Ragde 0 Denunciar post Postado Maio 24, 2010 Bom galera meu pc de uns dias pra ca ta muito lento, o que podemos fazer? Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Maio 25, 2010 post um log conforme regra 2 http://forum.imasters.com.br/index.php?showtopic=165906 Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Maio 25, 2010 Segue o seguinte log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:49:10, on 25/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15383&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll O2 - BHO: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll O3 - Toolbar: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- End of file - 7158 bytes Será que devemos excluir alhuns desses programas? Desde ja agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 26, 2010 Olá Ragde.... 1. *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [scan]....aguarde o término *Cole o relatório criado em C:\Ad-Report-SCAN.log *Execute novamente o AD-Remover *Clique em [Clean]...aguarde o término *Cole o relatório criado em C:\Ad-Report-CLEAN.log 2. *Baixe o ATF Cleaner e salve-o no desktop *Duplo clique em ATF-Cleaner.exe *Em Main selecione [select all] *Clique em [Empty Selected] =>Caso use Firefox ou Opera: *Em "Firefox" ou em "Opera" clique em [select all] *Clique em [No] *Clique [Empty Selected] *Clique em [No] *Clique em [Exit] ou no [X] para sair do programa Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Maio 26, 2010 Segue o seguintes logs 1°log Ad-Report-SCAN . ======= LOGFILE OF AD-REMOVER 2.0.0.0,D | ONLY XP/VISTA/7 ======= . Updated by C_XX on 19/05/10 à 19:20 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Started: 15:21:31 le 26/05/2010 | Normal boot | Option: SCAN Executed from: C:\Ad-Remover\ADR.exe OS: Microsoft Windows XP Professional (Service Pack 3 - X86) Computer name: CASA-77512E3B81 Current user: edgar . ============== FOUND ELEMENTS ============== . . C:\Arquivos de programas\Ask.com C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\AskToolbar C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\extensions\toolbar@ask.com C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\searchplugins\askcom.xml C:\Documents and Settings\oscar\Configurações locais\Dados de aplicativos\AskToolbar C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\AskToolbar C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job . HKCU\Software\AppDataLow\AskToolbarInfo HKCU\Software\Ask.com HKCU\Software\AskToolbar HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} HKLM\Software\Classes\AppID\GenericAskToolbar.DLL HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} . . ============== ADDITIONNAL SCAN ============== . * Mozilla FireFox Version 3.6.3 (pt-BR) * . C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\ramom\\Meus documentos\\Galeria C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaultenginename: Ask.com C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms} C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage: hxxp://br.ask.com?o=15383&l=dis C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2284000&SearchSource=3&q={searchTerms} C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.selectedEngine: MAX BR Customized Web Search C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage: hxxp://search.conduit.com/?ctid=CT2284000&SearchSource=13 C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 C:\Documents and Settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.7 . FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultenginename", "Ask.com"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.order.1", "Ask.com"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://br.ask.com?o=15383&l=dis"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.cbid", "UJ"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.first-launch-url", "hxxp://g.msn.com/5mept_br/11"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.fresh-install", false); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.l", "dis"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1274807863367"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.locale", "pt_BR"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.o", "15380"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-lang", "pt"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-locale", "UK"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.r", "2"); FOUND: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.6.0,toolbar@ask.com:3.6.6.117,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"); . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Show_ToolBar: yes Start Page: hxxp://br.ask.com?o=15383&l=dis Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Files C:\Ad-Remover\Backup: 1 Files . C:\Ad-Report-SCAN[1].txt - 9630 Byte(s) . End at: 15:34:24, 26/05/2010 . ============== E.O.F - SCAN[1] ============== 2°log Ad-Report-CLEAN . ======= LOGFILE OF AD-REMOVER 2.0.0.0,D | ONLY XP/VISTA/7 ======= . Updated by C_XX on 19/05/10 à 19:20 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Started: 15:39:48 le 26/05/2010 | Normal boot | Option: CLEAN Executed from: C:\Ad-Remover\ADR.exe OS: Microsoft Windows XP Professional (Service Pack 3 - X86) Computer name: CASA-77512E3B81 Current user: edgar . ============== FIXED ELEMENTS ============== . . C:\Arquivos de programas\Ask.com C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\AskToolbar C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\extensions\toolbar@ask.com C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\FireFox\Profiles\82rp15fq.default\searchplugins\askcom.xml C:\Documents and Settings\oscar\Configurações locais\Dados de aplicativos\AskToolbar C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\AskToolbar C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job (!) -- Deleted temporary files. . HKCU\Software\AppDataLow\AskToolbarInfo HKCU\Software\Ask.com HKCU\Software\AskToolbar HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} HKLM\Software\Classes\AppID\GenericAskToolbar.DLL HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} . . ============== ADDITIONNAL SCAN ============== . * Mozilla FireFox Version 3.6.3 (pt-BR) * . C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\ramom\\Meus documentos\\Galeria C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaultenginename: Ask.com C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms} C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage: hxxp://br.ask.com?o=15383&l=dis C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2284000&SearchSource=3&q={searchTerms} C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.search.selectedEngine: MAX BR Customized Web Search C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage: hxxp://search.conduit.com/?ctid=CT2284000&SearchSource=13 C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\Firefox\Profiles\kouwjd3j.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 C:\Documents and Settings\ramom\Dados de aplicativos\Mozilla\Firefox\Profiles\22ef7qo1.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.7 . ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.defaultenginename", "Ask.com"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.search.order.1", "Ask.com"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://br.ask.com?o=15383&l=dis"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.cbid", "UJ"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.first-launch-url", "hxxp://g.msn.com/5mept_br/11"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.fresh-install", false); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.l", "dis"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1274807863367"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.locale", "pt_BR"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.o", "15380"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-lang", "pt"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.options-locale", "UK"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.asktb.r", "2"); ERASED: C:\Documents and Settings\edgar\Dados de aplicativos\mozilla\firefox\profiles\82rp15fq.default\prefs.js - user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,{9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.6.0,toolbar@ask.com:3.6.6.117,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"); . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 2 Files C:\Ad-Remover\Backup: 14 Files . C:\Ad-Report-CLEAN[1].txt - 9894 Byte(s) C:\Ad-Report-SCAN[1].txt - 9754 Byte(s) . End at: 15:49:50, 26/05/2010 . ============== E.O.F - CLEAN[1] ============== Obsv:Ao fazer o clean do AD-R o pc entrou em estado de reiniciaçao e nunka dava fim tive que RESETAR minha maquina! Caso n ssecite de mais coisas aqui vai o LOG final! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:31:23, on 26/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll O2 - BHO: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMess.dll O3 - Toolbar: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMess.dll O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- End of file - 6660 bytes Agradeço desde já!! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 26, 2010 1. *Execute novamente o AD-Remover *Clique em [uninstall] 2. *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as unidades a serem examinadas *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Maio 27, 2010 Só lembrando a você que minha maquina ja continha os seguintes programas: SpywareBlaster; Auslogics Disk Defrag; ToolsCleaner2.exe; fox.exe; goold.exe, aquele do N como icone Malwarebytes' Anti-Malware e agora o ATF-Cleaner.exe que vcs pediram. goold.exe, aquele da aranha como icone ComboFix.exe;CCleaner e o antivirus Microsoft Security Essentials. Espero que essas informaçoes seja ulteis.. Como pedido segui o Seguinte LOG: Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3877 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27/5/2010 10:59:10 mbam-log-2010-05-27 (10-59-10).txt Tipo de Verificação: Completa (A:\|C:\|D:\|) Objetos verificados: 207074 Tempo decorrido: 1 hour(s), 9 minute(s), 59 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 4 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\Arquivos de programas\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\edgar\Meus documentos\Diguinho\Programas\MSE Removal XP 32.exe (Trojan.VkHost) -> Quarantined and deleted successfully. C:\Documents and Settings\oscar\Meus documentos\Downloads\2030210.com (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{11C9B283-E50A-44FD-86E3-BC7D718E2638}\RP132\A0016310.dll (Trojan.Agent) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 27, 2010 *Baixe o OTL e salve-o no desktop *Duplo clique em OTL.exe *Selecione as opções abaixo: [x] Scan All Users [x[ Minimal Output [x] Use Company Name WhiteList [x] Skip Microsoft Files [x] LOP Check [x] Purity Check *Em Custom Scans/Fixes cole o código abaixo: netsvcs msconfig activex drivers32 %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll tcpip.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys sfcfiles.dll nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %PROGRAMFILES%\*.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\AutoUpdate\Results\Instal l|LastSuccessTime /rs *Clique em [Run Scan] e aguarde o término do processo *Dois relatórios serão criados no desktop chamados: OTL.txt e Extras.txt *Cole o relatório OTL.txt Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Maio 27, 2010 onde que fica [x] Scan All Users [x[ Minimal Output [x] Use Company Name WhiteList [x] Skip Microsoft Files [x] LOP Check [x] Purity Check pra que eu possa marcar pois nao vejo issu! as unicas opiçoes que tenhu sao: Verificar,Verificaçao rapida,consertar,nenhum,limpeza depois tem processos,modulos,servirços,diversos,Exame padrao de registro,Exame extra do registro onde devo ir pra poder selecionar os intens abaixo! Desde já agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 28, 2010 Desculpe... A interface do programa mudou. Selecione as opções: [] Verificar All Users[] Ignorar Arquivos Microsoft [] Verificar Lop [] Verificar Purity Cole o código e clique em [Verificar] Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Maio 28, 2010 Nao sei se os logs sao iguais mais aqui vao eles! Segue os log: OTL logfile created on: 28/5/2010 16:31:31 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\edgar\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 511,00 Mb Total Physical Memory | 115,00 Mb Available Physical Memory | 22,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 74,52 Gb Total Space | 50,44 Gb Free Space | 67,69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CASA-77512E3B81 Current User Name: edgar Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: On File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/27 19:26:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe PRC - [2010/04/04 22:46:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008/04/13 23:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/28 16:32:26 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe PRC - [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe PRC - [2007/05/12 11:19:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe PRC - [2006/11/02 22:31:06 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmplayer.exe PRC - [2005/07/08 15:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe ========== Modules (SafeList) ========== MOD - [2010/05/27 19:26:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe MOD - [2008/04/13 23:19:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2005/07/08 15:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe -- (InCDsrv) ========== Driver Services (SafeList) ========== DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008/04/13 13:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/09/05 13:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006/03/13 23:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm) DRV - [2005/10/05 14:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005/08/11 10:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2005/07/08 15:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005/07/08 15:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2005/06/30 02:16:26 | 001,094,848 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/08/12 07:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/08/03 19:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2002/06/09 23:09:08 | 000,031,232 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-507921405-492894223-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/05/08 19:02:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/04/04 22:47:07 | 000,000,000 | ---D | M] [2010/01/16 19:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Extensions [2010/05/27 19:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions [2010/04/24 11:07:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/28 22:01:16 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761} [2010/01/12 14:26:12 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\edgar\Dados de aplicativos\Mozilla\Firefox\Profiles\82rp15fq.default\searchplugins\conduit.xml [2010/05/26 15:15:51 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions [2010/04/09 00:38:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/02/15 16:35:06 | 000,120,296 | ---- | M] ( ) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll [2010/04/04 22:46:54 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml [2010/04/04 22:46:54 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2010/04/04 22:46:54 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2010/04/04 22:46:54 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2010/01/29 13:37:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Softonic_Brasil Toolbar) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.) O2 - BHO: (Messenger Plus Live Portuguese Toolbar) - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll (Conduit Ltd.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (MAX BR Toolbar) - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic_Brasil Toolbar) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Portuguese Toolbar) - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MAX BR Toolbar) - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (Softonic_Brasil Toolbar) - {12FC3D37-2A42-4FE3-8489-81296878CBA5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (Messenger Plus Live Portuguese Toolbar) - {B46B614E-44C7-4448-AC14-9AB9F7740D64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-507921405-492894223-682003330-1004\..\Toolbar\WebBrowser: (MAX BR Toolbar) - {FE379C63-1156-4C8C-8DBB-F823D3EA4B37} - C:\Arquivos de programas\MAX_BR\tbMAX_.dll (Conduit Ltd.) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe () O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-492894223-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O12 - Plugin for: .spop - C:\Arquivos de programas\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/16 18:22:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/27 19:25:20 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe [2010/05/26 17:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Ahead [2010/05/26 16:10:01 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\edgar\Desktop\ATF-Cleaner.exe [2010/05/24 17:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Dados de aplicativos\Google [2010/05/24 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google [2010/05/24 17:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Temp [2010/05/24 17:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google [2010/05/24 17:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\Google [2010/05/24 17:35:35 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Google [2010/05/22 09:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Dados de aplicativos\Uniblue [2010/05/19 21:55:33 | 000,344,064 | ---- | C] (Sonix) -- C:\WINDOWS\vsnp2std.exe [2010/05/19 21:55:29 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll [2010/05/19 21:55:29 | 000,073,728 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2std.dll [2010/05/19 21:55:28 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [2010/05/19 21:55:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\snp2std [2010/05/14 18:01:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GIF Movie Gear [2010/05/14 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Desktop\CursoHTML [2010/05/09 22:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Configurações locais\Dados de aplicativos\MAX_BR [2010/05/08 17:51:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MAX_BR [2010/05/08 12:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar\Meus documentos\KONAMI [2010/05/08 11:30:44 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\KONAMI [2010/05/08 11:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\KONAMI [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/28 16:32:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7591141C-7460-4C2F-8949-CAF1DAD084F0}.job [2010/05/28 16:26:31 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4149C9B5-B8C4-4522-8252-6D3A5332BB93}.job [2010/05/28 16:12:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/05/28 16:07:13 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/28 16:07:13 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/05/28 16:07:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/05/28 16:06:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/28 16:06:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/28 16:06:41 | 536,104,960 | -HS- | M] () -- C:\hiberfil.sys [2010/05/27 23:41:10 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\edgar\ntuser.dat [2010/05/27 23:41:10 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\edgar\ntuser.ini [2010/05/27 23:40:05 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/05/27 23:38:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-682003330-1005UA.job [2010/05/27 23:38:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-492894223-682003330-1005Core.job [2010/05/27 19:26:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edgar\Desktop\OTL.exe [2010/05/26 22:52:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/05/26 16:10:03 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\edgar\Desktop\ATF-Cleaner.exe [2010/05/24 17:57:57 | 000,001,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/23 12:32:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf [2010/05/23 12:32:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2010/05/23 12:32:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/19 21:55:35 | 000,000,821 | ---- | M] () -- C:\WINDOWS\win.ini [2010/05/13 01:40:17 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk [2010/05/08 19:49:23 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Encore 5.lnk [2010/05/08 12:00:31 | 000,369,964 | ---- | M] () -- C:\AnalysisLog.sr0 [2010/05/01 01:19:50 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/24 17:57:57 | 000,001,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/24 17:35:46 | 000,001,046 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/05/24 17:35:45 | 000,001,042 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/05/23 12:32:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf [2010/05/23 12:32:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2010/05/19 21:55:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe [2010/05/19 21:55:33 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe [2010/05/19 21:55:32 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2010/05/19 21:55:32 | 000,013,022 | ---- | C] () -- C:\WINDOWS\snp2std.src [2010/05/19 21:55:31 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2010/05/19 21:55:29 | 012,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2010/05/13 01:40:17 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk [2010/05/08 12:00:19 | 000,369,964 | ---- | C] () -- C:\AnalysisLog.sr0 [2010/03/05 18:49:17 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/01/17 11:14:25 | 000,013,327 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010/01/17 11:14:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010/01/17 11:14:11 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010/01/17 08:56:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010/01/16 23:17:01 | 000,000,369 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/06/07 08:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll [2007/01/30 14:32:48 | 000,007,167 | ---- | C] () -- C:\WINDOWS\cam1690.ini [2006/12/20 16:50:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll [2005/09/29 15:42:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\linstall.dll [2005/06/10 09:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll [2005/06/10 09:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll [2004/05/13 19:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll [2004/03/18 16:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll ========== LOP Check ========== [2010/05/08 11:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\KONAMI [2010/01/18 19:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! [2010/02/02 17:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [2010/02/02 17:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Auslogics [2010/04/16 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\GanymedeNet [2010/01/22 13:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\GetRightToGo [2010/01/16 23:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\InterTrust [2010/01/27 14:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Lightcomm [2010/05/22 09:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\edgar\Dados de aplicativos\Uniblue [2010/05/08 19:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\eMule [2010/03/20 11:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\GanymedeNet [2010/01/24 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\Lightcomm [2010/01/24 19:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oscar\Dados de aplicativos\Uniblue [2010/01/27 09:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ramom\Dados de aplicativos\Lightcomm [2010/05/28 16:12:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010/05/28 16:07:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/05/28 16:26:31 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4149C9B5-B8C4-4522-8252-6D3A5332BB93}.job [2010/05/28 16:32:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7591141C-7460-4C2F-8949-CAF1DAD084F0}.job ========== Purity Check ========== < End of report > e mais esse que apareceu: OTL Extras logfile created on: 28/5/2010 16:31:31 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\edgar\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 511,00 Mb Total Physical Memory | 115,00 Mb Available Physical Memory | 22,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 74,52 Gb Total Space | 50,44 Gb Free Space | 67,69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CASA-77512E3B81 Current User Name: edgar Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: On File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-507921405-492894223-682003330-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Arquivos de programas\PhotoScape\PhotoScape.exe" = C:\Arquivos de programas\PhotoScape\PhotoScape.exe:*:Enabled:ipsec -- () "C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec -- (Google Inc.) "C:\Arquivos de programas\Windows Media Player\wmdbexport.exe" = C:\Arquivos de programas\Windows Media Player\wmdbexport.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\WINDOWS\system32\HDAShCut.exe" = C:\WINDOWS\system32\HDAShCut.exe:*:Enabled:ipsec -- (Windows ® Server 2003 DDK provider) "C:\Arquivos de programas\lg_fwupdate\getodd.exe" = C:\Arquivos de programas\lg_fwupdate\getodd.exe:*:Enabled:ipsec -- () "C:\Arquivos de programas\lg_fwupdate\GetODDModel.exe" = C:\Arquivos de programas\lg_fwupdate\GetODDModel.exe:*:Enabled:ipsec -- (BitLeader) "C:\WINDOWS\system32\NeroCheck.exe" = C:\WINDOWS\system32\NeroCheck.exe:*:Enabled:ipsec -- (Ahead Software Gmbh) "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe" = C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Arquivos de programas\lg_fwupdate\getadmin.exe" = C:\Arquivos de programas\lg_fwupdate\getadmin.exe:*:Enabled:ipsec -- (BitLeader) "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" = C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe:*:Enabled:ipsec -- (Cyberlink Corp.) "C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" = C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe:*:Enabled:ipsec -- (Analog Devices, Inc.) "C:\Arquivos de programas\Java\jre6\bin\jucheck.exe" = C:\Arquivos de programas\Java\jre6\bin\jucheck.exe:*:Enabled:ipsec -- File not found "C:\Arquivos de programas\CyberScript32\CyberScript.exe" = C:\Arquivos de programas\CyberScript32\CyberScript.exe:*:Enabled:ipsec -- (mIRC Co. Ltd.) "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" = C:\Arquivos de programas\lg_fwupdate\fwupdate.exe:*:Enabled:ipsec -- (BitLeader) "C:\oscar\wlsetup-custom.exe" = C:\oscar\wlsetup-custom.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Arquivos de programas\Ahead\InCD\InCD.exe" = C:\Arquivos de programas\Ahead\InCD\InCD.exe:*:Enabled:ipsec -- (Nero AG) "C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe" = C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe" = C:\Documents and Settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe:*:Enabled:ipsec -- File not found "C:\Arquivos de programas\lg_fwupdate\Buyer.exe" = C:\Arquivos de programas\lg_fwupdate\Buyer.exe:*:Enabled:ipsec -- () "C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Arquivos de programas\ltmoh\Ltmoh.exe" = C:\Arquivos de programas\ltmoh\Ltmoh.exe:*:Enabled:ipsec -- (Agere Systems) "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" = C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ipsec -- (Analog Devices, Inc.) "C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe:*:Enabled:ipsec -- File not found "C:\WINDOWS\explorer.exe" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation) "C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe" = C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe:*:Enabled:ipsec -- File not found "C:\oscar\eMule\emule.exe" = C:\oscar\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{5A06BC95-C59E-438D-AA8D-A97690AD628C}" = Encore 5 "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6C371EE0-6AC4-4B5D-A16F-0BF9DB2A2292}_is1" = Truco WinnersGames 2.0 "{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera "{8527C3D5-BA1D-46E9-88D2-AF25544311A3}" = JPEG Camera v0.97 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8EF54987-EE4A-4096-90CB-8B21214B50E8}" = Microsoft Antimalware Service PT-BR Language Pack "{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3067925-A766-4291-91B2-09645103A21B}" = JPEG Camera v0.97 "{A65E6F25-FE28-4C75-84F9-0E10A976C8FF}" = JPEG USB Video Camera Driver v0.94 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "aTube Catcher" = aTube Catcher "CCleaner" = CCleaner "CyberScript_is1" = CyberScript v3.2 "eMule" = eMule "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "GIF Movie Gear_is1" = GIF Movie Gear 4.2.3 "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "InCD!UninstallKey" = InCD "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MAX_BR Toolbar" = MAX_BR Toolbar "Messenger Plus! Live" = Messenger Plus! Live "Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar "Messenger_Plus_Live_Portuguese Toolbar" = Messenger_Plus_Live_Portuguese Toolbar "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "mIRC" = mIRC "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero OEM "PhotoScape" = PhotoScape "Plugin Letras.mus.br" = Plugin Letras.mus.br 1.10 "Programador de Modem_is1" = LightModem 3.0 "RASPPPOE" = PPP over Ethernet Protocol 0.98 "Softonic_Brasil Toolbar" = Softonic_Brasil Toolbar "SpywareBlaster_is1" = SpywareBlaster 4.2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/5/2010 09:56:17 | Computer Name = CASA-77512E3B81 | Source = Application Hang | ID = 1002 Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8089.726, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. Error - 10/5/2010 20:33:06 | Computer Name = CASA-77512E3B81 | Source = Application Hang | ID = 1002 Description = Aplicativo com falha wmplayer.exe, versão 11.0.5721.5145, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. Error - 13/5/2010 11:04:36 | Computer Name = CASA-77512E3B81 | Source = Application Hang | ID = 1002 Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8089.726, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. Error - 14/5/2010 22:56:12 | Computer Name = CASA-77512E3B81 | Source = Windows Live Messenger | ID = 1000 Description = Error - 15/5/2010 11:04:38 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 download, P4 2.1.6519.0, P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 20/5/2010 09:06:09 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile, P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 21/5/2010 15:16:54 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000 Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 1.1.5802.0, P3 1.83.182.0, P4 1.83.182.0, P5 virtool_win32_obfuscator.xx, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 21/5/2010 16:58:54 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile, P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 23/5/2010 10:38:33 | Computer Name = CASA-77512E3B81 | Source = Google Update | ID = 20 Description = Error - 24/5/2010 18:25:09 | Computer Name = CASA-77512E3B81 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile, P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. [ System Events ] Error - 26/5/2010 17:14:01 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842784 Description = Não foi possível encontrar Assembly dependente Microsoft.VC80.MFCLOC e o último erro foi A montagem a que foi feita referência não está instalada no sistema. Error - 26/5/2010 17:14:01 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811 Description = Falha de Resolve Partial Assembly para Microsoft.VC80.MFCLOC. Mensagem de erro de referência: A montagem a que foi feita referência não está instalada no sistema. . Error - 26/5/2010 17:14:02 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811 Description = Falha de Generate Activation Context para C:\Arquivos de programas\PhotoScape\MFC80.DLL. Mensagem de erro de referência: A operação foi concluída com êxito. . Error - 27/5/2010 00:16:24 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002 Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK). Error - 27/5/2010 08:33:58 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002 Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK). Error - 27/5/2010 10:49:48 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842784 Description = Não foi possível encontrar Assembly dependente Microsoft.VC80.MFCLOC e o último erro foi A montagem a que foi feita referência não está instalada no sistema. Error - 27/5/2010 10:49:48 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811 Description = Falha de Resolve Partial Assembly para Microsoft.VC80.MFCLOC. Mensagem de erro de referência: A montagem a que foi feita referência não está instalada no sistema. . Error - 27/5/2010 10:49:48 | Computer Name = CASA-77512E3B81 | Source = SideBySide | ID = 16842811 Description = Falha de Generate Activation Context para C:\Arquivos de programas\PhotoScape\MFC80.DLL. Mensagem de erro de referência: A operação foi concluída com êxito. . Error - 27/5/2010 18:21:29 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002 Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK). Error - 28/5/2010 15:06:44 | Computer Name = CASA-77512E3B81 | Source = Dhcp | ID = 1002 Description = A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK). < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 29, 2010 1. *Baixe o SalityKiller e salve-o no desktop *Extraia o seu conteúdo para C:\ *Desative a Restauração do Sistema Clique com o botão direito do mouse em Meu Computador > Propriedades > Restauração do Sistema > Desativar Restauração do Sistema > OK > Sim *Desative seu antivírus temporariamente *Este programa irá rodar em 2 janelas distintas ao mesmo tempo!! *A primeira janela: *Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -m *Clique [OK] *Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a. *A segunda janela: *Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -x -k -j -l sality.txt -v *Clique [OK] *Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1. *Cole o resumo localizado no final do arquivo C:\sality.txt, conforme mostrado abaixo: 23:57:51:0 Infected files: 823:57:51:0 Infected processes: 0 23:57:51:0 Infected threads: 2 23:57:51:0 Cured files: 8 23:57:51:0 Executed registry scripts: 1 Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Maio 31, 2010 Bom olha o que me ocorreu:Ao termino dessa tarefa eu reativei meu antivirus e minhas Restauração do Sistema e em seguida tentei colar os resultados aqui mais nao deu a maquina travou de vez entao resolvi RESETAR ela e entao tentei tudo de novo mais sempre que vou coloar os resultados do nosso C:\sality.txt ela vai la e trava nao sei o que acontece e percebi que ao fazer essas coisas e Reiniciando minha maquina ela ta voltando sempre mais lenta ou seja achu que esses programas fez ela fikar um pouco mais lenta achu nao tenhu certeza e ela trava muito o que podemos fazer ou o que eu fiz de errado espero que me ajudem!Agradeeço desde já! ps:eu desativei meu anti virus e as restauraçoes do sistema numa nova tentativa mais deu na mesma ele trava espero que issu possa lhe ajudar!fiko preocupado será que pegou açgum virus!dsde ja agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 31, 2010 1. Os programas utilizados até o momento, não costumam interferir no desempenho do PC. 2. Você tem sinais de contaminação por um vírus chamado Sality. Ele contamina todos os arquivos .exe do PC. Sua remoção é difícil. Muitas vezes a formatação é o procedimento mais rápido. Os achados dele no seu PC são: "C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\wincbcs.exe:*:Enabled:ipsec -- File not found"C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe" = C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe" = C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe" = C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe:*:Enabled:ipsec -- File not found 3. A quantidade de memória livre no seu PC está baixa: 115,00 Mb (22%). O procedimento abaixo não significa que o seu problema será resolvido. Quanto as ferramentas usadas, removeremos todas. *Duplo clique em OTL *Em "Exames Personalizados/Correções" cole o código abaixo: :Processes explorer.exe :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe" =- "C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe" =- "C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe" =- "C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe" =- "C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe" =- "C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe" =- "C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe" =- "C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe" =- "C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe" =- "C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe" =- "C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe" =- "C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe" =- "C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe" =- "C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe" =- :Commands [ResetHosts] [purity] [emptytemp] [start explorer] [Reboot] *Clique em [Consertar] *O PC será reiniciado *Cole o relatório criado em C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos Tente agora fazer o procedimento do SalityKiller. Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Junho 1, 2010 Bom execultei o OTL e pediu pra reiniciar meu pc conforme você tinha dito só que ele nunka que terminava de reiniciar deixei passar muito tempo e nada entao tive que novamente RESETAR minha maquina,entao dando sequencia seg o resultado do OTL: All processes killed Error: Unable to interpret <Processes> in the current context! Error: Unable to interpret <explorer.exe> in the current context! ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\kwebw.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\dfeelg.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\winxtejeg.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\winunvc.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\windrdlr.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\sdmx.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\winvlkshn.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\jcie.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\wintpoo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\winukeo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ramom\CONFIG~1\Temp\tjssu.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\mfwceh.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\oscar\CONFIG~1\Temp\kbgw.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\edgar\CONFIG~1\Temp\thix.exe deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: edgar ->Temp folder emptied: 313882598 bytes ->Temporary Internet Files folder emptied: 36474033 bytes ->Java cache emptied: 761451 bytes ->FireFox cache emptied: 52919849 bytes ->Flash cache emptied: 10309 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 92846 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: oscar ->Temp folder emptied: 12161540 bytes ->Temporary Internet Files folder emptied: 6684955 bytes ->Java cache emptied: 21421640 bytes ->FireFox cache emptied: 56567503 bytes ->Flash cache emptied: 9841 bytes User: ramom ->Temp folder emptied: 4798444 bytes ->Temporary Internet Files folder emptied: 80443336 bytes ->Java cache emptied: 13690420 bytes ->FireFox cache emptied: 4843664 bytes ->Google Chrome cache emptied: 232000879 bytes ->Flash cache emptied: 6214 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134162 bytes %systemroot%\System32 .tmp files removed: 2833305 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 944373 bytes RecycleBin emptied: 58529698 bytes Total Files Cleaned = 860,00 mb OTL by OldTimer - Version 3.2.5.0 log created on 06012010_144409 Files\Folders moved on Reboot... Registry entries deleted on Reboot... E em sequencia segue o resultado do SalityKiller completed 15:41:33:046 2556 Infected files: 0 15:41:33:046 2556 Infected processes: 0 15:41:33:046 2556 Infected threads: 0 15:41:33:046 2556 Cured files: 0 15:41:33:046 2556 Executed registry scripts: 1 Ovsv;achei estranhu que este virus sality apareceu depois que eu retirei as defesas de minha maquina e ela tem mesmu node do programa cujo você disse pra eu execultar.Nao é desconfiança de teu trabahlo até mesmu porq ja sulucionei problemas aqui com vcs mais só achei estranhu, se poder na proxima postagem me explicar pra que serve o SalityKiller eu fikarei muito grato!Desde já agradeço a força!Ah e no termino desse ultimo resultado eu voltei com as defesas de meu pc pra poder usalo até a proxima postagem ok!Abraço Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 1, 2010 O SalityKiller é um programa específico para a remoção das vairiantes Sality.y, Sality.z e Sality.aa, que são as mais comuns. Porém, nem sempre é possível a sua remoção e a formatação se faz necessária. Dei um chute para ver se era uma destas variantes. 1. *Delete os arquivos C:\SalityKiller.exe e C:\sality.txt Informe como está o PC antes de remover as ferramentas usadas. Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Junho 2, 2010 Bom cara lhe confesso que depois que andei fazendo esess testes ela fikou bem mais lenta do que antes será que se remover esse e outros programas nao ajuda um pouco nao!Vou remover esses que você falou e volto pra dizer se teve melhora ou piora!Agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 2, 2010 1. *Execute o OTL novamente, clique em [Limpeza] e reinicie o PC 2. *Baixe e instale o CCleaner *Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos" *Clique em [Executar Limpeza] *Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados] Informe como está o PC. Compartilhar este post Link para o post Compartilhar em outros sites
Ragde 0 Denunciar post Postado Junho 3, 2010 BOm aparentemente me parecesse que deu uma aliviada nele mais 100% ainda nao esta! Uma coisa que eu notei foi que ao eu executar a lempeza do OTL ao reiniciar minha maquina o propio programa OTL sumiu ele e um outro que nem me lembro mais issu seria normal? Bom em fim por enquanto é só!VOu analisar com mais tempo a maquina e volto depois pra dizer definitivamente como anda ela ok! No massimo 1semana e respondo!Desde já agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Julho 4, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
