Logo Hardware.com.br
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas

Computador lento e com Virus

#1 Por igoreso 29/05/2010 - 21:03
-- ETAPA 1 --

Abra o OTL.exe.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
Imagem
Selecione estas linhas que estão na codebox, clique com o direito sobre a seleção e escolha a opção copiar:
:OTL

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\auto\command - "" = cssrs.exe

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\explore\command - "" = cssrs.exe

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\find\command - "" = cssrs.exe

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\open\command - "" = cssrs.exe

O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\AutoRun\command - "" = D:\ywbsbm.exe -- File not found

O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\explore\Command - "" = D:\ywbsbm.exe -- File not found

O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\open\Command - "" = D:\ywbsbm.exe -- File not found

O32 - HKLM CDRom: AutoRun - 1

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Pessoal\Desktop\*.tmp files -> C:\Documents and Settings\Pessoal\Desktop\*.tmp -> ]

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

:Commands

[EMPTYTEMP]

[CREATERESTOREPOINT]

[CLEARALLRESTOREPOINTS]

[REBOOT]
Execute o OTL.exe
Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar
Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Concertar
O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.
Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.
Exemplo: 03142010_145545.log

-- ETAPA 2 --
Acesse o VirusTotal.com
http://www.virustoal.com/pt

Copie este caminho em vermelho e cole ao lado do botão
Procurar
C:\WINDOWS\System32\opencrypto.dll
C:\Arquivos de programas\GbPlugin\gbpsv.exe
Depois clique em
Enviar Arquivo

Aguarde a análise, depois copie o resultado e cole na sua resposta.
-- ETAPA 3 --
Cole um novo log OTL igual ao de cima.

C:\32788R22FWJFW\
Porque voce tem uma copia antiga do ComboFix extraída no Drive C:\?
pc computador lento virus receber cheio
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#16 Por igoreso
30/05/2010 - 18:05
-- ETAPA 1 --

Abra o OTL.exe.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
Imagem
Selecione estas linhas que estão na codebox, clique com o direito sobre a seleção e escolha a opção copiar:
:OTL

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\auto\command - "" = cssrs.exe

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\explore\command - "" = cssrs.exe

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\find\command - "" = cssrs.exe

O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\open\command - "" = cssrs.exe

O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\AutoRun\command - "" = D:\ywbsbm.exe -- File not found

O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\explore\Command - "" = D:\ywbsbm.exe -- File not found

O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\open\Command - "" = D:\ywbsbm.exe -- File not found

O32 - HKLM CDRom: AutoRun - 1

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Pessoal\Desktop\*.tmp files -> C:\Documents and Settings\Pessoal\Desktop\*.tmp -> ]

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

:Commands

[EMPTYTEMP]

[CREATERESTOREPOINT]

[CLEARALLRESTOREPOINTS]

[REBOOT]
Execute o OTL.exe
Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar
Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Concertar
O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.
Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.
Exemplo: 03142010_145545.log

-- ETAPA 2 --
Acesse o VirusTotal.com
http://www.virustoal.com/pt

Copie este caminho em vermelho e cole ao lado do botão
Procurar
C:\WINDOWS\System32\opencrypto.dll
C:\Arquivos de programas\GbPlugin\gbpsv.exe
Depois clique em
Enviar Arquivo

Aguarde a análise, depois copie o resultado e cole na sua resposta.
-- ETAPA 3 --
Cole um novo log OTL igual ao de cima.

C:\32788R22FWJFW\
Porque voce tem uma copia antiga do ComboFix extraída no Drive C:\?
Adriano7
Adriano7 Novo Membro Registrado
43 Mensagens 0 Curtidas
#17 Por Adriano7
30/05/2010 - 19:25
Tive um problema ano passado no pc e um analista do forum solicitou que eu usa-se o combo fix.

Tae o log otl

All processes killed
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!
Error: Unable to interpret <[CLEARALLRESTOREPOINTS]> in the current context!
Error: Unable to interpret <[REBOOT]> in the current context!

OTL by OldTimer - Version 3.2.5.1 log created on 05302010_191800
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...


Tae a primeira analise virustotal


Arquivo gbpsv.exe recebido em 2010.05.30 22:40:45 (UTC)
Andamento: Carregando ... na fila aguardando analisando terminado NÃO ENCONTRADO PARADO
Imagem
Resultado: 3/41 (7.32%)

Carregando informação do servidor...
O seu arquivo está na posição: 1.
Tempo estimado de início é entre 42 e 60 segundos.
Não feche a janela até que a análise esteja completa.
O mecanismo que estava processando o arquivo parou, nós esperaremos alguns segundos para tentar recuperar o resultado.
Se estiver esperando por mais de cinco minutos, você terá que reenviar o arquivo.
O seu arquivo está sendo analisado por VirusTotal no momento,
os resultados serão exibidos assim que forem gerados.



O seu arquivo expirou ou não existe.
O serviço está parado no momento, o seu arquivo está esperando para ser analisado (posição: ) por tempo indeterminado.
Você pode aguardar por resposta na página (atualização automática) ou digite o seu email no campo abaixo e clique em "enviar" para que o sistema envie uma notificação quando a análise terminar. Email:


AntivírusVersãoÚltima AtualizaçãoResultadoa-squared4.5.0.502010.05.10-AhnLab-V32010.05.30.002010.05.29-AntiVir8.2.1.2422010.05.30-Antiy-AVL2.0.3.72010.05.26-Authentium5.2.0.52010.05.29-Avast4.8.1351.02010.05.30-Avast55.0.332.02010.05.30-AVG9.0.0.7872010.05.31-BitDefender7.22010.05.31-CAT-QuickHeal10.002010.05.29(Suspicious) - DNAScanClamAV0.96.0.3-git2010.05.30-Comodo49592010.05.31-DrWeb5.0.2.033002010.05.31-eSafe7.0.17.02010.05.30Suspicious FileeTrust-Vet35.2.75192010.05.29-F-Prot4.6.0.1032010.05.29-F-Secure9.0.15370.02010.05.30-Fortinet4.1.133.02010.05.30-GData212010.05.31-IkarusT3.1.1.84.02010.05.30-Jiangmin13.0.9002010.05.30-Kaspersky7.0.0.1252010.05.31-McAfee5.400.0.11582010.05.31-McAfee-GW-Edition2010.12010.05.30-Microsoft1.58022010.05.31-NOD3251562010.05.30-Norman6.04.122010.05.30-nProtect2010-05-30.012010.05.30-Panda10.0.2.72010.05.30-PCTools7.0.3.52010.05.30-Prevx3.02010.05.31-Rising22.49.06.042010.05.30-Sophos4.53.02010.05.31-Sunbelt63772010.05.30-Symantec20101.1.0.892010.05.30-TheHacker6.5.2.0.2902010.05.30-TrendMicro9.120.0.10042010.05.30PAK_Generic.001TrendMicro-HouseCall9.120.0.10042010.05.31-VBA323.12.12.52010.05.29-ViRobot2010.5.20.23262010.05.28-VirusBuster5.0.27.02010.05.30-Informações adicionaisFile size: 55072 bytesMD5...: 6984a754bdc4c42cf4c772a94cd2208bSHA1..: f58de909258e52348fda1c167ea720addcb06bf4SHA256: 86ac6c0b89acc35018560fc1d7c1bfdfd82ffa9bb8c60f10202152fd61d224ffssdeep: 1536:9I5VmkCV0gcKMUpd3zXAOAFG0ykq6fWc1cOa7:iVM0VKMU/37r+Gkqs1O7
PEiD..: -PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6898
timedatestamp.....: 0x4b7d985b (Thu Feb 18 19:43:23 2010)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20000 0xa000 7.99 4b4d13fc257ad8fa41937454f6873b8f
.rsrc 0x21000 0x2000 0x1c00 5.88 47d88d6eb73f92d5beb6f968b1a2ac04

( 5 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree
> ADVAPI32.dll: IsValidSid
> MSVCRT.dll: _controlfp
> USER32.dll: CharUpperA
> ole32.dll: CoUninitialize

( 0 exports )
RDS...: NSRL Reference Data Set
-pdfid.: -trid..: Win32 EXE PECompact compressed (v2.x) (48.9%)
Win32 EXE PECompact compressed (generic) (34.4%)
Win32 Executable Generic (7.0%)
Win32 Dynamic Link Library (generic) (6.2%)
Generic Win/DOS Executable (1.6%)packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompactsigcheck:
publisher....:
copyright....: Copyright (c) 2003-2010, G-Buster Browser Defense
product......: Gbp Service
description..: G-Buster Browser Defense - Service
original name: GbpSv.exe
internal name: GbpSv
file version.: 2,1,14,1
comments.....:
signers......: Banco do Brasil S.A.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 2:17 PM 4/30/2010
verified.....: -
packers (F-Prot): PecBundle, PECompact



Tae a segunda analise do virustotal
Arquivo opencrypto.dll recebido em 2010.05.30 22:32:08 (UTC)
Andamento: Carregando ... na fila aguardando analisando terminado NÃO ENCONTRADO PARADO
Imagem
Resultado: 0/41 (0%)

Carregando informação do servidor... O seu arquivo está na posição: 2.
Tempo estimado de início é entre 49 e 70 segundos.
Não feche a janela até que a análise esteja completa.
O mecanismo que estava processando o arquivo parou, nós esperaremos alguns segundos para tentar recuperar o resultado.
Se estiver esperando por mais de cinco minutos, você terá que reenviar o arquivo.
O seu arquivo está sendo analisado por VirusTotal no momento,
os resultados serão exibidos assim que forem gerados. Imagem Modo compacto



O seu arquivo expirou ou não existe. O serviço está parado no momento, o seu arquivo está esperando para ser analisado (posição: ) por tempo indeterminado.
Você pode aguardar por resposta na página (atualização automática) ou digite o seu email no campo abaixo e clique em "enviar" para que o sistema envie uma notificação quando a análise terminar. Email:


AntivírusVersãoÚltima AtualizaçãoResultadoa-squared4.5.0.502010.05.10-AhnLab-V32010.05.30.002010.05.29-AntiVir8.2.1.2422010.05.30-Antiy-AVL2.0.3.72010.05.26-Authentium5.2.0.52010.05.29-Avast4.8.1351.02010.05.30-Avast55.0.332.02010.05.30-AVG9.0.0.7872010.05.31-BitDefender7.22010.05.31-CAT-QuickHeal10.002010.05.29-ClamAV0.96.0.3-git2010.05.30-Comodo49592010.05.31-DrWeb5.0.2.033002010.05.31-eSafe7.0.17.02010.05.30-eTrust-Vet35.2.75192010.05.29-F-Prot4.6.0.1032010.05.29-F-Secure9.0.15370.02010.05.30-Fortinet4.1.133.02010.05.30-GData212010.05.31-IkarusT3.1.1.84.02010.05.30-Jiangmin13.0.9002010.05.30-Kaspersky7.0.0.1252010.05.31-McAfee5.400.0.11582010.05.31-McAfee-GW-Edition2010.12010.05.30-Microsoft1.58022010.05.31-NOD3251562010.05.30-Norman6.04.122010.05.30-nProtect2010-05-30.012010.05.30-Panda10.0.2.72010.05.30-PCTools7.0.3.52010.05.30
-Prevx3.02010.05.31-Rising22.49.06.042010.05.30-Sophos4.53.02010.05.31-Sunbelt63772010.05.30-Symantec20101.1.0.892010.05.30-TheHacker6.5.2.0.2902010.05.30-TrendMicro9.120.0.10042010.05.30-TrendMicro-HouseCall9.120.0.10042010.05.31-VBA323.12.12.52010.05.29-ViRobot2010.5.20.23262010.05.28-VirusBuster5.0.27.02010.05.30-Informações adicionaisFile size: 122880 bytesMD5...: 69cec92dfa3ddb161e3542aaa6a6ff1eSHA1..: b142ac99e607e080954738df14036936a11c0a96SHA256: 8ed88fe9f96237fbd675ada92dc4e00d657ef2c9d558630c346e208f80ded4bcssdeep: 1536:JoAGpLtKRxr5VHhTzBwE16mrAFQXlTztO/tM9b0TiHl/I2DDLJWS:JoxL4R
zVH8E16m+Q1TuM9b0TWlAeDLJPEiD..: -PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5347
timedatestamp.....: 0x40a40171 (Thu May 13 23:14:57 2004)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x10fae 0x11000 6.58 589f3c334bf816e655f41eb46a8e5f67
.rdata 0x12000 0x4567 0x5000 4.40 da465c573b0a22dcc3ca4fc1bba823b8
.data 0x17000 0x50c0 0x2000 3.40 86e55a79ca16c1d4b0681d3d3077ae20
.rsrc 0x1d000 0xfa0 0x1000 4.14 c88a3c813ff756b8986d800f7493903a
.reloc 0x1e000 0x339c 0x4000 3.28 ff6c5babdb70c178615aa6adba30f88a

( 9 imports )
> LIBEAY32.dll: -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: WriteFile, SetFilePointer, FlushFileBuffers, GetCPInfo, GetOEMCP, RtlUnwind, HeapFree, HeapAlloc, HeapReAlloc, GetCommandLineA, RaiseException, GetCurrentProcess, TerminateProcess, HeapSize, GetACP, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetProcessVersion, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, WritePrivateProfileStringA, GlobalFlags, SetLastError, GetVersion, SetErrorMode, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, Glo
balHandle, GlobalUnlock, GlobalFree, TlsAlloc, LocalFree, LocalAlloc, CloseHandle, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, GetCurrentThread, GetCurrentThreadId, lstrcatA, lstrcpyA, LoadLibraryA, GetProcAddress, HeapDestroy, IsDBCSLeadByte, lstrcpynA, lstrcmpiA, LoadLibraryExA, GetLastError, FindResourceA, LoadResource, SizeofResource, FreeLibrary, WideCharToMultiByte, GetModuleFileNameA, GetShortPathNameA, lstrlenA, MultiByteToWideChar, lstrlenW, InterlockedDecrement, EnterCriticalSection, InterlockedIncrement, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, ExitProcess
> USER32.dll: MapWindowPoints, LoadIconA, LoadCursorA, GetSysColorBrush, DestroyMenu, AdjustWindowRectEx, GetClientRect, CopyRect, GetTopWindow, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu,GetSubMenu, GetMenuItemID, DefWindowProcA, DestroyWindow, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetSysColor, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetSystemMetrics, SetFocus, ShowWindow, SetWindowPos, SetWindowLongA, GetDlgItem, GrayStringA, DrawTextA, TabbedTextOutA, ReleaseDC, GetDC, MessageBoxA, CharNextA, PostQuitMessage, PostMessageA, GetMenuItemCount, wsprintfA, SetWindowTextA, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, GetClassNameA, RegisterWindowMessageA, GetWindowTextA, SendMessageA, SetCursor, EnableWindow, GetWindowLongA, IsWindowEnabled, GetLastActivePopup,
GetParent, SetWindowsHookExA, GetCursorPos, PeekMessageA, IsWindowVisible, ValidateRect, CallNextHookEx, GetKeyState, GetActiveWindow, DispatchMessageA, LoadStringA, UnregisterClassA, UnhookWindowsHookEx, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage
> GDI32.dll: PtVisible, TextOutA, ExtTextOutA, Escape, GetObjectA, SetBkColor, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, DeleteObject, RectVisible, CreateBitmap, GetClipBox, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetTextColor, GetDeviceCaps
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA> ADVAPI32.dll: RegSetValueExA, RegEnumValueA, RegQueryInfoKeyA, RegDeleteKeyA, RegEnumKeyExA, RegOpenKeyExA, RegCloseKey, RegDeleteValueA, RegCreateKeyExA
> COMCTL32.dll: -
> ole32.dll: CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree
> OLEAUT32.dll: -, -, -, -, -, -, -, -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
-pdfid.: -trid..: DirectShow filter (50.8%)Windows OCX File (31.1%)
Win32 Executable MS Visual C++ (generic) (9.5%)
Windows Screen Saver (3.3%)
Win32 Executable Generic (2.1%)sigcheck:
publisher....:
copyright....: Copyright 2004
product......: opencrypto Module
description..: opencrypto Moduleoriginal name: opencrypto.DLL
internal name: opencrypto
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned




log da etapa 3


,Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.2.5.1 log created on 05302010_194819
Adriano7
Adriano7 Novo Membro Registrado
43 Mensagens 0 Curtidas
#19 Por Adriano7
30/05/2010 - 21:36
OTL logfile created on: 30/5/2010 21:25:36 - Run 2
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\Pessoal\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

495,00 Mb Total Physical Memory | 105,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 131,33 Gb Free Space | 88,11% Space Free | Partition Type: NTFS
Drive D: | 1,92 Gb Total Space | 0,10 Gb Free Space | 5,22% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ITAUTEC-CAC5D54
Current User Name: Pessoal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/30 09:27:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
PRC - [2010/04/30 09:17:34 | 000,055,072 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2010/03/19 10:53:04 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
PRC - [2007/06/13 10:21:56 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 19:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 20:38:57 | 000,707,360 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006/08/03 16:05:18 | 000,065,536 | ---- | M] (LightComm) -- C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
PRC - [2006/06/01 13:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/12/14 04:44:30 | 000,065,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe


========== Modules (SafeList) ==========

MOD - [2010/05/30 09:27:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
MOD - [2010/04/30 09:18:20 | 000,328,992 | ---- | M] (Banco do Brasil) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
MOD - [2006/08/25 08:49:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/03/02 09:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/30 09:17:34 | 000,055,072 | ---- | M] ( ) [Unknown | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/11/06 17:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Arquivos de programas\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 19:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 09:18:34 | 000,045,472 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/12/08 17:23:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/11/06 17:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/12/05 20:39:11 | 001,963,680 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/03/02 09:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/07/05 17:49:38 | 000,925,572 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/04/12 08:42:00 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 08:08:00 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Driver de áudio USB (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/02 12:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 03:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/07/10 09:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/06/27 21:15:14 | 000,005,888 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2001/09/05 23:18:58 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 2A A1 10 2F 37 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/08/22 22:41:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe (LightComm)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LifeCam] C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Arquivos de programas\GbPlugin\gbieh.dll - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pessoal\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pessoal\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/24 13:48:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/25 19:33:34 | 000,000,366 | RHS- | M] () - D:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010/01/30 10:51:42 | 000,000,000 | RHSD | M] - D:\AUTORUN -- [ FAT ]
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\auto\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\explore\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\find\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\open\command - "" = cssrs.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/30 19:16:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/30 09:27:12 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
[2010/05/30 00:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\Malwarebytes
[2010/05/30 00:40:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/30 00:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2010/05/30 00:40:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/30 00:40:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2010/05/29 21:44:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/29 20:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\HP
[2010/05/29 19:40:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live Safety Center
[2010/05/29 19:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\HP
[2010/05/29 19:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP
[2010/05/29 19:18:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\HP
[2010/05/29 19:18:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard
[2010/05/29 19:18:19 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hewlett-Packard
[2010/05/29 19:17:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\zhenghe2
[2010/05/29 19:17:17 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HP
[2010/05/29 19:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard
[2010/05/29 19:14:35 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll4v2.dll
[2010/05/29 19:14:33 | 000,258,048 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/05/29 19:14:11 | 000,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl4.dll
[2010/05/29 19:14:11 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/05/29 19:14:11 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/05/29 19:14:11 | 000,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2010/05/29 19:14:10 | 000,675,840 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax4.dll
[2010/05/29 19:14:08 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/05/29 19:13:11 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

========== Files - Modified Within 30 Days ==========

[2010/05/30 20:58:07 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/30 19:59:35 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/30 19:19:27 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/30 19:19:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 19:19:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/30 19:19:21 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 19:18:22 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Pessoal\ntuser.dat
[2010/05/30 19:18:22 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Pessoal\ntuser.ini
[2010/05/30 10:37:15 | 005,378,440 | -H-- | M] () -- C:\Documents and Settings\Pessoal\Configurações locais\Dados de aplicativos\IconCache.db
[2010/05/30 09:27:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
[2010/05/30 00:40:39 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 21:37:00 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Pessoal\Desktop\Microsoft Office Word 2003.lnk
[2010/05/29 19:22:08 | 000,154,586 | ---- | M] () -- C:\WINDOWS\hpwins16.dat
[2010/05/29 19:21:10 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 19:19:33 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk
[2010/05/29 19:18:59 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
[2010/05/29 18:55:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/11 20:39:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/02 13:51:04 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Pessoal\Desktop\Windows Live Call.lnk

========== Files Created - No Company Name ==========

[2010/05/30 00:40:39 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 19:19:33 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk
[2010/05/29 19:18:59 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
[2010/05/29 19:14:54 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log
[2010/05/29 19:14:51 | 000,154,586 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2009/06/29 18:41:04 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009/05/25 13:17:23 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/04 23:44:49 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/11/06 17:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/02 09:58:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/02 09:52:31 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2007/04/23 07:33:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/21 06:50:13 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/21 06:48:35 | 000,000,103 | ---- | C] () -- C:\WINDOWS\I_DMI.INI
[2007/03/24 14:17:21 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CUSTOM_CD.INI
[2007/03/24 13:52:45 | 000,003,685 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/03/24 10:35:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/03/24 10:31:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2007/03/24 10:31:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2007/03/24 10:31:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2007/03/24 10:31:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2007/03/24 10:31:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2007/03/24 10:31:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2007/03/24 10:31:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2007/03/24 10:31:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2007/03/24 10:31:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/05/03 15:44:44 | 000,001,352 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/29 16:42:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\linstall.dll
[2005/06/10 10:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2005/06/10 10:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[2004/05/13 20:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll
[2004/03/18 17:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/07/16 22:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET
[2010/05/09 21:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2009/07/31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MotionDSP
[2009/07/31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/09/27 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\com.isc.flaphoneAir.E0E79A3CC362EB125C76F1BD07217F6302F98994.1
[2010/05/30 01:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\Desktopicon
[2009/06/22 12:52:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\Drivers
[2009/12/02 20:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\IObit
[2008/07/28 00:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\OfficeUpdate12
[2008/12/01 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\zweitgeist

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
< End of report >
Adriano7
Adriano7 Novo Membro Registrado
43 Mensagens 0 Curtidas
#20 Por Adriano7
30/05/2010 - 21:41
tae o log extra

OTL Extras logfile created on: 30/5/2010 21:25:36 - Run 2
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\Pessoal\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

495,00 Mb Total Physical Memory | 105,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 131,33 Gb Free Space | 88,11% Space Free | Partition Type: NTFS
Drive D: | 1,92 Gb Total Space | 0,10 Gb Free Space | 5,22% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ITAUTEC-CAC5D54
Current User Name: Pessoal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe:*big_green.pngisabled:Nero Home -- (Nero AG)
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos
"{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C579DEB-2905-4331-9EF0-285A63B09062}" = Microsoft LifeCam
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1046}" = Nero 7 Essentials
"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1046-7646-A70000000000}" = Adobe Reader 7.0 - Português
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D27F8BF7-61A4-4F0D-A190-9E2CE8C0773B}" = 3600_Help
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F793385C-5F01-4b46-B974-15A81FB86FF1}" = HP Officejet J3600 Series
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.5.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"eMule" = eMule
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oi Velox Check Up_is1" = Oi Velox Check Up 1.0
"Programador de Modem_is1" = LightModem 3.0
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Skype_is1" = Skype 2.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = Arquivo do WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/5/2010 21:48:15 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:16 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:19 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:20 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:21 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:22 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:24 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:25 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:26 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 23:24:27 | Computer Name = ITAUTEC-CAC5D54 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 30/5/2010 17:12:01 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Nod32 AV devido ao seguinte erro:
%%1053

Error - 30/5/2010 17:12:08 | Computer Name = ITAUTEC-CAC5D54 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 30/5/2010 18:16:41 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7031
Description = O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu
1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar
o serviço.

Error - 30/5/2010 18:16:41 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7034
Description = O serviço Java Quick Starter foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 30/5/2010 18:16:41 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7034
Description = O serviço MSCamSvc foi encerrado inesperadamente. Isso aconteceu
1 vez(es).

Error - 30/5/2010 18:16:42 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7034
Description = O serviço SeaPort foi encerrado inesperadamente. Isso aconteceu 1
vez(es).

Error - 30/5/2010 18:18:01 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7031
Description = O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu
2 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar
o serviço.

Error - 30/5/2010 18:19:31 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7009
Description = Tempo limite (30000 milissegundos) de espera para que o serviço Nod32
AV se conecte.

Error - 30/5/2010 18:19:31 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Nod32 AV devido ao seguinte erro:
%%1053

Error - 30/5/2010 18:19:39 | Computer Name = ITAUTEC-CAC5D54 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.


< End of report >
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#21 Por igoreso
30/05/2010 - 22:00
Vamos tentar novamente!
Abra o OTL.exe.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
Imagem
Selecione estas linhas que estão na codebox, clique com o direito sobre a seleção e escolha a opção copiar:
:OTL
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\auto\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\explore\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\find\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\open\command - "" = cssrs.exe
O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\AutoRun\command - "" = D:\ywbsbm.exe -- File not found
O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\explore\Command - "" = D:\ywbsbm.exe -- File not found
O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\open\Command - "" = D:\ywbsbm.exe -- File not found
O32 - HKLM CDRom: AutoRun - 1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Pessoal\Desktop\*.tmp files -> C:\Documents and Settings\Pessoal\Desktop\*.tmp -> ]
@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32
\drivers:GbpKmAp.lst

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
[CLEARALLRESTOREPOINTS]
[REBOOT]
Execute o OTL.exe
Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar
Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Concertar
O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.
Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.
Exemplo: 03142010_145545.log

igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#23 Por igoreso
30/05/2010 - 22:08
Lord Enigm@ disse:
Que isso ?
Doem os olhos... e a alma.


Concordo amigo, porém é uma aviso infelizmente se faz necessário. Pois o usuário errou nas últimas instruções o que gerou erro. Vou dar uma adoçada!
All processes killed
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!
Error: Unable to interpret <[CLEARALLRESTOREPOINTS]> in the current context!
Error: Unable to interpret <[REBOOT]> in the current context!


Abraços,
Igor
Adriano7
Adriano7 Novo Membro Registrado
43 Mensagens 0 Curtidas
#27 Por Adriano7
31/05/2010 - 15:04
Tae o log

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ not found.
File cssrs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ not found.
File cssrs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ not found.
File cssrs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\ not found.
File cssrs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\ not found.
File D:\ywbsbm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\ not found.
File D:\ywbsbm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\ not found.
File D:\ywbsbm.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\Documents and Settings\Pessoal\Desktop\*.tmp not found.
Unable to delete ADS C:\WINDOWS\System32 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pessoal
->Temp folder emptied: 40152 bytes
->Temporary Internet Files folder emptied: 137422606 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10289 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 995448 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132,00 mb

Restore point Set: OTL Restore Point (0)
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.5.1 log created on 05312010_145615
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Pessoal\Configurações locais\Temp\~DFBA8B.tmp not found!
File\Folder C:\Documents and Settings\Pessoal\Configurações locais\Temp\~DFEF99.tmp not found!
C:\Documents and Settings\Pessoal\Configurações locais\Temporary Internet Files\Content.IE5\EYGT4NWT\1[1].html moved successfully.
C:\Documents and Settings\Pessoal\Configurações locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#28 Por igoreso
31/05/2010 - 22:03
Olá,
Que bom saiu tudo direito dessa vez! rindo_ate_agora.png Como essas linhas que foram removidas correspondiam á um vírus de Pendrive, limpamos o PC! Agora limpares o(s) Pendrives!
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\auto\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\explore\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\find\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\open\command - "" = cssrs.exe
O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\AutoRun\command - "" = D:\ywbsbm.exe -- File not found
O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\explore\Command - "" = D:\ywbsbm.exe -- File not found
O33 - MountPoints2\{f75804e2-9564-11dc-a0e3-001558b5d3dd}\Shell\open\Command - "" = D:\ywbsbm.exe -- File not found

Espete o(s) pendrives, modems usb, cartões de mémoria, MP3 4 5... ao pc e siga os passos abaixo:
*Baixe o USBFix e salve-o no desktop.
http://chiquitine.changelog.fr/UsbFix.exe
*Desative temporariamente seu antivírus
*Espete o Pendrive no PC
*Duplo clique em UsbFix
*Tecle P > [ENTER]
*Tecle 1 > [ENTER] e aguarde o término
*Remova o Pendrive
*arkGreen">Cole o relatório criado em C:\UsbFix.txt e junto gere e cole (igual como fez antes) um novo log OTL.
Abraços,
Igor
Adriano7
Adriano7 Novo Membro Registrado
43 Mensagens 0 Curtidas
#29 Por Adriano7
01/06/2010 - 01:25
tae o log usbfix

############################## | UsbFix 7.002 |
Usuário: Pessoal (Administrador) # ITAUTEC-CAC5D54 [ ]
Atualizado em 31/05/10 por El Desaparecido & C_XX
Começou em 01:18:54 | 01/06/2010
Site: http://pagesperso-orange.fr/NosTools/index.html
Contato: [EMAIL="FindyKill.Contact@gmail.com"]FindyKill.Contact@gmail.com[/EMAIL]
CPU: Intel(R) Pentium(R) D CPU 2.80GHz
CPU 2: Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall: Habilitado
Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | Updated]
RAM -> 495 Mb
C:\ (%systemdrive%) -> Disco fixo # 149 Gb (133 Mb livre - 89%) [] # NTFS
D:\ -> Disco removível # 2 Gb (102 Mb livre - 5%) [SEVEN] # FAT
H:\ -> CD-ROM
################## | Ficheiros # pastas infeciosos |
Presente ! C:\Arquivos de programas\GbPlugin
Presente ! C:\WINDOWS\system32\autorun.i
Presente ! C:\WINDOWS\system32\autorun.in
Presente ! D:\Autorun.inf
Presente ! C:\Recycler\S-1-5-21-804409071-1363060772-4094713968-1006
Presente ! D:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013
Presente ! D:\Recycler\S-1-5-21-1254416572-1263425100-317347820-0350
Presente ! C:\khu
Presente ! C:\khv
################## | Registro |
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}
Shell\auto\Command = cssrs.exe
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cssrs.exe
Shell\explore\Command = cssrs.exe
Shell\find\Command = cssrs.exe
Shell\open\Command = cssrs.exe

################## | Vaccin |
(!) Este computador não é vacinada!
################## | E.O.F |




tae o log otl
OTL logfile created on: 1/6/2010 01:22:47 - Run 3
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\Pessoal\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

495,00 Mb Total Physical Memory | 110,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 132,87 Gb Free Space | 89,15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ITAUTEC-CAC5D54
Current User Name: Pessoal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/30 09:27:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
PRC - [2010/04/30 09:17:34 | 000,055,072 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2010/03/19 10:53:04 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
PRC - [2007/06/13 10:21:56 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 19:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/12/05 20:38:57 | 000,707,360 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006/08/03 16:05:18 | 000,065,536 | ---- | M] (LightComm) -- C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
PRC - [2006/06/01 13:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/12/14 04:44:30 | 000,065,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe


========== Modules (SafeList) ==========

MOD - [2010/05/30 09:27:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
MOD - [2006/08/25 08:49:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/03/02 09:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/30 09:17:34 | 000,055,072 | ---- | M] ( ) [Unknown | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/11/06 17:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Arquivos de programas\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 19:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/05/26 10:48:08 | 000,045,472 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/12/08 17:23:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/11/06 17:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/12/05 20:39:11 | 001,963,680 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/03/02 09:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/07/05 17:49:38 | 000,925,572 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/04/12 08:42:00 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 08:08:00 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Driver de áudio USB (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/02 12:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 03:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/07/10 09:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/06/27 21:15:14 | 000,005,888 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2001/09/05 23:18:58 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itautec.com.br

IE - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 2A A1 10 2F 37 CA 01 [binary data]
IE - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/08/22 22:41:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe (LightComm)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LifeCam] C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-804409071-1363060772-4094713968-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Arquivos de programas\GbPlugin\gbieh.dll - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pessoal\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pessoal\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/24 13:48:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\auto\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\explore\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\find\command - "" = cssrs.exe
O33 - MountPoints2\{053d8976-4d65-11dd-a1f8-001558b5d3dd}\Shell\open\command - "" = cssrs.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/01 01:17:22 | 000,000,000 | ---D | C] -- C:\Usbfix
[2010/06/01 01:05:35 | 001,166,371 | ---- | C] (C_XX & El Desaparecido) -- C:\Documents and Settings\Pessoal\Desktop\Usbfix.exe
[2010/05/30 19:16:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/30 09:27:12 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
[2010/05/30 00:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\Malwarebytes
[2010/05/30 00:40:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/30 00:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2010/05/30 00:40:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/30 00:40:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2010/05/29 21:44:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/29 20:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\HP
[2010/05/29 19:40:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live Safety Center
[2010/05/29 19:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\HP
[2010/05/29 19:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP
[2010/05/29 19:18:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\HP
[2010/05/29 19:18:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard
[2010/05/29 19:18:19 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hewlett-Packard
[2010/05/29 19:17:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\zhenghe2
[2010/05/29 19:17:17 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HP
[2010/05/29 19:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard
[2010/05/29 19:14:35 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll4v2.dll
[2010/05/29 19:14:33 | 000,258,048 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/05/29 19:14:11 | 000,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl4.dll
[2010/05/29 19:14:11 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/05/29 19:14:11 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/05/29 19:14:11 | 000,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2010/05/29 19:14:10 | 000,675,840 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax4.dll
[2010/05/29 19:14:08 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/05/29 19:13:11 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

========== Files - Modified Within 30 Days ==========

[2010/06/01 01:17:22 | 001,166,371 | ---- | M] (C_XX & El Desaparecido) -- C:\Documents and Settings\Pessoal\Desktop\Usbfix.exe
[2010/06/01 00:58:44 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/31 23:00:57 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/31 22:59:16 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/31 22:59:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 22:59:03 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 22:59:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 17:57:37 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Pessoal\ntuser.dat
[2010/05/31 17:57:05 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Pessoal\ntuser.ini
[2010/05/31 17:56:36 | 005,378,640 | -H-- | M] () -- C:\Documents and Settings\Pessoal\Configurações locais\Dados de aplicativos\IconCache.db
[2010/05/30 09:27:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pessoal\Desktop\OTL.exe
[2010/05/30 00:40:39 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 21:37:00 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Pessoal\Desktop\Microsoft Office Word 2003.lnk
[2010/05/29 19:22:08 | 000,154,586 | ---- | M] () -- C:\WINDOWS\hpwins16.dat
[2010/05/29 19:21:10 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 19:19:33 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk
[2010/05/29 19:18:59 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
[2010/05/29 18:55:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 10:48:08 | 000,045,472 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys
[2010/05/11 20:39:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/02 13:51:04 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Pessoal\Desktop\Windows Live Call.lnk

========== Files Created - No Company Name ==========

[2010/05/30 00:40:39 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 19:19:33 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk
[2010/05/29 19:18:59 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
[2010/05/29 19:14:54 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log
[2010/05/29 19:14:51 | 000,154,586 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2009/06/29 18:41:04 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009/05/25 13:17:23 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/04 23:44:49 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/11/06 17:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/02 09:58:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/02 09:52:31 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2007/04/23 07:33:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/21 06:50:13 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/21 06:48:35 | 000,000,103 | ---- | C] () -- C:\WINDOWS\I_DMI.INI
[2007/03/24 14:17:21 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CUSTOM_CD.INI
[2007/03/24 13:52:45 | 000,003,685 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/03/24 10:35:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/03/24 10:31:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2007/03/24 10:31:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2007/03/24 10:31:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2007/03/24 10:31:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2007/03/24 10:31:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2007/03/24 10:31:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2007/03/24 10:31:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2007/03/24 10:31:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2007/03/24 10:31:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/05/03 15:44:44 | 000,001,352 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/29 16:42:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\linstall.dll
[2005/06/10 10:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2005/06/10 10:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[2004/05/13 20:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll
[2004/03/18 17:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/07/16 22:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET
[2010/06/01 01:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2009/07/31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MotionDSP
[2009/07/31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/09/27 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\com.isc.flaphoneAir.E0E79A3CC362EB125C76F1BD07217F6302F98994.1
[2010/05/30 01:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\Desktopicon
[2009/06/22 12:52:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\Drivers
[2009/12/02 20:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\IObit
[2008/07/28 00:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\OfficeUpdate12
[2008/12/01 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pessoal\Dados de aplicativos\zweitgeist

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
< End of report >
Adriano7
Adriano7 Novo Membro Registrado
43 Mensagens 0 Curtidas
#30 Por Adriano7
01/06/2010 - 01:29
log extra


OTL Extras logfile created on: 1/6/2010 01:22:47 - Run 3
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\Pessoal\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

495,00 Mb Total Physical Memory | 110,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 132,87 Gb Free Space | 89,15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ITAUTEC-CAC5D54
Current User Name: Pessoal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe:*big_green.pngisabled:Nero Home -- (Nero AG)
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos
"{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C579DEB-2905-4331-9EF0-285A63B09062}" = Microsoft LifeCam
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1046}" = Nero 7 Essentials
"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1046-7646-A70000000000}" = Adobe Reader 7.0 - Português
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D27F8BF7-61A4-4F0D-A190-9E2CE8C0773B}" = 3600_Help
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F793385C-5F01-4b46-B974-15A81FB86FF1}" = HP Officejet J3600 Series
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.5.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"eMule" = eMule
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oi Velox Check Up_is1" = Oi Velox Check Up 1.0
"Programador de Modem_is1" = LightModem 3.0
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Skype_is1" = Skype 2.5
"Usbfix" = Usbfix By C_XX & El Desaparecido
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = Arquivo do WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/5/2010 21:48:19 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:20 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:21 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:22 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:24 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:25 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 21:48:26 | Computer Name = ITAUTEC-CAC5D54 | Source = WmiAdapter | ID = 4099
Description = Falha na abertura do serviço.

Error - 29/5/2010 23:24:27 | Computer Name = ITAUTEC-CAC5D54 | Source = Google Update | ID = 20
Description =

Error - 31/5/2010 22:58:26 | Computer Name = ITAUTEC-CAC5D54 | Source = Google Update | ID = 20
Description =

Error - 31/5/2010 23:58:25 | Computer Name = ITAUTEC-CAC5D54 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 31/5/2010 13:56:16 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7031
Description = O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu
1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar
o serviço.

Error - 31/5/2010 13:56:16 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7034
Description = O serviço Java Quick Starter foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 31/5/2010 13:56:17 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7034
Description = O serviço MSCamSvc foi encerrado inesperadamente. Isso aconteceu
1 vez(es).

Error - 31/5/2010 13:56:17 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7034
Description = O serviço SeaPort foi encerrado inesperadamente. Isso aconteceu 1
vez(es).

Error - 31/5/2010 13:58:05 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7009
Description = Tempo limite (30000 milissegundos) de espera para que o serviço Nod32
AV se conecte.

Error - 31/5/2010 13:58:05 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Nod32 AV devido ao seguinte erro:
%%1053

Error - 31/5/2010 13:58:15 | Computer Name = ITAUTEC-CAC5D54 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 31/5/2010 21:59:18 | Computer Name = ITAUTEC-CAC5D54 | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 31/5/2010 21:59:32 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7009
Description = Tempo limite (30000 milissegundos) de espera para que o serviço Nod32
AV se conecte.

Error - 31/5/2010 21:59:32 | Computer Name = ITAUTEC-CAC5D54 | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Nod32 AV devido ao seguinte erro:
%%1053


< End of report >
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal