Malwarebytes' Anti-Malware 1.34 Versão do banco de dados: 1828 Windows 5.1.2600 Service Pack 2 5/9/2009 00:19:59 mbam-log-2009-09-05 (00-19-59).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 209990 Tempo decorrido: 1 hour(s), 24 minute(s), 56 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 1 Chaves do Registro infectadas: 0 Valores do Registro infectados: 2 Ítens do Registro infectados: 1 Pastas infectadas: 1 Arquivos infectados: 5 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot. Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Pastas infectadas: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Arquivos infectados: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Mario\Configurações locais\Temp\herss.exe (Spyware.OnlineGames) -> Delete on reboot. ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/05 01:23 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: Image Path: Address: 0xBA5E3000 Size: 98304 File Visible: No Signed: - Status: - Name: Image Path: Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: aaf3w9mv.SYS Image Path: C:\WINDOWS\System32\Drivers\aaf3w9mv.SYS Address: 0xB9463000 Size: 417792 File Visible: No Signed: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xBA651000 Size: 188416 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2146304 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xB65B0000 Size: 138496 File Visible: - Signed: - Status: - Name: AmdK8.sys Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys Address: 0xBAA48000 Size: 65536 File Visible: - Signed: - Status: - Name: AnyDVD.sys Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys Address: 0xB9CFB000 Size: 96640 File Visible: - Signed: - Status: - Name: ASACPI.sys Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys Address: 0xBADDA000 Size: 5152 File Visible: - Signed: - Status: - Name: ATMFD.DLL Image Path: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: - Status: - Name: audstub.sys Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBAEBE000 Size: 3072 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xBADF4000 Size: 4224 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xBACB8000 Size: 12288 File Visible: - Signed: - Status: - Name: BthEnum.sys Image Path: C:\WINDOWS\system32\DRIVERS\BthEnum.sys Address: 0xBABF8000 Size: 17024 File Visible: - Signed: - Status: - Name: bthmodem.sys Image Path: C:\WINDOWS\system32\DRIVERS\bthmodem.sys Address: 0xBA998000 Size: 38016 File Visible: - Signed: - Status: - Name: bthpan.sys Image Path: C:\WINDOWS\system32\DRIVERS\bthpan.sys Address: 0xB63A0000 Size: 100992 File Visible: - Signed: - Status: - Name: bthport.sys Image Path: C:\WINDOWS\System32\Drivers\bthport.sys Address: 0xB63B9000 Size: 278528 File Visible: - Signed: - Status: - Name: BTHUSB.sys Image Path: C:\WINDOWS\System32\Drivers\BTHUSB.sys Address: 0xBABE8000 Size: 18944 File Visible: - Signed: - Status: - Name: Cdfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xBA9C8000 Size: 63744 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xBAA78000 Size: 49536 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xBA8F8000 Size: 53248 File Visible: - Signed: - Status: - Name: d347bus.sys Image Path: d347bus.sys Address: 0xBA67F000 Size: 155136 File Visible: - Signed: - Status: - Name: d347prt.sys Image Path: d347prt.sys Address: 0xBADAE000 Size: 5248 File Visible: - Signed: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xBA8E8000 Size: 36352 File Visible: - Signed: - Status: - Name: dmio.sys Image Path: dmio.sys Address: 0xBA5FB000 Size: 153984 File Visible: - Signed: - Status: - Name: dmload.sys Image Path: dmload.sys Address: 0xBADAC000 Size: 5888 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xB9E10000 Size: 61440 File Visible: - Signed: - Status: - Name: dump_nvata.sys Image Path: C:\WINDOWS\System32\Drivers\dump_nvata.sys Address: 0xB634D000 Size: 106496 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBAE04000 Size: 8192 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xB64C8000 Size: 12288 File Visible: - Signed: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF9C1000 Size: 73728 File Visible: - Signed: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xBAFA1000 Size: 4096 File Visible: - Signed: - Status: - Name: ElbyCDIO.sys Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys Address: 0xBAC10000 Size: 16896 File Visible: - Signed: - Status: - Name: fdc.sys Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys Address: 0xBAC68000 Size: 27392 File Visible: - Signed: - Status: - Name: Fips.SYS Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xB9D90000 Size: 35072 File Visible: - Signed: - Status: - Name: flpydisk.sys Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys Address: 0xBABB8000 Size: 20480 File Visible: - Signed: - Status: - Name: fltMgr.sys Image Path: fltMgr.sys Address: 0xBA5AA000 Size: 124800 File Visible: - Signed: - Status: - Name: fnjogj.sys Image Path: fnjogj.sys Address: 0xBA8A8000 Size: 61440 File Visible: No Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xBADF2000 Size: 7936 File Visible: - Signed: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xBA621000 Size: 125824 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806E3000 Size: 134400 File Visible: - Signed: - Status: - Name: hamachi.sys Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys Address: 0xBABA8000 Size: 18560 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xB9D13000 Size: 151552 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xB56A2000 Size: 263040 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xBAA58000 Size: 53760 File Visible: - Signed: - Status: - Name: imapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xBAA68000 Size: 41856 File Visible: - Signed: - Status: - Name: ipfltdrv.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys Address: 0xB5903000 Size: 32896 File Visible: - Signed: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xB65FA000 Size: 134912 File Visible: - Signed: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xB6673000 Size: 74752 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xBA8B8000 Size: 36224 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBAC70000 Size: 25088 File Visible: - Signed: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xBADA8000 Size: 8192 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xB9CD8000 Size: 143360 File Visible: - Signed: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xBA581000 Size: 92032 File Visible: - Signed: - Status: - Name: mnejks.sys Image Path: C:\WINDOWS\system32\drivers\mnejks.sys Address: 0xBAE3C000 Size: 4640 File Visible: - Signed: - Status: - Name: mnmdd.SYS Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xBADF6000 Size: 4224 File Visible: - Signed: - Status: - Name: Modem.SYS Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS Address: 0xBAC00000 Size: 30336 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBAC78000 Size: 23552 File Visible: - Signed: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xBA8C8000 Size: 42240 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xB5ACE000 Size: 181248 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xB63FD000 Size: 451456 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xBABD0000 Size: 19072 File Visible: - Signed: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xBAB08000 Size: 35072 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xBAD88000 Size: 15488 File Visible: - Signed: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xBA499000 Size: 107904 File Visible: - Signed: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xBA4B4000 Size: 182912 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xB9E81000 Size: 9600 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xB6039000 Size: 12928 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB944C000 Size: 91776 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xBA958000 Size: 38016 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xB9DD0000 Size: 34560 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xB65D2000 Size: 162816 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xBABD8000 Size: 30848 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xBA4E1000 Size: 574592 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2146304 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xBAECD000 Size: 2944 File Visible: - Signed: - Status: - Name: nv4_disp.dll Image Path: C:\WINDOWS\System32\nv4_disp.dll Address: 0xBF9D3000 Size: 5775360 File Visible: - Signed: - Status: - Name: nv4_mini.sys Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Address: 0xB94DD000 Size: 7435648 File Visible: - Signed: - Status: - Name: nvata.sys Image Path: nvata.sys Address: 0xBA5C9000 Size: 105472 File Visible: - Signed: - Status: - Name: NVENETFD.sys Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys Address: 0xBA988000 Size: 46080 File Visible: - Signed: - Status: - Name: nvnetbus.sys Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys Address: 0xBAA98000 Size: 40960 File Visible: - Signed: - Status: - Name: NVNRM.SYS Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS Address: 0xB9BF5000 Size: 929792 File Visible: - Signed: - Status: - Name: oreans32.sys Image Path: C:\WINDOWS\system32\drivers\oreans32.sys Address: 0xB9DA0000 Size: 33824 File Visible: - Signed: - Status: - Name: parport.sys Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xB9D6C000 Size: 80384 File Visible: - Signed: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xBAB30000 Size: 18688 File Visible: - Signed: - Status: - Name: ParVdm.SYS Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0xBADC4000 Size: 7040 File Visible: - Signed: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xBA640000 Size: 68992 File Visible: - Signed: - Status: - Name: PCI_NTPNP7242 Image Path: \Driver\PCI_NTPNP7242 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xBAE70000 Size: 3456 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xBAB28000 Size: 28672 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2146304 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xB6700000 Size: 139264 File Visible: - Signed: - Status: - Name: psched.sys Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB943B000 Size: 69120 File Visible: - Signed: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBABE0000 Size: 17792 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xBA908000 Size: 37376 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xBA419000 Size: 8832 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xBAAD8000 Size: 51328 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xBAAE8000 Size: 41472 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xBAAF8000 Size: 48384 File Visible: - Signed: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBABA0000 Size: 16512 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2146304 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xB646C000 Size: 176512 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xBADF8000 Size: 4224 File Visible: - Signed: - Status: - Name: rdpdr.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xB940A000 Size: 196864 File Visible: - Signed: - Status: - Name: redbook.sys Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xBAA88000 Size: 57984 File Visible: - Signed: - Status: - Name: RegKill.sys Image Path: C:\WINDOWS\System32\Drivers\RegKill.sys Address: 0xBADDC000 Size: 4608 File Visible: - Signed: - Status: - Name: rfcomm.sys Image Path: C:\WINDOWS\system32\DRIVERS\rfcomm.sys Address: 0xB9D80000 Size: 59648 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB5A36000 Size: 49152 File Visible: No Signed: - Status: - Name: RtkHDAud.sys Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys Address: 0xB6722000 Size: 4599808 File Visible: - Signed: - Status: - Name: SCDEmu.SYS Image Path: C:\WINDOWS\System32\Drivers\SCDEmu.SYS Address: 0xB9DB0000 Size: 52928 File Visible: - Signed: - Status: - Name: SCSIPORT.SYS Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS Address: 0xBA6A5000 Size: 98304 File Visible: - Signed: - Status: - Name: serenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xBA42D000 Size: 15488 File Visible: - Signed: - Status: - Name: serial.sys Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xB9D5B000 Size: 65920 File Visible: - Signed: - Status: - Name: sptd.sys Image Path: sptd.sys Address: 0xBA6BD000 Size: 958464 File Visible: - Signed: - Status: - Name: sr.sys Image Path: sr.sys Address: 0xBA598000 Size: 73472 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xB593B000 Size: 336256 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xBADEA000 Size: 4352 File Visible: - Signed: - Status: - Name: sysaudio.sys Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xB6558000 Size: 60800 File Visible: - Signed: - Status: - Name: tapvpn.sys Image Path: C:\WINDOWS\system32\DRIVERS\tapvpn.sys Address: 0xBAB18000 Size: 45056 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xB661B000 Size: 359040 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBAB98000 Size: 20480 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xBA948000 Size: 40704 File Visible: - Signed: - Status: - Name: Udfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS Address: 0xB6367000 Size: 66176 File Visible: - Signed: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB927D000 Size: 209408 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xBADEC000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBAC88000 Size: 26624 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBA968000 Size: 57600 File Visible: - Signed: - Status: - Name: usbohci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys Address: 0xBAC80000 Size: 17024 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB9D38000 Size: 143360 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xBABC8000 Size: 20992 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB94C9000 Size: 81920 File Visible: - Signed: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xBA8D8000 Size: 53248 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xB9DE0000 Size: 34560 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xBAC28000 Size: 20480 File Visible: - Signed: - Status: - Name: wdmaud.sys Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xB5D28000 Size: 82944 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1839104 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1839104 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS Address: 0xBADAA000 Size: 8192 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2146304 File Visible: - Signed: - Status: - Name: WudfPf.sys Image Path: WudfPf.sys Address: 0xBA56E000 Size: 76544 File Visible: - Signed: - Status: - OTL logfile created on: 5/9/2009 01:25:42 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Mario\Meus documentos\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,00% Memory free 3,85 Gb Paging File | 3,62 Gb Available in Paging File | 94,22% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 232,88 Gb Total Space | 61,51 Gb Free Space | 26,41% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FAMILIA-DF68F20 Current User Name: Mario Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2004/08/04 00:45:34 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2004/08/22 17:05:02 | 00,110,592 | ---- | M] (DAEMON'S HOME) -- C:\Arquivos de programas\D-Tools\daemon.exe PRC - [2007/07/05 05:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2004/08/04 00:56:54 | 01,696,256 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Messenger\msmsgs.exe PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe PRC - [2007/05/15 09:53:12 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2009/04/22 18:34:26 | 00,088,624 | ---- | M] () -- C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe PRC - [2009/04/21 22:12:42 | 00,328,752 | ---- | M] (AnchorFree Inc.) -- C:\Arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2007/05/21 10:50:56 | 00,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2007/12/07 02:51:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007/05/15 09:53:12 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2007/05/28 13:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007/05/21 10:51:10 | 00,163,840 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2009/09/05 01:22:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mario\Meus documentos\Downloads\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1996/01/27 22:46:55 | 00,683,520 | ---- | M] (Macrovision Europe Ltd.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2007/05/15 09:53:12 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running]) SRV - [2009/06/06 12:55:22 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe -- (gupdate1c9e6bf34882750 [Auto | Stopped]) SRV - [2004/08/04 00:45:26 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009/04/22 18:34:26 | 00,088,624 | ---- | M] () -- C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running]) SRV - [2009/04/21 22:12:42 | 00,328,752 | ---- | M] (AnchorFree Inc.) -- C:\Arquivos de programas\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv [Auto | Running]) SRV - [2009/04/22 18:34:32 | 00,059,904 | ---- | M] () -- C:\Arquivos de programas\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService [On_Demand | Stopped]) SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2007/05/21 10:51:10 | 00,163,840 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running]) SRV - [2007/05/21 10:50:56 | 00,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running]) SRV - [2007/12/07 02:51:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2009/03/17 10:30:03 | 00,108,544 | RHS- | M] () -- C:\WINDOWS\System32\oadxzlij.dll -- (Remotesvc [Auto | Stopped]) SRV - [2009/06/02 10:10:08 | 00,666,624 | ---- | M] (Nokia.) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2007/05/28 13:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2 FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.7.8 FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/18 17:20:45 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/09/04 12:29:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/09/04 12:29:54 | 00,000,000 | ---D | M] [2008/08/07 00:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\mozilla\Extensions [2008/08/07 00:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/09/04 12:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\mozilla\Firefox\Profiles\m7koq0xc.default\extensions [2009/04/29 23:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\mozilla\Firefox\Profiles\m7koq0xc.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2009/09/04 12:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\mozilla\Firefox\Profiles\m7koq0xc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/02/27 20:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\mozilla\Firefox\Profiles\m7koq0xc.default\extensions\FasterFox_Lite@BigRedBrent [2008/08/07 01:39:04 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Mario\Dados de aplicativos\Mozilla\FireFox\Profiles\m7koq0xc.default\searchplugins\winamp-search.xml [2009/09/04 12:17:36 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions [2009/09/04 12:29:54 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/08/09 03:17:45 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/09/04 12:29:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll [2009/09/04 12:29:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll [2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009/09/04 12:29:47 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll [2008/07/30 00:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nppl3260.dll [2008/08/25 19:16:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npqtplugin.dll [2008/08/25 19:16:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npqtplugin2.dll [2008/08/25 19:16:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npqtplugin3.dll [2008/08/25 19:16:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npqtplugin4.dll [2008/08/25 19:16:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npqtplugin5.dll [2008/08/25 19:16:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npqtplugin6.dll [2008/08/25 19:16:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npqtplugin7.dll [2008/07/30 00:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\nprpjplug.dll [2009/09/04 12:29:49 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml [2009/09/04 12:29:49 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml [2009/09/04 12:29:49 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml [2009/01/08 11:22:08 | 00,004,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\orbitsearch.xml [2009/09/04 12:29:49 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml [2009/09/04 12:29:49 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Arquivos de programas\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation) O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Arquivos de programas\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Arquivos de programas\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe File not found O4 - Startup: C:\Documents and Settings\Mario\Menu Iniciar\Programas\Inicializar\ERUNT AutoBackup.lnk = C:\Arquivos de programas\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Arquivos de programas\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Arquivos de programas\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\System32\e8main0.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/06 23:15:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/09/05 00:19:37 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2005/11/21 14:26:21 | 00,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{00503eaf-67ea-11dd-89cc-001fc670d536}\Shell\AutoRun\command - "" = J:\vva0hc0p.cmd -- File not found O33 - MountPoints2\{00503eaf-67ea-11dd-89cc-001fc670d536}\Shell\explore\Command - "" = J:\vva0hc0p.cmd -- File not found O33 - MountPoints2\{00503eaf-67ea-11dd-89cc-001fc670d536}\Shell\open\Command - "" = J:\vva0hc0p.cmd -- File not found O33 - MountPoints2\{351ccbd8-4238-11de-83e4-001fc670d536}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{351ccbd8-4238-11de-83e4-001fc670d536}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{38ad5e50-77b4-11dd-8a34-001fc670d536}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{38ad5e50-77b4-11dd-8a34-001fc670d536}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{391da48d-ad23-11dd-80c8-001fc670d536}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\avc37.exe -- [2009/03/04 09:03:36 | 00,073,728 | RHS- | M] (Microsoft Corp.) O33 - MountPoints2\{391da48d-ad23-11dd-80c8-001fc670d536}\Shell\explore\command - "" = C:\WINDOWS\System32\avc37.exe -- [2009/03/04 09:03:36 | 00,073,728 | RHS- | M] (Microsoft Corp.) O33 - MountPoints2\{391da48d-ad23-11dd-80c8-001fc670d536}\Shell\find\command - "" = C:\WINDOWS\System32\avc37.exe -- [2009/03/04 09:03:36 | 00,073,728 | RHS- | M] (Microsoft Corp.) O33 - MountPoints2\{391da48d-ad23-11dd-80c8-001fc670d536}\Shell\open\command - "" = C:\WINDOWS\System32\avc37.exe -- [2009/03/04 09:03:36 | 00,073,728 | RHS- | M] (Microsoft Corp.) O33 - MountPoints2\{4b523f5c-642e-11dd-89b1-b1ec72d111d0}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{4b523f5c-642e-11dd-89b1-b1ec72d111d0}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{50acd43a-839b-11dd-bfe4-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{50acd43a-839b-11dd-bfe4-806d6172696f}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006/02/27 11:15:50 | 01,662,976 | R--- | M] (Bethesda Softworks) O33 - MountPoints2\{7af98d30-e4c8-11dd-81f5-001fc670d536}\Shell\AutoRun\command - "" = iqe68o.bat O33 - MountPoints2\{7af98d30-e4c8-11dd-81f5-001fc670d536}\Shell\explore\Command - "" = iqe68o.bat O33 - MountPoints2\{7af98d30-e4c8-11dd-81f5-001fc670d536}\Shell\open\Command - "" = iqe68o.bat O33 - MountPoints2\{83153ebc-cdf3-11dd-8180-001fc670d536}\Shell\AUtoPLay\command - "" = I:\gcfpx.exe -- File not found O33 - MountPoints2\{83153ebc-cdf3-11dd-8180-001fc670d536}\Shell\AutoRun\command - "" = I:\gcfpx.exe -- File not found O33 - MountPoints2\{83153ebc-cdf3-11dd-8180-001fc670d536}\Shell\exPlorE\commanD - "" = I:\gcfpx.exe -- File not found O33 - MountPoints2\{83153ebc-cdf3-11dd-8180-001fc670d536}\Shell\Open\cOmmAND - "" = I:\gcfpx.exe -- File not found O33 - MountPoints2\{bbeb91c5-12fb-11de-82ff-001fc670d536}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{bbeb91c5-12fb-11de-82ff-001fc670d536}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{f25cd7be-66c1-11dd-89c3-001fc670d536}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{f25cd7be-66c1-11dd-89c3-001fc670d536}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{f5ae45d1-6404-11dd-8a09-806d6172696f}\Shell\AutoRun\command - "" = C:\cj3k.exe -- [2009/09/04 20:17:52 | 00,145,825 | RHS- | M] () O33 - MountPoints2\{f5ae45d1-6404-11dd-8a09-806d6172696f}\Shell\open\Command - "" = C:\cj3k.exe -- [2009/09/04 20:17:52 | 00,145,825 | RHS- | M] () O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: Remotesvc - C:\WINDOWS\System32\oadxzlij.dll () NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [3 C:\WINDOWS\*.tmp files] [2026/12/17 12:43:57 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Mario\Dados de aplicativos\inst.exe [2026/12/17 12:43:57 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys [2026/12/17 12:43:57 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mario\Dados de aplicativos\pcouffin.sys [2026/12/17 12:43:57 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Mario\Dados de aplicativos\pcouffin.cat [2026/12/17 12:43:57 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Mario\Dados de aplicativos\pcouffin.inf [2026/12/17 12:43:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Meus documentos\PcSetup [2026/12/17 12:43:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Dados de aplicativos\Vso [2026/12/17 12:35:57 | 07,156,336 | ---- | C] (Fengtao Software Inc. ) -- C:\Documents and Settings\Mario\Meus documentos\DVDFab5030.exe [2009/09/04 23:50:50 | 00,000,055 | RHS- | C] () -- C:\autorun.inf [2009/09/04 20:51:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/09/04 20:50:44 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\Mario\Menu Iniciar\Programas\Inicializar\ERUNT AutoBackup.lnk [2009/09/04 20:50:41 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ERUNT [2009/09/04 20:18:19 | 00,145,825 | RHS- | C] () -- C:\cj3k.exe [2009/09/04 20:11:07 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Mario\Desktop\SysRestorePoint.exe [2009/09/04 20:09:35 | 00,114,404 | RHS- | C] () -- C:\qv9qc9f.exe [2009/09/04 19:45:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Desktop\WAR3 Version Switcher [2009/09/04 19:41:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Desktop\Sandro Desktop [2009/09/04 19:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Desktop\Luan Desktop [2009/09/02 15:06:14 | 00,013,269 | ---- | C] () -- C:\XP_Change_0.xml [2009/09/02 15:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Live Toolbar [2009/09/02 15:06:04 | 00,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job [2009/09/02 15:06:02 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live Toolbar [2009/08/31 07:06:36 | 00,170,023 | RHS- | C] () -- C:\pkkwng.exe [2009/08/30 15:21:31 | 00,092,532 | ---- | C] () -- C:\Documents and Settings\Mario\Desktop\OgAAAAbOLgJlHkc6kkKvyTvjL9Ed9XteJKjVgrerwIKy3fLHu8gZXrCXBt8mesWdqeIS_M7bBSgUykBAoNhOpS6XI9EAm1T1UImmPXr8ElK7kr-z0ee7fOFf9759.jpg [2009/08/28 15:17:21 | 00,172,102 | RHS- | C] () -- C:\t8s2x.exe [2009/08/28 15:08:38 | 00,143,488 | ---- | C] () -- C:\p9dwwa61.exe [2009/08/28 01:05:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Meus documentos\Humbug [2009/08/27 09:20:12 | 00,141,905 | RHS- | C] () -- C:\hx.exe [2009/08/26 19:04:16 | 00,171,866 | RHS- | C] () -- C:\f2.bat [2009/08/23 11:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Desktop\Teste 2 [2009/08/23 10:37:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mario\Desktop\Teste [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [3 C:\WINDOWS\*.tmp files] [2026/12/17 12:43:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys [2026/12/17 12:43:04 | 07,156,336 | ---- | M] (Fengtao Software Inc. ) -- C:\Documents and Settings\Mario\Meus documentos\DVDFab5030.exe [2009/09/05 01:26:30 | 00,005,109 | ---- | M] () -- C:\WINDOWS\System32\drivers\mnejks.sys [2009/09/05 01:16:26 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/09/05 01:06:00 | 00,026,066 | -H-- | M] () -- C:\WINDOWS\System32\wmfptc32.dl_ [2009/09/05 01:06:00 | 00,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job [2009/09/05 00:25:12 | 00,954,838 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/09/05 00:25:12 | 00,425,426 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2009/09/05 00:25:12 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/09/05 00:25:12 | 00,067,450 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2009/09/05 00:25:12 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/09/05 00:20:58 | 00,039,936 | ---- | M] () -- C:\WINDOWS\System32\wmfptc32.dll [2009/09/05 00:20:56 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2009/09/05 00:20:55 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/09/05 00:20:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/05 00:20:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/09/05 00:19:37 | 00,000,055 | RHS- | M] () -- C:\autorun.inf [2009/09/04 20:50:44 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\Mario\Menu Iniciar\Programas\Inicializar\ERUNT AutoBackup.lnk [2009/09/04 20:17:52 | 00,145,825 | RHS- | M] () -- C:\cj3k.exe [2009/09/04 20:11:08 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Mario\Desktop\SysRestorePoint.exe [2009/09/04 20:09:08 | 00,075,220 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009/09/04 20:09:05 | 00,114,404 | RHS- | M] () -- C:\qv9qc9f.exe [2009/09/04 19:45:27 | 00,000,949 | ---- | M] () -- C:\Documents and Settings\Mario\Meus documentos\Minhas Pastas de Compartilhamento.lnk [2009/09/04 17:16:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/09/03 23:03:43 | 00,190,464 | ---- | M] () -- C:\Documents and Settings\Mario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/02 17:30:08 | 00,013,269 | ---- | M] () -- C:\XP_Change_0.xml [2009/08/31 07:06:09 | 00,170,023 | RHS- | M] () -- C:\pkkwng.exe [2009/08/31 06:57:23 | 00,143,488 | ---- | M] () -- C:\p9dwwa61.exe [2009/08/30 17:31:49 | 00,000,469 | ---- | M] () -- C:\Documents and Settings\Mario\Desktop\Clicador GG.ahk [2009/08/30 15:21:31 | 00,092,532 | ---- | M] () -- C:\Documents and Settings\Mario\Desktop\OgAAAAbOLgJlHkc6kkKvyTvjL9Ed9XteJKjVgrerwIKy3fLHu8gZXrCXBt8mesWdqeIS_M7bBSgUykBAoNhOpS6XI9EAm1T1UImmPXr8ElK7kr-z0ee7fOFf9759.jpg [2009/08/28 15:16:55 | 00,172,102 | RHS- | M] () -- C:\t8s2x.exe [2009/08/27 09:19:46 | 00,141,905 | RHS- | M] () -- C:\hx.exe [2009/08/26 19:03:46 | 00,171,866 | RHS- | M] () -- C:\f2.bat [color=#E56717]========== LOP Check ==========[/color] [2009/09/02 15:06:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos [2008/08/18 22:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead [2008/09/17 12:45:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Azureus [2009/08/06 23:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink [2008/12/17 11:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Elaborate Bytes [2009/04/29 23:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [2009/08/18 17:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Installations [2009/03/08 08:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! [2009/02/05 16:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Minnetonka Audio Software [2009/04/22 08:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite [2008/12/05 12:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft [2008/10/08 23:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft [2009/09/02 15:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Live Toolbar [2009/08/18 17:20:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos [2008/10/04 15:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Ahead [2009/06/20 17:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Audacity [2009/06/01 21:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Azureus [2008/11/08 15:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\BrOffice.org [2009/07/20 11:35:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\DVD Flick [2009/02/09 10:11:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\fltk.org [2009/07/09 21:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\GetRightToGo [2008/10/15 01:22:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\GlarySoft [2009/08/31 23:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\gtk-2.0 [2009/02/27 00:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Hamachi [2009/08/27 13:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\LimeWire [2009/06/30 15:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Nokia [2009/08/24 08:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Orbit [2009/06/12 22:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\PC Suite [2009/07/23 21:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\teamspeak2 [2009/07/15 19:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Toribash [2008/10/09 02:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Ubisoft [2009/08/27 13:34:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\uTorrent [2009/02/27 19:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mario\Dados de aplicativos\Vso [2001/09/28 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/09/05 00:20:56 | 00,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2009/09/05 00:20:55 | 00,001,044 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2009/09/05 01:16:26 | 00,001,048 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2009/09/05 00:20:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/09/05 01:06:00 | 00,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2009/09/04 20:17:52 | 00,145,825 | RHS- | M] () -- C:\cj3k.exe [2009/08/27 09:19:46 | 00,141,905 | RHS- | M] () -- C:\hx.exe [2009/08/08 18:56:34 | 00,136,363 | RHS- | M] () -- C:\ktly.exe [2009/08/19 06:57:09 | 00,135,055 | RHS- | M] () -- C:\lcw.exe [2009/08/31 06:57:23 | 00,143,488 | ---- | M] () -- C:\p9dwwa61.exe [2009/08/31 07:06:09 | 00,170,023 | RHS- | M] () -- C:\pkkwng.exe [2009/09/04 20:09:05 | 00,114,404 | RHS- | M] () -- C:\qv9qc9f.exe [2009/08/28 15:16:55 | 00,172,102 | RHS- | M] () -- C:\t8s2x.exe [2009/08/13 18:27:11 | 00,163,964 | RHS- | M] () -- C:\y8.exe [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [2004/08/04 00:45:22 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2004/08/04 00:45:26 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 72 bytes -> C:\WINDOWS:7E7D32B66C9BB6C9 < End of report > OTL Extras logfile created on: 5/9/2009 01:25:42 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Mario\Meus documentos\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,00% Memory free 3,85 Gb Paging File | 3,62 Gb Available in Paging File | 94,22% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 232,88 Gb Total Space | 61,51 Gb Free Space | 26,41% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 4,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FAMILIA-DF68F20 Current User Name: Mario Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" = C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found "C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Arquivos de programas\Winamp Remote\bin\Orb.exe" = C:\Arquivos de programas\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found "C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" = C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found "C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found "C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme" = C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound -- (Softnyx) "C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe" = C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Arquivos de programas\Messenger\msmsgs.exe" = C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Arquivos de programas\LimeWire\LimeWire.exe" = C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Compartilhamento de aplicativo RTC -- (Microsoft Corporation) "C:\Arquivos de programas\Vuze\Azureus.exe" = C:\Arquivos de programas\Vuze\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc) "C:\Arquivos de programas\Warcraft III\Frozen Throne.exe" = C:\Arquivos de programas\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment) "C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft) "C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft) "C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft) "C:\Arquivos de programas\Orbitdownloader\orbitdm.exe" = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Arquivos de programas\Orbitdownloader\orbitnet.exe" = C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Arquivos de programas\Garena\Garena.exe" = C:\Arquivos de programas\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD) "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" = C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.) "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz -- (Microsoft Corporation) "C:\Arquivos de programas\Megacubo\megacubo.exe" = C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo -- (www.megacubo.net ) "C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" = C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found "C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32EF3D9D-B626-497C-8E93-EC4B24E20EDA}" = Windows Live Writer "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3B96F4EA-CD82-4C57-B86A-646A017CAF18}" = Windows Live Essentials "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{50D918C3-1FAD-4BE0-89D1-7B7AAA2AF710}" = Windows Live Galeria de Fotos "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{616F0D12-BB36-46A4-8EE9-19505F589931}" = BrOffice.org 3.0 "{66EBD70F-A42C-475F-AEDF-277378151046}" = Nero 7 Essentials "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{852E74A9-74F1-4F71-BE3E-991A48EF232D}" = Windows Live Mail "{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EF43293-7FB8-491A-81A7-8827A96B55CA}_is1" = GloomyRO v1.0 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1046-7B44-A91000000001}" = Adobe Reader 9.1 - Português "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{D7A88CAC-67C3-4435-898E-2B7245F3E4BB}" = Windows Live Sync "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DC25DEB3-630B-4357-B549-E4894FC324C8}" = Windows Live Toolbar "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6C05B70-3972-11DE-AA67-005056806466}" = Google Earth Pro "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter "504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3 "AnyDVD" = AnyDVD "ASIO4ALL" = ASIO4ALL "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode) "AutoHotkey" = AutoHotkey 1.0.47.06 "BatchFileRenamer2.51" = Batch File Renamer 2.51 "BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.1.0 "BCAB34F3D0437A511B21EE29B337548D35996EB3" = Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Cablenut" = Cablenut 4.08 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVD Shrink_is1" = DVD Shrink 3.2 "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 4.1) "EasyBoot_is1" = EasyBoot V5.12 "ERUNT_is1" = ERUNT 1.1j "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.3) "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0 "Glary Utilities_is1" = Glary Utilities 2.11.0.638 "GunboundWC_is1" = GunboundWC "Hamachi" = Hamachi 1.0.3.0 "HijackThis" = HijackThis 1.99.1 "HotspotShield" = Hotspot Shield 1.15 "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio "KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full) "LimeWire" = LimeWire 4.18.3 "Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Megacubo_is1" = Megacubo 6.0.3 "Messenger Plus! Live" = Messenger Plus! Live "MG Pro" = MG Pro "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2) "MundoRAG_is1" = Versão 3.4 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "OCTGN" = OCTGN (remove only) "OpenSSL_is1" = OpenSSL 0.9.6m "Orbit_is1" = Orbit Downloader "PC Wizard 2008_is1" = PC Wizard 2008.1.871 "Plants vs. Zombies" = Plants vs. Zombies "PowerISO" = PowerISO "Protege 3.3.1" = Protege 3.3.1 "Ragnarok Sakray" = Ragnarok Sakray "RealAlt_is1" = Real Alternative 1.8.2 Lite "Receitanet Java 2009.01a" = Receitanet Java 2009.01a "Replay Media Catcher 3.02" = Replay Media Catcher 3.02 "SkypeMate" = SkypeMate "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "SystemRequirementsLab" = System Requirements Lab "Tag&Rename_is1" = Tag&Rename 3.5.1 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "UnityWebPlayer" = Unity Web Player "VideoGet_is1" = Nuclear Coffee - VideoGet "Vuze" = Vuze "WIC" = Windows Imaging Component "Winamp" = Winamp "WinAVI Video Converter_is1" = WinAVI Video Converter "WinAVIVideoConverter_is1" = WinAVIVideoConverter "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinGimp-2.0_is1" = GIMP 2.4.6 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "RunFiles RagnaTurn" = RunFiles RagnaTurn "uTorrent" = µTorrent "Warcraft III" = Warcraft III: All Products [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 3/9/2009 11:16:25 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 3/9/2009 12:16:26 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 3/9/2009 13:16:26 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 3/9/2009 20:16:26 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 3/9/2009 21:16:26 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 2Description = Error - 3/9/2009 22:16:25 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 3/9/2009 23:16:25 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 4/9/2009 00:16:25 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 4/9/2009 01:16:25 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = Error - 4/9/2009 08:16:25 | Computer Name = FAMILIA-DF68F20 | Source = Google Update | ID = 20 Description = [ System Events ] Error - 17/12/2026 11:33:41 | Computer Name = FAMILIA-DF68F20 | Source = Dhcp | ID = 1000 Description = O computador perdeu a concessão para o endereço IP 192.168.0.121 na placa de rede com o endereço de rede 001FC670D536. Error - 17/12/2026 11:33:41 | Computer Name = FAMILIA-DF68F20 | Source = Dhcp | ID = 1000 Description = O computador perdeu a concessão para o endereço IP 5.49.131.253 na placa de rede com o endereço de rede 7A79053183FD. Error - 17/12/2026 11:33:48 | Computer Name = FAMILIA-DF68F20 | Source = W32Time | ID = 39452689 Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host inacessível. (0x80072751) Error - 17/12/2026 11:33:48 | Computer Name = FAMILIA-DF68F20 | Source = W32Time | ID = 39452701 Description = O provedor de tempo NtpClient foi configurado para obter tempo de uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento. Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient não tem uma fonte de tempo preciso. Error - 17/12/2026 11:34:13 | Computer Name = FAMILIA-DF68F20 | Source = W32Time | ID = 39452706 Description = O serviço de tempo detectou que a hora do sistema precisa ser alterada em -567993587 segundos. O serviço de tempo não alterará a hora do sistema em mais de -54000 segundos. Verifique se a sua hora e fuso horário estão corretos e se a fonte de tempo time.windows.com (ntp.m|0x1|192.168.0.121:123->207.46.197.32:123) está funcionando corretamente. < End of report >