Maxxor 0 Denunciar post Postado Janeiro 9, 2010 Ao usar o meu anti-virús nod32 encontrei mais de 100 virús, mas ainda restou 2 um no arquivo null.sys e o outro no arquivo beep.sys, ambos na localização: C/windows/system32/drivers que o nod32 não consegue limpar, segundo o anti-virús estes são uma variante de win32/Rustock.nku cavalo de tróia Usei o HisJackThis para fazer a verificação e deu nisso ai: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:27:35, on 9/1/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\STacSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui .exe C:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261438267607 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (antivirschedulerservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update Service (gupdate1c9f51797f976f2) (gupdate1c9f51797f976f2) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 6219 bytes o meu pc tá bastante lento, se alguém poder me ajudar eu agradeço desde já! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Janeiro 9, 2010 Baixe o Malwarebytes dê um destes locais abaixo: Link 1 Link 2 -- Salve o programa no seu Desktop (área de trabalho) • Dê um duplo clique no programa para executá-lo. • Atualize o programa Malwarebytes. • Escolha a Verificação Completa (Tenha paciência, é um pouco demorado) • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log. • Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante). • O log do programa será aberto automaticamente para você. • Poste-o na sua próxima resposta juntamente com um novo log do hijackThis. Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente. • Baixe:OTL.exe • Salve-o no desktop! • Segundo a imagem, mude a opção em "Output" para "Minimal Output". • Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". • Marque as caixas: -- [] LOP check e [] Purity check • Clique em: e aguarde. • Poste: 1) OTL.txt <-- <3> 2) Extra.txt <-- Compartilhar este post Link para o post Compartilhar em outros sites
Maxxor 0 Denunciar post Postado Janeiro 11, 2010 Meu velho!! esse programas que você me mandou são mto bons! ele achou 247 virus no meu pc! e dps q ele reiniciou ficou muito melhor! Muito obrigado mesmo! No mawarebytes houve esse resultado: Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3538 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/1/2010 02:11:42 mbam-log-2010-01-11 (02-11-42).txt Tipo de Verificação: Completa (C:\|E:\|) Objetos verificados: 224528 Tempo decorrido: 38 minute(s), 46 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 7 Valores do Registro infectados: 2 Ítens do Registro infectados: 6 Pastas infectadas: 2 Arquivos infectados: 230 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\avg (Trojan.Banker) -> Quarantined and deleted successfully. Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(default) (Trojan.Banker) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-9105440518-2833460562-298747544-9386\nissan.exe,C:\RECYCLER\S-1-5-21-3503134091-9605763696-259876664-4863\nissan.exe,C:\RECYCLER\S-1-5-21-7486432124-7534851479-422799688-7042\nissan.exe,explorer.exe,C:\RECYCLER\S-1-5-21-8535064025-8569051180-934745830-8665\wnzip32.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Pastas infectadas: C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Arquivos infectados: C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\255.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0101999.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102001.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102002.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102003.sys (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102004.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102049.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102050.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102051.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102052.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102053.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102054.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102055.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102059.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103048.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103049.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103051.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103052.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103053.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103055.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103056.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103060.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0102048.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0103054.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104064.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104154.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104048.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104049.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104051.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104052.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104053.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104057.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104059.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104061.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104062.sys (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104063.sys (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104155.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104156.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104158.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104159.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104160.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104161.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104162.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104164.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104165.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104166.exe (Worm.Pushbot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104168.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104169.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP240\A0104212.sys (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106154.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106156.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106157.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106158.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106159.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106160.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106161.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106172.exe (Malware.NSPack) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106173.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106174.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0106175.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107154.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107155.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107156.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107157.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107158.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107159.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107160.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107166.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107168.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107204.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107205.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107206.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107207.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107208.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107209.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107210.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107219.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107220.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107221.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107222.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107223.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107224.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107225.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107226.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107235.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107236.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107237.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107238.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107239.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107240.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107241.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0107242.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0108235.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0108236.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0108237.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0108238.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0108239.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0108240.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP241\A0108241.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108301.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108252.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108253.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108254.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108255.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108256.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108257.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108258.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108259.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108269.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108270.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108271.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108272.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108273.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108274.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108275.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108276.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108296.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108297.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108298.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108299.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108300.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108302.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP242\A0108303.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108335.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108336.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108337.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108338.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108339.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108340.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108341.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108342.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108371.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108372.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108373.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108374.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108375.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108376.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0108377.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0109371.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0109372.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0109373.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0109374.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0109375.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0109376.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP243\A0109377.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109436.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109422.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109423.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109424.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109425.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109426.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109427.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109432.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109433.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109434.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109435.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109437.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP244\A0109438.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0109483.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0109484.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0109485.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0109486.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0109487.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0109488.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0109489.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0110483.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0110484.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0110485.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0110486.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0110487.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0110488.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP245\A0110489.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP246\A0110494.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP246\A0110495.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP246\A0110496.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP246\A0110497.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP246\A0110498.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP246\A0110499.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP247\A0110511.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP247\A0110512.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP247\A0110513.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP247\A0110514.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP247\A0110515.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP247\A0110516.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP247\A0110517.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110565.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110561.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110562.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110563.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110564.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110566.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110567.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110572.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110573.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110574.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110575.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110576.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP248\A0110577.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP262\A0112699.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP262\A0112700.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP262\A0112701.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP262\A0112702.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP262\A0112703.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP262\A0112704.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP262\A0112705.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132015.SYS (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132007.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132008.sys (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132009.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132013.SYS (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132014.SYS (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132016.SYS (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7DA5EE4F-574C-4D25-B038-E997872DBCD4}\RP305\A0132019.exe (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\WINDOWS\system32\526DDE\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\Null.SYS (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\f0d5399e.sys (Rootkit.Rustock) -> Delete on reboot. C:\WINDOWS\system32\drivers\fa767aa1.sys (Rootkit.Rustock) -> Delete on reboot. C:\WINDOWS\system32\drivers\glaide32.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\Beep.SYS (Rootkit.Rustock) -> Quarantined and deleted successfully. C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\E_4\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\E_4\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\E_4\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\ctv2044.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\ctv2995.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Alessandrorm\Configurações locais\Temp\ctv3937.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\avg.exe (Trojan.Banker) -> Quarantined and deleted successfully. No OTL teve esse: OTL logfile created on: 11/1/2010 02:17:57 - Run 1 OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Alessandrorm\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 298,08 Gb Total Space | 80,38 Gb Free Space | 26,97% Space Free | Partition Type: NTFS Unable to calculate disk information. E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALESSANDRO Current User Name: Alessandrorm Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Alessandrorm\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.) PRC - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\stacsv.exe (IDT, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Alessandrorm\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (antivirservice) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (gupdate1c9f51797f976f2) Google Update Service (gupdate1c9f51797f976f2) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (antivirschedulerservice) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EhttpSrv) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.) SRV - (Microsoft Office Groove Audit Service) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (k10) -- C:\WINDOWS\system32\drivers\k10.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (EverestDriver) -- C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt () DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys () DRV - (easdrv) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET) DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (npkcrypt) -- C:\Arquivos de programas\Gravity\npkcrypt.sys (INCA Internet Co., Ltd.) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-21-343818398-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp IE - HKU\s-1-5-21-343818398-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\s-1-5-21-343818398-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\s-1-5-21-343818398-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\s-1-5-21-343818398-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 BB 1D 0F A8 13 CA 01 [binary data] IE - HKU\s-1-5-21-343818398-1292428093-839522115-1003\s-1-5-21-343818398-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\s-1-5-21-343818398-1292428093-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKU\.default..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe File not found O4 - HKU\s-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe File not found O4 - HKU\s-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE File not found O4 - HKU\s-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\s-1-5-21-343818398-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261438267607 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_18-windows-i586.cab (Java Plug-in 1.5.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\s-1-5-21-343818398-1292428093-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/06 18:02:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{16cf815e-2f65-11de-92a1-00219784d335}\Shell\autorun\command - "" = trikfx/spomenar.exe O33 - MountPoints2\{16cf815e-2f65-11de-92a1-00219784d335}\Shell\explore\command - "" = trikfx/spomenar.exe O33 - MountPoints2\{16cf815e-2f65-11de-92a1-00219784d335}\Shell\open\command - "" = trikfx/spomenar.exe O33 - MountPoints2\{1777bc80-6a91-11de-9371-00219784d335}\Shell\AutoRun\command - "" = F:\3.cmd -- File not found O33 - MountPoints2\{1777bc80-6a91-11de-9371-00219784d335}\Shell\open\Command - "" = F:\3.cmd -- File not found O33 - MountPoints2\{2a98411f-6fc0-11de-9386-00219784d335}\Shell\AutoRun\command - "" = avc14.exe O33 - MountPoints2\{71d99df4-3e76-11de-92d5-00219784d335}\Shell\AutoRun\command - "" = F:\3.cmd -- File not found O33 - MountPoints2\{71d99df4-3e76-11de-92d5-00219784d335}\Shell\open\Command - "" = F:\3.cmd -- File not found O33 - MountPoints2\{8e08a4bd-aca8-11de-9428-00219784d335}\Shell - "" = AutoRun O33 - MountPoints2\{8e08a4bd-aca8-11de-9428-00219784d335}\Shell\autorun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{b6f5f641-65cc-11de-935f-00219784d335}\Shell\AutoRun\command - "" = E:\3.cmd -- File not found O33 - MountPoints2\{b6f5f641-65cc-11de-935f-00219784d335}\Shell\open\Command - "" = E:\3.cmd -- File not found O33 - MountPoints2\{bc9687fe-5519-11de-9323-00219784d335}\Shell\AutoRun\command - "" = F:\3.cmd -- File not found O33 - MountPoints2\{bc9687fe-5519-11de-9323-00219784d335}\Shell\open\Command - "" = F:\3.cmd -- File not found O33 - MountPoints2\{bc9687ff-5519-11de-9323-00219784d335}\Shell\AutoRun\command - "" = E:\xdglur.bat -- File not found O33 - MountPoints2\{bc9687ff-5519-11de-9323-00219784d335}\Shell\open\Command - "" = E:\xdglur.bat -- File not found O33 - MountPoints2\{c667a3e2-2302-11de-9285-00219784d335}\Shell\AutoRun\command - "" = G:\3.cmd -- File not found O33 - MountPoints2\{c667a3e2-2302-11de-9285-00219784d335}\Shell\open\Command - "" = G:\3.cmd -- File not found O33 - MountPoints2\{e5123a48-f492-11dd-9214-c43dbc1503ec}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{f89135ec-6107-11de-934b-00219784d335}\Shell\AutoRun\command - "" = F:\DRVINST.EXE -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/01/11 01:24:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\Malwarebytes [2010/01/11 01:24:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/11 01:24:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/11 01:24:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware [2010/01/11 01:24:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [2010/01/11 01:21:34 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alessandrorm\Desktop\OTL.exe [2010/01/11 01:17:43 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alessandrorm\Desktop\mbam-setup.exe [2010/01/09 12:16:55 | 00,000,000 | ---D | C] -- C:\HiJackThis [2010/01/09 01:43:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2010/01/09 01:42:59 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2010/01/05 01:01:34 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009/11/18 22:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Temp [2009/07/19 13:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft [2009/07/19 11:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft [2009/07/19 10:45:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google [2009/07/19 10:45:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google [2009/02/27 20:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET [2009/02/06 19:10:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft [2009/02/06 18:02:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft [22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Alessandrorm\Meus documentos\*.tmp files -> C:\Documents and Settings\Alessandrorm\Meus documentos\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/11 02:20:29 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\6bfd2cda.sys [2010/01/11 02:15:24 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/01/11 02:15:24 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/01/11 02:15:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/11 02:15:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/11 02:14:42 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\ntuser.dat [2010/01/11 02:14:42 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Alessandrorm\ntuser.ini [2010/01/11 02:14:35 | 04,817,456 | -H-- | M] () -- C:\Documents and Settings\Alessandrorm\Configurações locais\Dados de aplicativos\IconCache.db [2010/01/11 02:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010/01/11 01:36:04 | 00,000,468 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72AFE6BD-7ADB-432A-AC46-BF4315B7B01C}.job [2010/01/11 01:27:00 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/01/11 01:24:55 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/11 01:23:49 | 00,028,572 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Desktop\Baixe o Malwarebytes dê um destes locais abaixo.docx [2010/01/11 01:23:00 | 72,722,212 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Desktop\Maroon 5 - It Won't Be Soon Before Long (2007) by piegdorro.zip [2010/01/11 01:21:38 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alessandrorm\Desktop\OTL.exe [2010/01/11 01:17:52 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alessandrorm\Desktop\mbam-setup.exe [2010/01/11 01:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010/01/11 00:02:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010/01/10 23:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010/01/10 22:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010/01/10 21:05:37 | 10,858,7084 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Desktop\O Melhor do Sertanejo Universitário 2 - www.musicasparabaixar.org.rar [2010/01/10 21:00:04 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010/01/10 20:22:35 | 00,000,381 | ---- | M] () -- C:\WINDOWS\key2010 [2010/01/10 20:00:01 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010/01/10 19:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010/01/10 18:55:49 | 00,002,250 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/10 14:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010/01/10 13:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010/01/10 12:00:03 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010/01/10 11:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010/01/10 10:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010/01/10 09:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010/01/10 08:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010/01/10 07:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010/01/10 06:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010/01/10 05:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010/01/10 04:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010/01/10 03:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010/01/09 18:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010/01/09 17:00:02 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010/01/09 16:00:01 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010/01/09 15:00:02 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010/01/09 12:13:14 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Desktop\HiJackThis.zip [2010/01/09 02:20:42 | 00,192,000 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/04 19:28:32 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/12/24 21:10:08 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009/12/24 21:10:06 | 00,000,839 | ---- | M] () -- C:\WINDOWS\win.ini [2009/12/24 21:10:03 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/24 20:40:51 | 00,000,647 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Desktop\Atalho para Odin.lnk [2009/12/24 09:33:35 | 75,029,3286 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Desktop\Surrogates[2009]DVDRip (substitutos).avi [2009/12/23 10:01:49 | 56,025,7683 | ---- | M] () -- C:\Documents and Settings\Alessandrorm\Desktop\Curioso Caso de Benjamin Button.rmvb [22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Alessandrorm\Meus documentos\*.tmp files -> C:\Documents and Settings\Alessandrorm\Meus documentos\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/11 01:24:55 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/11 01:23:49 | 00,028,572 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Desktop\Baixe o Malwarebytes dê um destes locais abaixo.docx [2010/01/11 01:22:57 | 72,722,212 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Desktop\Maroon 5 - It Won't Be Soon Before Long (2007) by piegdorro.zip [2010/01/10 21:00:42 | 10,858,7084 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Desktop\O Melhor do Sertanejo Universitário 2 - www.musicasparabaixar.org.rar [2010/01/10 20:22:35 | 00,000,381 | ---- | C] () -- C:\WINDOWS\key2010 [2010/01/09 12:13:02 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Desktop\HiJackThis.zip [2009/12/24 20:40:51 | 00,000,647 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Desktop\Atalho para Odin.lnk [2009/12/24 03:42:25 | 75,029,3286 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Desktop\Surrogates[2009]DVDRip (substitutos).avi [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2009/12/23 22:36:26 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2009/12/23 05:37:14 | 56,025,7683 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Desktop\Curioso Caso de Benjamin Button.rmvb [2009/11/19 09:07:29 | 00,000,024 | -H-- | C] () -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\xpy.ini [2009/11/17 21:09:33 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009/10/17 02:36:06 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\6bfd2cda.sys [2009/09/21 19:01:27 | 00,000,314 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2009/09/13 10:56:13 | 00,158,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat [2009/08/23 23:45:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2009/08/23 23:45:14 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/06/23 12:20:02 | 00,000,493 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/05/19 19:36:33 | 00,002,059 | ---- | C] () -- C:\WINDOWS\wp2.ini [2009/05/19 19:36:33 | 00,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini [2009/03/30 17:04:24 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/02/23 03:17:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll [2009/02/08 01:44:42 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009/02/06 18:56:55 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009/02/06 18:56:24 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2009/02/06 18:47:13 | 00,192,000 | ---- | C] () -- C:\Documents and Settings\Alessandrorm\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/06 18:21:44 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/02/06 18:21:44 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/02/06 18:21:43 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/02/06 18:21:43 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/02/06 18:21:42 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/02/06 18:21:41 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/02/06 18:21:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/02/06 18:11:17 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll [2008/07/01 08:04:40 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2006/11/02 09:27:46 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI ========== LOP Check ========== [2009/11/19 21:15:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\Any Video Converter [2009/12/05 21:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\BSplayer [2009/02/22 22:47:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\BSplayer Pro [2009/08/10 15:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\Dev-Cpp [2009/03/01 15:18:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\eMule [2009/04/06 20:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\flightgear.org [2009/04/06 20:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\fltk.org [2009/08/20 13:49:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\Free Download Manager [2009/03/30 17:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\Simple Star [2009/03/31 10:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\Snapfish [2009/02/07 19:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\TuneUp Software [2009/03/27 12:09:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\uTorrent [2009/12/12 03:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandrorm\Dados de aplicativos\Viewer2 [2009/02/06 20:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET [2009/02/23 03:24:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG [2009/12/21 03:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground [2009/02/07 19:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software [2009/02/07 19:39:02 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357} [2010/01/11 00:02:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2010/01/10 09:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2010/01/10 10:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2010/01/10 11:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2010/01/10 12:00:03 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2010/01/10 13:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2010/01/10 14:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2010/01/09 15:00:02 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2010/01/09 16:00:01 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2010/01/09 17:00:02 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2010/01/09 18:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2010/01/11 01:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2010/01/10 19:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2010/01/10 20:00:01 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2010/01/10 21:00:04 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2010/01/10 22:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2010/01/10 23:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2010/01/11 02:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2010/01/10 03:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2010/01/10 04:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2010/01/10 05:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2010/01/10 06:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2010/01/10 07:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2010/01/10 08:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2010/01/11 02:15:24 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/01/11 01:36:04 | 00,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{72AFE6BD-7ADB-432A-AC46-BF4315B7B01C}.job ========== Purity Check ========== < End of report > e no extras teve esse: OTL Extras logfile created on: 11/1/2010 02:17:57 - Run 1 OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Alessandrorm\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 298,08 Gb Total Space | 80,38 Gb Free Space | 26,97% Space Free | Partition Type: NTFS Unable to calculate disk information. E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALESSANDRO Current User Name: Alessandrorm Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.) "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz -- (Microsoft Corporation) "C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "\" = C:\WINDOWS\system\svchost.exe:*:Enabled:KL -- File not found "C:\Arquivos de programas\Warcraft III\War3.exe" = C:\Arquivos de programas\Warcraft III\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) "C:\Arquivos de programas\EA GAMES\Need For Speed Underground\Speed.exe" = C:\Arquivos de programas\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed -- () "C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- (Ares Development Group) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13 "{2CBEDEBA-8DCE-4C0E-9DA0-0D2B303991A0}" = Ragnarok Online "{30079632-F8CB-4A11-8850-FCDA4B859F71}" = CD-ROM Biologia 1 "{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam "{30EABAF9-3EAB-46C7-8BAE-C9DCCF699685}" = ESET NOD32 Antivirus "{3248F0A8-6813-11D6-A77B-00B0D0150180}" = J2SE Runtime Environment 5.0 Update 18 "{32A3A4F4-B792-11D6-A78A-00B0D0150180}" = J2SE Development Kit 5.0 Update 18 "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{44B3522B-195C-488D-84AC-9526FA99CB73}" = Motorola Handset USB Driver "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{6FC0A4F8-8301-48C6-ADB7-B9EA8CF09C39}" = Ginipic "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail "{84975365-177A-42EB-A265-9C9B6DB1FEA1}" = Trust Photo Tools "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000ff1ce}_enterprise_{3d019598-7b59-447a-80ae-815b703b84ff}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0030-0000-0000-0000000ff1ce}_enterprise_{bee75e01-dd3f-4d5f-b96c-609e6538d419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B2-0416-0000-0000000FF1CE}" = Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007 "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer "{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ac76ba86-7ad7-1046-7b44-a92000000001}" = Adobe Reader 9.2 - Português "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{c084bc61-e537-11de-8616-005056806466}" = Google Earth "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{ca567ad5-33a4-403d-86d1-ee2d38251951}_is1" = VDownloader 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "ADDONS SITECS (NONSTEAM)" = ADDONS SITECS (NONSTEAM) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "any video converter_is1" = Any Video Converter 2.7.9 "Applian FLV Player2.0.24" = Applian FLV Player "Ares" = Ares 2.1.1 "BSPlayerf" = BS.Player FREE "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "eMule" = eMule "ENTERPRISE" = Microsoft Office Enterprise 2007 "eset online scanner" = ESET Online Scanner v3 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00 "Free Download Manager_is1" = Free Download Manager 3.0 "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "hijackthis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.4 "malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "nbi-nb-base-6.5.1.0.200903060201" = NetBeans IDE 6.5.1 "Nero PhotoShow Express" = Nero PhotoShow Express "NeroMultiInstaller!UninstallKey" = Nero Suite "OpenAL" = OpenAL "PhotoScape" = PhotoScape "Viewer2" = Viewer2 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\s-1-5-21-343818398-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/1/2010 14:27:05 | Computer Name = ALESSANDRO | Source = Google Update | ID = 20 Description = Error - 4/1/2010 15:27:05 | Computer Name = ALESSANDRO | Source = Google Update | ID = 20 Description = Error - 8/1/2010 21:41:02 | Computer Name = ALESSANDRO | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: Error - 8/1/2010 22:27:06 | Computer Name = ALESSANDRO | Source = Google Update | ID = 20 Description = Error - 9/1/2010 10:55:44 | Computer Name = ALESSANDRO | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: Error - 10/1/2010 17:55:57 | Computer Name = ALESSANDRO | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: Error - 11/1/2010 00:08:25 | Computer Name = ALESSANDRO | Source = Application Error | ID = 1000 Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com falha embd3260.dll, versão 6.0.13.68, endereço com falha 0x0002f11d. Error - 11/1/2010 00:08:59 | Computer Name = ALESSANDRO | Source = Application Error | ID = 1000 Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com falha embd3260.dll, versão 6.0.13.68, endereço com falha 0x0002f11d. Error - 11/1/2010 00:09:58 | Computer Name = ALESSANDRO | Source = Application Hang | ID = 1002 Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. Error - 11/1/2010 01:15:32 | Computer Name = ALESSANDRO | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: [ OSession Events ] Error - 13/9/2009 09:49:10 | Computer Name = ALESSANDRO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error - 16/9/2009 18:13:45 | Computer Name = ALESSANDRO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 20/10/2009 13:10:53 | Computer Name = ALESSANDRO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error - 25/10/2009 11:08:34 | Computer Name = ALESSANDRO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error - 25/10/2009 11:08:46 | Computer Name = ALESSANDRO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 4/1/2010 09:00:00 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At11.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 10:00:01 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At12.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 11:00:00 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At13.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 12:00:01 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At14.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 13:00:00 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At15.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 14:00:01 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At16.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 15:00:00 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At17.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 16:00:00 | Computer Name = ALESSANDRO | Source = Schedule | ID = 7901 Description = O comando At18.job falhou ao iniciar devido ao seguinte erro: %%2147942402 Error - 4/1/2010 16:19:29 | Computer Name = ALESSANDRO | Source = DCOM | ID = 10005 Description = Erro "%2" no DCOM na tentativa de iniciar o serviço BITS com argumentos "" para iniciar o servidor: {4991D34B-80A1-4291-83B6-3328366B9097} Error - 4/1/2010 16:19:30 | Computer Name = ALESSANDRO | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Serviço de transferência inteligente de plano de fundo devido ao seguinte erro: %%2 [ TuneUp Events ] Error - 27/2/2009 19:13:14 | Computer Name = ALESSANDRO | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 27/2/2009 19:14:09 | Computer Name = ALESSANDRO | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 27/2/2009 19:14:09 | Computer Name = ALESSANDRO | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 27/2/2009 19:16:39 | Computer Name = ALESSANDRO | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 27/2/2009 19:16:44 | Computer Name = ALESSANDRO | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > eu só gostaria de perguntar mais algo, qual o melhor antivirus a ser utilizado no meu pc? Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Fevereiro 11, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
