source = Service Control Manager | ID = 7034

    Description = O serviço Bonjour Service foi encerrado inesperadamente. Isso aconteceu

    1 vez(es).

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Allan

    # Etapa nº 1 #

    Novamente com o OtListIt2

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

    :OTL
    O33 - MountPoints2\{0238978a-3aa7-11de-b5ee-001302693d92}\Shell\AutoRun\command - "" = H:\em8tqm.cmd -- File not found
    O33 - MountPoints2\{0238978a-3aa7-11de-b5ee-001302693d92}\Shell\open\Command - "" = H:\em8tqm.cmd -- File not found
    O33 - MountPoints2\{071b0f88-fea9-11dd-b45c-001302693d92}\Shell - "" = AutoRun
    O33 - MountPoints2\{071b0f88-fea9-11dd-b45c-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{071b0f89-fea9-11dd-b45c-001302693d92}\Shell - "" = AutoRun
    O33 - MountPoints2\{071b0f89-fea9-11dd-b45c-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{0e0ac0d2-f138-11dd-b3ca-001302693d92}\Shell\AutoRun\command - "" = F:\
    O33 - MountPoints2\{0e0ac0d2-f138-11dd-b3ca-001302693d92}\Shell\explore\Command - "" = F:\RECYCLER\autorun.exe -- File not found
    O33 - MountPoints2\{0e0ac0d2-f138-11dd-b3ca-001302693d92}\Shell\open\Command - "" = F:\RECYCLER\autorun.exe -- File not found
    O33 - MountPoints2\{7a20b254-fe12-11dd-b457-001302693d92}\Shell - "" = AutoRun
    O33 - MountPoints2\{7a20b254-fe12-11dd-b457-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{7a20b258-fe12-11dd-b457-001302693d92}\Shell - "" = AutoRun
    O33 - MountPoints2\{7a20b258-fe12-11dd-b457-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{81a85b1a-9176-11de-b81d-001302693d92}\Shell - "" = AutoRun
    O33 - MountPoints2\{81a85b1a-9176-11de-b81d-001302693d92}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{8bf0aa56-5b01-11de-b6a5-001302693d92}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
    O33 - MountPoints2\{8bf0aa56-5b01-11de-b6a5-001302693d92}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
    O33 - MountPoints2\{a467695e-39d6-11de-b5e9-001302693d92}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe -- File not found
    O33 - MountPoints2\{a467695e-39d6-11de-b5e9-001302693d92}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe -- File not found
    O33 - MountPoints2\{de9d6562-fe1f-11dd-b459-001302693d92}\Shell - "" = AutoRun
    O33 - MountPoints2\{de9d6562-fe1f-11dd-b459-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{de9d6563-fe1f-11dd-b459-001302693d92}\Shell - "" = AutoRun
    O33 - MountPoints2\{de9d6563-fe1f-11dd-b459-001302693d92}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O1 - Hosts: 61.129.115.198 www.xldd.com
    O1 - Hosts: 61.129.115.198 www.ojiang.com
    O1 - Hosts: 61.129.115.198 www.shuixian.net
    O1 - Hosts: 61.129.115.198 www.xlarea.com
    O4 - HKLM..\Run: [soundmix] C:\WINDOWS\System32\soundmix.exe File not found

    :Processes

    :Services

    :Reg

    :Files
    C:\WINDOWS\System32\dllcache\zipexr.VIR001
    C:\WINDOWS\System32\dllcache\zipexr.VIR000
    C:\WINDOWS\System32\dllcache\zipexr.VIR
    C:\WINDOWS\System32\dllcache\zipexr.dll

    :Commands
    [emptytemp]
    [purity]
    [resethosts]
    [reboot]

    Clique no botão 3978388571_46074d225b_o.jpg

    • Quando reiniciar vai aparecer uma janela, clique em executar;
    • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
    • Atenção: se fechar o log sem ter salvo antes ele sumirá.
    • Poste todo o conteúdo em sua próxima resposta.

    # Etapa nº 2 #

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

    # Etapa nº 3 #

    Novamente com o OtListIt2

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Agora deixe a tela principal configurada conforme figura abaixo:

    3987896486_c6689501b5_o.jpg

    • Na tela acima, em File Age deixe 14 days;
    • Clique no botão 3978388475_e858baec2d_o.jpg
    • Não interrompa o scan em hipótese alguma;
    • Quando terminar será gerado um log: OTL.txt;
    • Poste os dois em sua próxima resposta.
    • Não exclua o OtListIt2

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • bem, eu fiz a 1 etapa e ele pediu para reiniciar então apertei ok

    quando reiniciou e apareceu a tela e apertei em executar

    aí apareceu a tela do abrir com

    eu cliquei no otl, mas nao abriu esse log...

    vou tentar de novo, mas se eu nao conseguir, devo fazer a 2 e a 3 etapas?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    vou tentar de novo, mas se eu nao conseguir, devo fazer a 2 e a 3 etapas?
    Isso, pode dar continuidade...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • notei que tem um icone a mais no desktop, ele se chama thumbs.db

    e que quando eu iniciava o firefox, apareciam 2 janelas de erro, uma após a outra...

    deve ser um ponto bom...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • AEEWWWW, eu fiz a 2 etapa e já tá abrindo as coisas normalmente!!!!!!

    eu vou fazer a 3 etapa de manha para continuar

    o log do malarebyte:

    Malwarebytes' Anti-Malware 1.41

    Versão do banco de dados: 2982

    Windows 5.1.2600 Service Pack 3

    18/11/2009 22:34:14

    mbam-log-2009-11-18 (22-34-13).txt

    Tipo de Verificação: Rápida

    Objetos verificados: 106390

    Tempo decorrido: 5 minute(s), 7 second(s)

    Processos da Memória infectados: 0

    Módulos de Memória Infectados: 0

    Chaves do Registro infectadas: 2

    Valores do Registro infectados: 0

    Ítens do Registro infectados: 2

    Pastas infectadas: 2

    Arquivos infectados: 4

    Processos da Memória infectados:

    (Nenhum ítem malicioso foi detectado)

    Módulos de Memória Infectados:

    (Nenhum ítem malicioso foi detectado)

    Chaves do Registro infectadas:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-81c01c608512} (Generic.Bot.H) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.

    Valores do Registro infectados:

    (Nenhum ítem malicioso foi detectado)

    Ítens do Registro infectados:

    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (soundmix "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Pastas infectadas:

    C:\Documents and Settings\All Users\Dados de aplicativos\live 64 math does (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

    Arquivos infectados:

    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\CMDOW.EXE (Malware.Tool) -> Quarantined and deleted successfully.

    C:\Documents and Settings\All Users\Dados de aplicativos\live 64 math does\bits mail.dat (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Allan

    Thumb.db pode deletar...

    Veja se o log do MalwareBytes está completo, pois acho que está faltando partes...

    Aguardo os logs OTL.txt e do MalwareBytes caso incompleto.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O log do Malwarebytes está completo sim...

    vou executar o OTL agora quando completar eu posto.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • e aí vai o log:

    OTL logfile created on: 19/10/2009 13:08:24 - Run 3

    OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Alisson\Meus documentos

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    1014,48 Mb Total Physical Memory | 347,52 Mb Available Physical Memory | 34,26% Memory free

    2,38 Gb Paging File | 1,82 Gb Available in Paging File | 76,16% Paging File free

    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 34,18 Gb Total Space | 3,56 Gb Free Space | 10,42% Space Free | Partition Type: NTFS

    Drive D: | 40,34 Gb Total Space | 3,71 Gb Free Space | 9,20% Space Free | Partition Type: NTFS

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    Drive G: | 11,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: ELIENE

    Current User Name: Alisson

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: All users

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2009/11/15 12:39:25 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alisson\Meus documentos\OTL.exe

    PRC - [2009/09/26 19:55:34 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    PRC - [2009/09/10 12:30:25 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Meus documentos\Allan\Programas\Mozilla Firefox\firefox.exe

    PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    PRC - [2009/07/03 19:01:35 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe

    PRC - [2009/06/10 09:27:15 | 01,555,968 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\NET Monitoring\lssas.exe

    PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    PRC - [2009/02/20 15:07:14 | 01,715,400 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

    PRC - [2009/02/18 20:19:38 | 00,110,592 | ---- | M] () -- C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

    PRC - [2009/02/09 10:49:48 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

    PRC - [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\QuickTime\QTTask.exe

    PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    PRC - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

    PRC - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

    PRC - [2008/09/11 12:02:10 | 00,421,888 | ---- | M] () -- C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe

    PRC - [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

    PRC - [2008/04/13 23:21:10 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Messenger\msmsgs.exe

    PRC - [2008/04/13 23:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

    PRC - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

    PRC - [2006/11/02 23:31:06 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmplayer.exe

    PRC - [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    PRC - [2006/04/20 09:50:04 | 00,151,552 | ---- | M] () -- C:\Arquivos de programas\Silent Mode\SilentMode.exe

    PRC - [2006/04/14 10:56:12 | 00,569,413 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe

    PRC - [2006/04/14 10:52:18 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe

    PRC - [2006/04/14 10:51:52 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe

    PRC - [2006/04/14 10:49:28 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe

    PRC - [2006/04/14 10:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

    PRC - [2006/04/14 10:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

    PRC - [2006/04/14 10:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

    PRC - [2006/02/07 11:40:02 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe

    PRC - [2006/02/07 11:39:20 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe

    PRC - [2006/02/07 11:36:06 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe

    PRC - [2005/09/16 01:01:00 | 00,557,056 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe

    PRC - [2003/12/03 19:22:00 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\Apoint2K\Apoint.exe

    PRC - [2003/10/22 15:51:00 | 00,036,864 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\Apoint2K\Apntex.exe

    ========== Win32 Services (SafeList) ==========

    SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

    SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])

    SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

    SRV - [2009/02/12 18:55:00 | 02,777,850 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])

    SRV - [2008/12/22 22:09:12 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

    SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

    SRV - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])

    SRV - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

    SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

    SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

    SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

    SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

    SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

    SRV - [2008/04/13 23:20:37 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])

    SRV - [2008/04/13 23:20:37 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])

    SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [Disabled | Stopped])

    SRV - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

    SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [Disabled | Stopped])

    SRV - [2006/10/26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])

    SRV - [2006/04/14 10:44:58 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

    SRV - [2006/04/14 10:43:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])

    SRV - [2006/04/14 10:42:26 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])

    SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

    ========== Driver Services (SafeList) ==========

    DRV - [2009/05/31 15:29:59 | 00,075,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

    DRV - [2009/05/31 15:26:20 | 00,052,056 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])

    DRV - [2009/05/31 15:26:01 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])

    DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

    DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

    DRV - [2009/01/26 22:35:40 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

    DRV - [2008/12/22 17:30:14 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

    DRV - [2008/04/13 15:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])

    DRV - [2008/04/13 15:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys -- (NWRDR [On_Demand | Running])

    DRV - [2008/04/13 13:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

    DRV - [2008/04/13 13:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

    DRV - [2008/03/17 11:03:46 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])

    DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

    DRV - [2006/04/14 12:04:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])

    DRV - [2006/04/04 03:17:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])

    DRV - [2006/03/02 09:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])

    DRV - [2006/03/02 09:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])

    DRV - [2006/03/02 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

    DRV - [2006/02/07 12:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])

    DRV - [2005/12/09 08:48:00 | 04,123,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

    DRV - [2005/09/16 01:09:00 | 00,846,792 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])

    DRV - [2005/09/09 17:56:12 | 00,006,144 | ---- | M] (http://www.internals.com) -- C:\WINDOWS\System32\WinIo.sys -- (WINIO [system | Running])

    DRV - [2005/07/13 18:58:00 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])

    DRV - [2005/07/11 19:00:00 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])

    DRV - [2005/01/13 09:22:00 | 00,005,504 | ---- | M] (EnE Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\EKBfltr.sys -- (EKBfltr [On_Demand | Running])

    DRV - [2004/10/10 12:24:00 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])

    DRV - [2003/10/23 04:27:00 | 00,095,970 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])

    DRV - [2002/10/01 13:43:32 | 00,119,798 | ---- | M] (SP) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    IE - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\S-1-5-21-4188901036-2405506098-2406177752-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1

    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5

    FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1

    FF - prefs.js..extensions.enabledItems: {04426594-bce6-4705-b811-bcdba2fd9c7b}:0.92

    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17

    FF - prefs.js..extensions.enabledItems: {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6

    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019

    FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02

    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3

    FF - prefs.js..extensions.enabledItems: refractor@developer.mozilla.org:1.0b2

    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

    FF - prefs.js..extensions.enabledItems: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.6

    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918

    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3

    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 16:37:38 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/09/26 19:56:28 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/06/06 17:14:38 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Mozilla Firefox\components

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Documents and Settings\Alisson\Meus documentos\Allan\Programas\Mozilla Firefox\plugins

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Meus documentos\Allan\Programas\Mozilla Firefox\components [2009/10/01 22:48:09 | 00,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Meus documentos\Allan\Programas\Mozilla Firefox\plugins [2009/11/18 22:38:52 | 00,000,000 | ---D | M]

    [2009/05/17 20:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions

    [2006/01/01 02:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

    [2009/03/06 19:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions\mozswing@mozswing.org

    [2009/05/17 20:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Extensions\prism@developer.mozilla.org

    [2009/10/19 13:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions

    [2009/05/01 02:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}

    [2009/05/21 21:12:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}(2)

    [2009/11/15 20:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

    [2009/09/11 16:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    [2009/09/13 00:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}

    [2009/11/15 20:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}

    [2009/10/02 23:58:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}

    [2009/09/23 16:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

    [2009/05/01 02:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

    [2006/01/01 00:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

    [2009/05/21 21:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}(2)

    [2009/05/21 21:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\anycolor.pavlos256@gmail(2).com

    [2009/05/21 21:12:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\chromifox@altmusictv(2).com

    [2009/07/18 22:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\chromifox@altmusictv.com

    [2009/05/21 21:12:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\doubleclickreloadtabs@mavrev(2)

    [2009/06/02 17:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\moveplayer@movenetworks.com

    [2009/10/02 23:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\personas@christopher.beard

    [2009/07/20 02:32:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\piclens@cooliris.com

    [2009/07/18 20:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\refractor@developer.mozilla.org

    [2009/11/15 21:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\SkipScreen@SkipScreen

    [2009/03/17 21:48:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\splash@aldreneo.com

    [2009/02/25 23:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\tabpopup@adarsh.tp

    [2009/07/18 20:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alisson\Dados de aplicativos\mozilla\Firefox\Profiles\b73jdksx.default\extensions\refractor@developer.mozilla.org\prism\extensions

    O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (Google Inc.)

    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo! com bloqueador de pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    O3 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (Google Inc.)

    O3 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O3 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\..\Toolbar\WebBrowser: (Barra de Ferramentas do Yahoo! com bloqueador de pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

    O4 - HKLM..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

    O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

    O4 - HKLM..\Run: [EOUApp] C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

    O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

    O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

    O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

    O4 - HKLM..\Run: [intelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

    O4 - HKLM..\Run: [intelZeroConfig] C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

    O4 - HKLM..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Dados de aplicativos\live 64 math does\bits mail.exe File not found

    O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

    O4 - HKLM..\Run: [NET Monitoring] C:\Arquivos de programas\NET Monitoring\lssas.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [QuickTime Task] C:\Arquivos de programas\QuickTime\QTTask.exe (Apple Inc.)

    O4 - HKLM..\Run: [silent Mode] C:\Arquivos de programas\Silent Mode\SilentMode.exe ()

    O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

    O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

    O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [bind hide] C:\DOCUME~1\Alisson\DADOSD~1\HOLDLO~1\Dupe bias meal.exe File not found

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (BitTorrent, Inc.)

    O4 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-4188901036-2405506098-2406177752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

    O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} http://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.165.132.155 192.168.0.1

    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp - No CLSID value found

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp - No CLSID value found

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

    O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

    O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

    O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

    O31 - SafeBoot: AlternateShell - cmd.exe

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2008/12/22 16:57:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2008/04/23 18:44:40 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]

    O32 - AutoRun File - [2008/07/24 18:35:24 | 00,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]

    O34 - HKLM BootExecute: (autocheck) - File not found

    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

    O34 - HKLM BootExecute: (*) - File not found

    O35 - comfile [open] -- "%1" %* File not found

    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/11/18 22:25:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

    [2009/09/26 19:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Real

    [2009/09/23 20:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alisson\Dados de aplicativos\holdloveheart

    [2009/11/18 22:25:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alisson\Dados de aplicativos\Malwarebytes

    [2009/09/26 19:55:55 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\xing shared

    [2009/09/23 20:02:22 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Crcle Developement

    [2009/09/23 20:02:55 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\holdloveheart

    [2009/11/18 22:25:19 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

    [2009/12/09 10:54:52 | 01,107,500 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Alisson\Desktop\SC2-battlereport-3_ESRB-downloader.exe

    [2009/11/18 22:44:50 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

    [2009/11/18 22:44:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

    [2009/11/18 22:44:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

    [2009/11/18 22:25:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

    [2009/11/18 22:25:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    [2009/11/18 22:00:35 | 00,000,000 | ---D | C] -- C:\_OTL

    [2009/11/15 12:39:02 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alisson\Meus documentos\OTL.exe

    [2009/10/03 18:29:48 | 81,344,592 | ---- | C] (Sony Creative Software Inc.) -- C:\mediago_setup.exe

    [2009/09/26 22:21:29 | 00,000,000 | ---D | C] -- C:\My Music

    [2009/09/26 19:56:17 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

    [2009/09/26 19:55:58 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

    [2009/09/26 19:55:58 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

    [2009/09/19 15:09:07 | 00,000,000 | ---D | C] -- C:\.jagex_cache_32

    [2004/11/24 15:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2009/12/10 06:36:56 | 00,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87816FB5-2280-4307-888B-263096E78918}.job

    [2009/12/09 10:54:52 | 01,107,500 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Alisson\Desktop\SC2-battlereport-3_ESRB-downloader.exe

    [2009/12/07 22:21:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

    [2009/12/07 22:21:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

    [2009/11/18 22:25:24 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2009/11/18 22:18:17 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

    [2009/11/18 18:43:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

    [2009/11/17 13:22:29 | 04,096,054 | ---- | M] () -- C:\WINDOWS\System32\Nova Imagem (1).bmp

    [2009/11/17 08:47:40 | 01,107,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

    [2009/11/17 08:47:40 | 00,500,948 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

    [2009/11/17 08:47:40 | 00,464,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2009/11/17 08:47:40 | 00,090,904 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

    [2009/11/17 08:47:40 | 00,078,820 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2009/11/16 22:44:09 | 13,506,9778 | ---- | M] () -- C:\Documents and Settings\Alisson\Meus documentos\SN.5x06.GF.rmvb.part

    [2009/11/15 13:00:31 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\Alisson\Desktop\Windows Live Messenger.lnk

    [2009/11/15 12:39:25 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alisson\Meus documentos\OTL.exe

    [2009/10/19 13:17:29 | 00,000,794 | ---- | M] () -- C:\WINDOWS\win.ini

    [2009/10/19 13:00:00 | 00,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\B1398784918E3818.job

    [2009/10/19 12:10:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini

    [2009/10/19 12:10:00 | 00,000,211 | RHS- | M] () -- C:\boot.ini

    [2009/10/19 12:09:50 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2009/10/19 12:09:42 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

    [2009/10/19 12:09:33 | 00,001,974 | ---- | M] () -- C:\WINDOWS\System32\configNET.dat

    [2009/10/19 12:09:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    [2009/10/19 12:09:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2009/10/19 12:09:16 | 10,638,33600 | -HS- | M] () -- C:\hiberfil.sys

    [2009/10/18 23:51:23 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Alisson\Meus documentos\spider.sav

    [2009/10/03 20:04:03 | 81,344,592 | ---- | M] (Sony Creative Software Inc.) -- C:\mediago_setup.exe

    [2009/10/02 20:57:14 | 07,431,822 | -H-- | M] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\IconCache.db

    [2009/10/02 18:42:59 | 00,361,369 | ---- | M] () -- C:\dds(2).scr

    [2009/10/02 15:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

    [2009/09/26 19:56:28 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk

    [2009/09/26 19:56:17 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

    [2009/09/26 19:55:58 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

    [2009/09/26 19:55:58 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

    [2009/09/26 19:55:36 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll

    [2009/09/26 19:55:36 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll

    [2009/09/26 19:55:36 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

    [2009/09/19 23:10:13 | 00,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk

    ========== Files - No Company Name ==========

    [2009/12/07 22:21:40 | 00,000,268 | -H-- | C] () -- C:\sqmdata16.sqm

    [2009/12/07 22:21:39 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm

    [2009/11/18 22:25:24 | 00,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2009/11/17 13:22:29 | 04,096,054 | ---- | C] () -- C:\WINDOWS\System32\Nova Imagem (1).bmp

    [2009/11/16 22:44:09 | 13,506,9778 | ---- | C] () -- C:\Documents and Settings\Alisson\Meus documentos\SN.5x06.GF.rmvb.part

    [2009/11/15 13:00:31 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Alisson\Desktop\Windows Live Messenger.lnk

    [2009/10/02 18:42:43 | 00,361,369 | ---- | C] () -- C:\dds(2).scr

    [2009/09/27 01:41:05 | 07,431,822 | -H-- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\IconCache.db

    [2009/09/26 19:56:28 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk

    [2009/09/23 20:04:11 | 00,000,268 | -H-- | C] () -- C:\WINDOWS\tasks\B1398784918E3818.job

    [2009/09/19 23:10:13 | 00,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk

    [2009/08/25 10:06:25 | 00,001,226 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\FASTWiz.html

    [2009/08/25 09:59:16 | 00,099,894 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\FASTWiz.log

    [2009/03/12 06:17:57 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2009/02/24 07:10:42 | 00,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\QTSBandwidthCache

    [2009/01/16 23:04:45 | 00,000,503 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2008/12/24 02:31:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

    [2008/12/22 21:05:01 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini

    [2008/12/22 21:05:01 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini

    [2008/12/22 17:41:38 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\fusioncache.dat

    [2008/12/22 17:41:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Alisson\Dados de aplicativos\desktop.ini

    [2008/12/22 17:32:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

    [2008/12/22 17:29:07 | 00,000,068 | ---- | C] () -- C:\WINDOWS\I_DMI.INI

    [2008/12/22 17:06:45 | 00,003,685 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

    [2008/12/22 14:43:43 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

    [2008/12/22 14:34:27 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

    [2008/12/22 14:34:27 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

    [2008/12/22 14:34:27 | 00,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

    [2008/12/22 14:34:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

    [2008/12/22 14:34:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

    [2008/12/22 14:34:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

    [2008/12/22 14:34:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

    [2008/12/22 14:34:26 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

    [2008/12/22 14:34:26 | 00,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

    [2008/07/05 07:14:48 | 00,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

    [2008/07/05 07:14:44 | 03,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

    [2008/07/05 07:13:16 | 00,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

    [2008/06/22 13:34:00 | 00,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

    [2008/06/13 07:39:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

    [2008/06/12 14:36:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

    [2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

    [2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

    [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

    [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

    [2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

    [2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

    [2007/07/10 12:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

    [2006/05/03 14:44:44 | 00,001,042 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

    [2006/03/02 09:00:00 | 00,000,794 | ---- | C] () -- C:\WINDOWS\win.ini

    [2006/03/02 09:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini

    [2006/01/01 01:24:36 | 00,077,536 | ---- | C] () -- C:\Documents and Settings\Alisson\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

    [2005/07/05 17:07:32 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

    [2004/10/03 13:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Allan

    Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
    • Seja paciente, o scan pode demorar
    • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
    • Após completar tudo, clique no botão Reports... e clique em Save to file.
    • Dê um nome para o arquivo e salve numa pasta de sua preferência.
    • Feche o resultado clicando no X da janela.
    • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×