Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom galera meu pc de uns dias pra ca ta muito lento,
o que podemos fazer?
Segue o seguinte log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:10, on 25/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15383&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O3 - Toolbar: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll
O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll
O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 7158 bytes
Será que devemos excluir alhuns desses programas?
Desde ja agradeço!
Olá Ragde....
1.
*Baixe o AD-Remover e salve-o no desktop
*Duplo clique em AD-R.exe
*Clique em [scan]....aguarde o término
*Cole o relatório criado em C:\Ad-Report-SCAN.log
*Execute novamente o AD-Remover
*Clique em [Clean]...aguarde o término
*Cole o relatório criado em C:\Ad-Report-CLEAN.log
2.
*Baixe o ATF Cleaner e salve-o no desktop
*Duplo clique em ATF-Cleaner.exe
*Em Main selecione [select all]
*Clique em [Empty Selected]
=>Caso use Firefox ou Opera:
*Em "Firefox" ou em "Opera" clique em [select all]
*Clique em [No]
*Clique [Empty Selected]
*Clique em [No]
*Clique em [Exit] ou no [X] para sair do programaSegue o seguintes logs
1°log Ad-Report-SCAN
.
======= LOGFILE OF AD-REMOVER 2.0.0.0,D | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started: 15:21:31 le 26/05/2010 | Normal boot | Option: SCAN
Executed from: C:\Ad-Remover\ADR.exe
OS: Microsoft Windows XP Professional (Service Pack 3 - X86)
Computer name: CASA-77512E3B81
Current user: edgar
.
============== FOUND ELEMENTS ==============
.
.
C:\Arquivos de programas\Ask.com
C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\AskToolbar
C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\extensions\toolbar@ask.com
C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\searchplugins\askcom.xml
C:\Documents and Settings\oscar\Configurações locais\Dados de aplicativos\AskToolbar
C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\AskToolbar
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
.HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\Ask.com
HKCU\Software\AskToolbar
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
.
.
============== ADDITIONNAL SCAN ==============
.
Mozilla FireFox Version 3.6.3 (pt-BR)
.
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\ramom\\Meus documentos\\Galeria
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaultenginename: Ask.com
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.selectedEngine: Google
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage: hxxp://br.ask.com?o=15383&l=dis
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2284000&SearchSource=3&q={searchTerms}
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.selectedEngine: MAX BR Customized Web Search
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage: hxxp://search.conduit.com/?ctid=CT2284000&SearchSource=13
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.7
.
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultenginename", "Ask.com");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://br.ask.com?o=15383&l=dis");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.cbid", "UJ");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.first-launch-url", "hxxp://g.msn.com/5mept_br/11");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.l", "dis");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1274807863367");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.locale", "pt_BR");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.o", "15380");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-lang", "pt");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-locale", "UK");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.r", "2");
FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.6.0,toolbar@ask.com:3.6.6.117,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3");
.Internet Explorer Version 8.0.6001.18702
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://br.ask.com?o=15383&l=dis
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Files
C:\Ad-Remover\Backup: 1 Files
.
C:\Ad-Report-SCAN[1].txt - 9630 Byte(s)
.
End at: 15:34:24, 26/05/2010
.
============== E.O.F - SCAN[1] ==============
2°log Ad-Report-CLEAN
.
======= LOGFILE OF AD-REMOVER 2.0.0.0,D | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started: 15:39:48 le 26/05/2010 | Normal boot | Option: CLEAN
Executed from: C:\Ad-Remover\ADR.exe
OS: Microsoft Windows XP Professional (Service Pack 3 - X86)
Computer name: CASA-77512E3B81
Current user: edgar
.
============== FIXED ELEMENTS ==============
.
.
C:\Arquivos de programas\Ask.com
C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\AskToolbar
C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\extensions\toolbar@ask.com
C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\searchplugins\askcom.xml
C:\Documents and Settings\oscar\Configurações locais\Dados de aplicativos\AskToolbar
C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\AskToolbar
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
(!) -- Deleted temporary files.
.
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\Ask.com
HKCU\Software\AskToolbar
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
.
.
============== ADDITIONNAL SCAN ==============
.
Mozilla FireFox Version 3.6.3 (pt-BR)
.
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\ramom\\Meus documentos\\Galeria
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaultenginename: Ask.com
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.selectedEngine: Google
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage: hxxp://br.ask.com?o=15383&l=dis
C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2284000&SearchSource=3&q={searchTerms}
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.selectedEngine: MAX BR Customized Web Search
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage: hxxp://search.conduit.com/?ctid=CT2284000&SearchSource=13
C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.7
.
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultenginename", "Ask.com");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://br.ask.com?o=15383&l=dis");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.cbid", "UJ");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.first-launch-url", "hxxp://g.msn.com/5mept_br/11");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.l", "dis");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1274807863367");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.locale", "pt_BR");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.o", "15380");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-lang", "pt");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-locale", "UK");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.r", "2");
ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.6.0,toolbar@ask.com:3.6.6.117,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3");
.Internet Explorer Version 8.0.6001.18702
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 2 Files
C:\Ad-Remover\Backup: 14 Files
.
C:\Ad-Report-CLEAN[1].txt - 9894 Byte(s)
C:\Ad-Report-SCAN[1].txt - 9754 Byte(s)
.
End at: 15:49:50, 26/05/2010
.
============== E.O.F - CLEAN[1] ==============
Obsv:Ao fazer o clean do AD-R o pc entrou em estado
de reiniciaçao e nunka dava fim tive que RESETAR minha maquina!
Caso n ssecite de mais coisas aqui vai o LOG final!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:23, on 26/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll
O3 - Toolbar: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll
O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 6660 bytes
Agradeço desde já!!
1.
*Execute novamente o AD-Remover
*Clique em [uninstall]
2.
*Baixe o MalwareBytes Anti-malware e salve-o no desktop
*Instale o programa
*Se alguma atualização existir,o download será automático. Aguarde...
*O programa será aberto automaticamente.
*Na aba [Verificação], selecione a opção [Verificação completa]
*Clique em [Verificar] e selecione as unidades a serem examinadas
*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]
*Clique em [Remover Selecionados]
*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
*Cole-o na sua próxima resposta
Só lembrando a você que minha maquina ja continha os seguintes programas:
SpywareBlaster;
Auslogics Disk Defrag;
ToolsCleaner2.exe;fox.exe; goold.exe, aquele do N como icone
Malwarebytes' Anti-Malware e agora o ATF-Cleaner.exe que vcs pediram.
goold.exe, aquele da aranha como icone
ComboFix.exe;CCleaner e o antivirus Microsoft Security Essentials.
Espero que essas informaçoes seja ulteis..
Como pedido segui o Seguinte LOG:
Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3877
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27/5/2010 10:59:10
mbam-log-2010-05-27 (10-59-10).txt
Tipo de Verificação: Completa (A:\|C:\|D:\|)
Objetos verificados: 207074
Tempo decorrido: 1 hour(s), 9 minute(s), 59 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 4
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\Arquivos de programas\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\edgar\Meus documentos\Diguinho\Programas\MSE Removal XP 32.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\Documents and Settings\oscar\Meus documentos\Downloads\2030210.com (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP132\A0016310.dll (Trojan.Agent) -> Quarantined and deleted successfully.
*Baixe o OTL e salve-o no desktop
*Duplo clique em OTL.exe
*Selecione as opções abaixo:
[x] Scan All Users [x[ Minimal Output
[x] Use Company Name WhiteList
[x] Skip Microsoft Files
[x] LOP Check
[x] Purity Check
*Em Custom Scans/Fixes cole o código abaixo:
>
netsvcs
msconfig
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
tcpip.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
sfcfiles.dll
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\AutoUpdate\Results\Instal l|LastSuccessTime /rs
*Clique em [Run Scan] e aguarde o término do processo
*Dois relatórios serão criados no desktop chamados: OTL.txt e Extras.txt
*Cole o relatório OTL.txt
onde que fica
[x] Scan All Users
[x[ Minimal Output
[x] Use Company Name WhiteList
[x] Skip Microsoft Files
[x] LOP Check
[x] Purity Check
pra que eu possa marcar pois nao vejo issu!
as unicas opiçoes que tenhu sao:
Verificar,Verificaçao rapida,consertar,nenhum,limpeza depois tem
processos,modulos,servirços,diversos,Exame padrao de registro,Exame extra do registro
onde devo ir pra poder selecionar os intens abaixo!
Desde já agradeço!
Desculpe...
A interface do programa mudou.
Selecione as opções:
[] Verificar All Users[] Ignorar Arquivos Microsoft
[] Verificar Lop
[] Verificar Purity
Cole o código e clique em [Verificar]
Nao sei se os logs sao iguais mais aqui vao eles!
Segue os log:
OTL logfile created on: 28/5/2010 16:31:31 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\edgar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
511,00 Mb Total Physical Memory | 115,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 50,44 Gb Free Space | 67,69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CASA-77512E3B81
Current User Name: edgar
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/05/27 19:26:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe
PRC - [2010/04/04 22:46:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 16:32:26 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
PRC - [2007/05/12 11:19:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe
PRC - [2006/11/02 22:31:06 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmplayer.exe
PRC - [2005/07/08 15:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
========== Modules (SafeList) ==========
MOD - [2010/05/27 19:26:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe
MOD - [2008/04/13 23:19:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2005/07/08 15:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 13:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/05 13:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006/03/13 23:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/10/05 14:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/11 10:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/07/08 15:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 15:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/06/30 02:16:26 | 001,094,848 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/12 07:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 19:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/06/09 23:09:08 | 000,031,232 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-492894223-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/05/08 19:02:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/04/04 22:47:07 | 000,000,000 | ---D | M]
[2010/01/16 19:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Extensions
[2010/05/27 19:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions
[2010/04/24 11:07:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/28 22:01:16 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010/01/12 14:26:12 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\searchplugins\conduit.xml
[2010/05/26 15:15:51 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2010/04/09 00:38:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/02/15 16:35:06 | 000,120,296 | ---- | M] ( ) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll
[2010/04/04 22:46:54 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2010/04/04 22:46:54 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2010/04/04 22:46:54 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2010/04/04 22:46:54 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml
O1 HOSTS File: ([2010/01/29 13:37:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Softonic_Brasil Toolbar) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Portuguese Toolbar) - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (MAX BR Toolbar) - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic_Brasil Toolbar) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Portuguese Toolbar) - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MAX BR Toolbar) - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (Softonic_Brasil Toolbar) - {12FC3D37-2A42-4FE3-8489-81296878CBA5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (Messenger Plus Live Portuguese Toolbar) - {B46B614E-44C7-4448-AC14-9AB9F7740D64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (MAX BR Toolbar) - {FE379C63-1156-4C8C-8DBB-F823D3EA4B37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-492894223-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Arquivos de programas\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab) (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab) (Java Plug-in 1.6.0_18)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/16 18:22:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/05/27 19:25:20 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe
[2010/05/26 17:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Ahead
[2010/05/26 16:10:01 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\edgar\Desktop\ATF-Cleaner.exe
[2010/05/24 17:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Dados de aplicativos\Google
[2010/05/24 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google
[2010/05/24 17:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Temp
[2010/05/24 17:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google
[2010/05/24 17:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Google
[2010/05/24 17:35:35 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Google
[2010/05/22 09:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Dados de aplicativos\Uniblue
[2010/05/19 21:55:33 | 000,344,064 | ---- | C] (Sonix) -- C:\WINDOWS\vsnp2std.exe
[2010/05/19 21:55:29 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/05/19 21:55:29 | 000,073,728 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2std.dll
[2010/05/19 21:55:28 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2010/05/19 21:55:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\snp2std
[2010/05/14 18:01:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GIF Movie Gear
[2010/05/14 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Desktop\CursoHTML
[2010/05/09 22:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\MAX_BR
[2010/05/08 17:51:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MAX_BR
[2010/05/08 12:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Meus documentos\KONAMI
[2010/05/08 11:30:44 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\KONAMI
[2010/05/08 11:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\KONAMI
[4 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/28 16:32:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7591141C-7460-4C2F-8949-CAF1DAD084F0}.job
[2010/05/28 16:26:31 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4149C9B5-B8C4-4522-8252-6D3A5332BB93}.job
[2010/05/28 16:12:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/28 16:07:13 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/28 16:07:13 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/28 16:07:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/28 16:06:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 16:06:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 16:06:41 | 536,104,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/27 23:41:10 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\edgar\ntuser.dat
[2010/05/27 23:41:10 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\edgar\ntuser.ini
[2010/05/27 23:40:05 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/27 23:38:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-682003330-1005UA.job
[2010/05/27 23:38:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-682003330-1005Core.job
[2010/05/27 19:26:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe
[2010/05/26 22:52:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/26 16:10:03 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\edgar\Desktop\ATF-Cleaner.exe
[2010/05/24 17:57:57 | 000,001,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/23 12:32:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010/05/23 12:32:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/05/23 12:32:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/19 21:55:35 | 000,000,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/13 01:40:17 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk
[2010/05/08 19:49:23 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Encore 5.lnk
[2010/05/08 12:00:31 | 000,369,964 | ---- | M] () -- C:\AnalysisLog.sr0
[2010/05/01 01:19:50 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[4 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
[4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/24 17:57:57 | 000,001,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/24 17:35:46 | 000,001,046 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/24 17:35:45 | 000,001,042 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 12:32:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010/05/23 12:32:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/05/19 21:55:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010/05/19 21:55:33 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe
[2010/05/19 21:55:32 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/05/19 21:55:32 | 000,013,022 | ---- | C] () -- C:\WINDOWS\snp2std.src
[2010/05/19 21:55:31 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2010/05/19 21:55:29 | 012,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/05/13 01:40:17 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk
[2010/05/08 12:00:19 | 000,369,964 | ---- | C] () -- C:\AnalysisLog.sr0
[2010/03/05 18:49:17 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/17 11:14:25 | 000,013,327 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/17 11:14:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/01/17 11:14:11 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/01/17 08:56:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/16 23:17:01 | 000,000,369 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/07 08:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2007/01/30 14:32:48 | 000,007,167 | ---- | C] () -- C:\WINDOWS\cam1690.ini
[2006/12/20 16:50:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll
[2005/09/29 15:42:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\linstall.dll
[2005/06/10 09:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2005/06/10 09:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[2004/05/13 19:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll
[2004/03/18 16:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
========== LOP Check ==========
[2010/05/08 11:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\KONAMI
[2010/01/18 19:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
[2010/02/02 17:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2010/02/02 17:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Auslogics
[2010/04/16 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\GanymedeNet
[2010/01/22 13:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\GetRightToGo
[2010/01/16 23:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\InterTrust
[2010/01/27 14:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Lightcomm
[2010/05/22 09:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Uniblue
[2010/05/08 19:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\eMule
[2010/03/20 11:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\GanymedeNet
[2010/01/24 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\Lightcomm
[2010/01/24 19:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\Uniblue
[2010/01/27 09:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ramom\Dados de aplicativos\Lightcomm
[2010/05/28 16:12:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/05/28 16:07:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/05/28 16:26:31 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4149C9B5-B8C4-4522-8252-6D3A5332BB93}.job
[2010/05/28 16:32:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7591141C-7460-4C2F-8949-CAF1DAD084F0}.job
========== Purity Check ==========
< End of report >
e mais esse que apareceu:
OTL Extras logfile created on: 28/5/2010 16:31:31 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\edgar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy
511,00 Mb Total Physical Memory | 115,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 50,44 Gb Free Space | 67,69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CASA-77512E3B81
Current User Name: edgar
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\PhotoScape\PhotoScape.exe" = C:\Arquivos de programas\PhotoScape\PhotoScape.exe:*:Enabled:ipsec -- ()
"C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec -- (Google Inc.)
"C:\Arquivos de programas\Windows Media Player\wmdbexport.exe" = C:\Arquivos de programas\Windows Media Player\wmdbexport.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\system32\HDAShCut.exe" = C:\WINDOWS\system32\HDAShCut.exe:*:Enabled:ipsec -- (Windows ® Server 2003 DDK provider)
"C:\Arquivos de programas\lg_fwupdate\getodd.exe" = C:\Arquivos de programas\lg_fwupdate\getodd.exe:*:Enabled:ipsec -- ()
"C:\Arquivos de programas\lg_fwupdate\GetODDModel.exe" = C:\Arquivos de programas\lg_fwupdate\GetODDModel.exe:*:Enabled:ipsec -- (BitLeader)
"C:\WINDOWS\system32\NeroCheck.exe" = C:\WINDOWS\system32\NeroCheck.exe:*:Enabled:ipsec -- (Ahead Software Gmbh)
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe" = C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Arquivos de programas\lg_fwupdate\getadmin.exe" = C:\Arquivos de programas\lg_fwupdate\getadmin.exe:*:Enabled:ipsec -- (BitLeader)
"C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" = C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe:*:Enabled:ipsec -- (Cyberlink Corp.)
"C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" = C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe:*:Enabled:ipsec -- (Analog Devices, Inc.)
"C:\Arquivos de programas\Java\jre6\bin\jucheck.exe" = C:\Arquivos de programas\Java\jre6\bin\jucheck.exe:*:Enabled:ipsec -- File not found
"C:\Arquivos de programas\CyberScript32\CyberScript.exe" = C:\Arquivos de programas\CyberScript32\CyberScript.exe:*:Enabled:ipsec -- (mIRC Co. Ltd.)
"C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" = C:\Arquivos de programas\lg_fwupdate\fwupdate.exe:*:Enabled:ipsec -- (BitLeader)
"C:\oscar\wlsetup-custom.exe" = C:\oscar\wlsetup-custom.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Arquivos de programas\Ahead\InCD\InCD.exe" = C:\Arquivos de programas\Ahead\InCD\InCD.exe:*:Enabled:ipsec -- (Nero AG)
"C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe" = C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe" = C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe:*:Enabled:ipsec -- File not found
"C:\Arquivos de programas\lg_fwupdate\Buyer.exe" = C:\Arquivos de programas\lg_fwupdate\Buyer.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Arquivos de programas\ltmoh\Ltmoh.exe" = C:\Arquivos de programas\ltmoh\Ltmoh.exe:*:Enabled:ipsec -- (Agere Systems)
"C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" = C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ipsec -- (Analog Devices, Inc.)
"C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe" = C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe:*:Enabled:ipsec -- File not found
"C:\oscar\eMule\emule.exe" = C:\oscar\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{5A06BC95-C59E-438D-AA8D-A97690AD628C}" = Encore 5
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C371EE0-6AC4-4B5D-A16F-0BF9DB2A2292}_is1" = Truco WinnersGames 2.0
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{8527C3D5-BA1D-46E9-88D2-AF25544311A3}" = JPEG Camera v0.97
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EF54987-EE4A-4096-90CB-8B21214B50E8}" = Microsoft Antimalware Service PT-BR Language Pack
"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3067925-A766-4291-91B2-09645103A21B}" = JPEG Camera v0.97
"{A65E6F25-FE28-4C75-84F9-0E10A976C8FF}" = JPEG USB Video Camera Driver v0.94
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aTube Catcher" = aTube Catcher
"CCleaner" = CCleaner
"CyberScript_is1" = CyberScript v3.2
"eMule" = eMule
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"GIF Movie Gear_is1" = GIF Movie Gear 4.2.3
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAX_BR Toolbar" = MAX_BR Toolbar
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar
"Messenger_Plus_Live_Portuguese Toolbar" = Messenger_Plus_Live_Portuguese Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PhotoScape" = PhotoScape
"Plugin Letras.mus.br" = Plugin Letras.mus.br 1.10
"Programador de Modem_is1" = LightModem 3.0
"RASPPPOE" = PPP over Ethernet Protocol 0.98
"Softonic_Brasil Toolbar" = Softonic_Brasil Toolbar
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/5/2010 09:56:17 | Computer Name = CASA-77512E3B81 | Source = Application Hang | ID = 1002
Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8089.726, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.
Error - 10/5/2010 20:33:06 | Computer Name = CASA-77512E3B81 | Source = Application Hang | ID = 1002
Description = Aplicativo com falha wmplayer.exe, versão 11.0.5721.5145, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.
Error - 13/5/2010 11:04:36 | Computer Name = CASA-77512E3B81 | Source = Application Hang | ID = 1002
Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8089.726, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.
Error - 14/5/2010 22:56:12 | Computer Name = CASA-77512E3B81 | Source = Windows Live Messenger | ID = 1000
Description =
Error - 15/5/2010 11:04:38 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 2.1.6519.0, P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware
(bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL.
Error - 20/5/2010 09:06:09 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 21/5/2010 15:16:54 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.5802.0, P3 1.83.182.0, P4 1.83.182.0, P5 virtool_win32_obfuscator.xx, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 21/5/2010 16:58:54 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 23/5/2010 10:38:33 | Computer Name = CASA-77512E3B81 | Source = Google Update | ID = 20
Description =
Error - 24/5/2010 18:25:09 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 26/5/2010 17:14:01 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842784
Description = Não foi possível encontrar Assembly dependente Microsoft.VC80.MFCLOC
e o último erro foi A montagem a que foi feita referência não está instalada no
sistema.
Error - 26/5/2010 17:14:01 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811
Description = Falha de Resolve Partial Assembly para Microsoft.VC80.MFCLOC. Mensagem
de erro de referência: A montagem a que foi feita referência não está instalada
no sistema. .
Error - 26/5/2010 17:14:02 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811
Description = Falha de Generate Activation Context para C:\Arquivos de programas\PhotoScape\MFC80.DLL.
Mensagem
de erro de referência: A operação foi concluída com êxito. .
Error - 27/5/2010 00:16:24 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002
Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com
endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor
DHCP enviou uma mensagem DHCPNACK).
Error - 27/5/2010 08:33:58 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002
Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com
endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor
DHCP enviou uma mensagem DHCPNACK).
Error - 27/5/2010 10:49:48 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842784
Description = Não foi possível encontrar Assembly dependente Microsoft.VC80.MFCLOC
e o último erro foi A montagem a que foi feita referência não está instalada no
sistema.
Error - 27/5/2010 10:49:48 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811
Description = Falha de Resolve Partial Assembly para Microsoft.VC80.MFCLOC. Mensagem
de erro de referência: A montagem a que foi feita referência não está instalada
no sistema. .
Error - 27/5/2010 10:49:48 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811
Description = Falha de Generate Activation Context para C:\Arquivos de programas\PhotoScape\MFC80.DLL.
Mensagem
de erro de referência: A operação foi concluída com êxito. .
Error - 27/5/2010 18:21:29 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002
Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com
endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor
DHCP enviou uma mensagem DHCPNACK).
Error - 28/5/2010 15:06:44 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002
Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com
endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor
DHCP enviou uma mensagem DHCPNACK).
< End of report >
1.
*Baixe o SalityKiller e salve-o no desktop
*Extraia o seu conteúdo para C:\
*Desative a Restauração do Sistema
Clique com o botão direito do mouse em Meu Computador > Propriedades > Restauração do Sistema > Desativar Restauração do Sistema > OK > Sim
*Desative seu antivírus temporariamente
*Este programa irá rodar em 2 janelas distintas ao mesmo tempo!!
*A primeira janela:
*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -m
*Clique [OK]
*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.
*A segunda janela:
*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -x -k -j -l sality.txt -v
*Clique [OK]
*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.
*Cole o resumo localizado no final do arquivo C:\sality.txt, conforme mostrado abaixo:
23:57:51:0 Infected files: 823:57:51:0 Infected processes: 0
23:57:51:0 Infected threads: 2
23:57:51:0 Cured files: 8
23:57:51:0 Executed registry scripts: 1
Bom olha o que me ocorreu:Ao termino dessa tarefa eu
reativei meu antivirus e minhas Restauração do Sistema
e em seguida tentei colar os resultados aqui mais nao deu
a maquina travou de vez entao resolvi RESETAR ela e entao
tentei tudo de novo mais sempre que vou coloar os resultados
do nosso C:\sality.txt ela vai la e trava nao sei o que acontece
e percebi que ao fazer essas coisas e Reiniciando minha maquina ela
ta voltando sempre mais lenta ou seja achu que esses programas fez ela
fikar um pouco mais lenta achu nao tenhu certeza e ela trava muito o que
podemos fazer ou o que eu fiz de errado espero que me ajudem!Agradeeço desde já!
ps:eu desativei meu anti virus e as restauraçoes do sistema
numa nova tentativa mais deu na mesma ele trava espero que issu possa lhe
ajudar!fiko preocupado será que pegou açgum virus!dsde ja agradeço!
1. Os programas utilizados até o momento, não costumam interferir no desempenho do PC.
2. Você tem sinais de contaminação por um vírus chamado Sality. Ele contamina todos os arquivos .exe do PC. Sua remoção é difícil. Muitas vezes a formatação é o procedimento mais rápido. Os achados dele no seu PC são:
"C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe::Enabled:ipsec -- File not found"C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe::Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe" = C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe:*:Enabled:ipsec -- File not found
3. A quantidade de memória livre no seu PC está baixa: 115,00 Mb (22%).
O procedimento abaixo não significa que o seu problema será resolvido. Quanto as ferramentas usadas, removeremos todas.
*Duplo clique em OTL
*Em "Exames Personalizados/Correções" cole o código abaixo:
>
:Processes
explorer.exe
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe" =-
"C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe" =-
"C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe" =-
"C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe" =-
"C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe" =-
"C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe" =-
"C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe" =-
"C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe" =-
"C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe" =-
"C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe" =-
"C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe" =-
"C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe" =-
"C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe" =-
"C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe" =-
:Commands
[ResetHosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]
*Clique em [Consertar]
*O PC será reiniciado
*Cole o relatório criado em C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos
Tente agora fazer o procedimento do SalityKiller.
Bom execultei o OTL e pediu pra reiniciar meu pc conforme você tinha dito
só que ele nunka que terminava de reiniciar deixei passar muito tempo e nada
entao tive que novamente RESETAR minha maquina,entao dando sequencia seg o resultado
do OTL:
All processes killed
Error: Unable to interpret <Processes> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: edgar
->Temp folder emptied: 313882598 bytes
->Temporary Internet Files folder emptied: 36474033 bytes
->Java cache emptied: 761451 bytes
->FireFox cache emptied: 52919849 bytes
->Flash cache emptied: 10309 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 92846 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: oscar
->Temp folder emptied: 12161540 bytes
->Temporary Internet Files folder emptied: 6684955 bytes
->Java cache emptied: 21421640 bytes
->FireFox cache emptied: 56567503 bytes
->Flash cache emptied: 9841 bytes
User: ramom
->Temp folder emptied: 4798444 bytes
->Temporary Internet Files folder emptied: 80443336 bytes
->Java cache emptied: 13690420 bytes
->FireFox cache emptied: 4843664 bytes
->Google Chrome cache emptied: 232000879 bytes
->Flash cache emptied: 6214 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134162 bytes
%systemroot%\System32 .tmp files removed: 2833305 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 944373 bytes
RecycleBin emptied: 58529698 bytes
Total Files Cleaned = 860,00 mb
OTL by OldTimer - Version 3.2.5.0 log created on 06012010_144409
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
E em sequencia segue o resultado do SalityKiller
completed
15:41:33:046 2556 Infected files: 0
15:41:33:046 2556 Infected processes: 0
15:41:33:046 2556 Infected threads: 0
15:41:33:046 2556 Cured files: 0
15:41:33:046 2556 Executed registry scripts: 1
Ovsv;achei estranhu que este virus sality apareceu depois que eu
retirei as defesas de minha maquina e ela tem mesmu node do programa
cujo você disse pra eu execultar.Nao é desconfiança de teu trabahlo até
mesmu porq ja sulucionei problemas aqui com vcs mais só achei estranhu,
se poder na proxima postagem me explicar pra que serve o SalityKiller eu fikarei
muito grato!Desde já agradeço a força!Ah e no termino desse ultimo resultado eu voltei com
as defesas de meu pc pra poder usalo até a proxima postagem ok!Abraço
O SalityKiller é um programa específico para a remoção das vairiantes Sality.y, Sality.z e Sality.aa, que são as mais comuns. Porém, nem sempre é possível a sua remoção e a formatação se faz necessária. Dei um chute para ver se era uma destas variantes.
1.
*Delete os arquivos C:\SalityKiller.exe e C:\sality.txt
Informe como está o PC antes de remover as ferramentas usadas.
Bom cara lhe confesso que depois que andei fazendo esess
testes ela fikou bem mais lenta do que antes será que se remover
esse e outros programas nao ajuda um pouco nao!Vou remover esses que você falou
e volto pra dizer se teve melhora ou piora!Agradeço!
1.
*Execute o OTL novamente, clique em [Limpeza] e reinicie o PC
2.
*Baixe e instale o CCleaner
*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"
*Clique em [Executar Limpeza]
*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]
Informe como está o PC.
BOm aparentemente me parecesse que deu uma aliviada nele
mais 100% ainda nao esta!
Uma coisa que eu notei foi que ao eu executar a lempeza do OTL
ao reiniciar minha maquina o propio programa OTL sumiu ele e um outro
que nem me lembro mais issu seria normal?
Bom em fim por enquanto é só!VOu analisar com mais tempo a maquina
e volto depois pra dizer definitivamente como anda ela ok!
No massimo 1semana e respondo!Desde já agradeço!
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
post um log conforme regra 2
http://forum.imasters.com.br/index.php?showtopic=165906