EDSSX 0 Denunciar post Postado Janeiro 15, 2010 Boa Tarde ! Conf digitu as letra, sai uma bagunça só ( devido a isto me explico/consegui digit r/me manifesto o caso assim ). OIbs: Pelo que perçebi quando digito rápido; ai o problemma prevaleçe mais . Pesquusei, será o Cascade ? Segue log do dds, pois hijackthis ás vezes roda; ora sim ora não . DDS (Ver_09-12-01.01) - FAT32x86 Run by edsom luis at 14:07:08,18 on 15/01/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.97 [GMT -2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\Arquivos de programas\AlienGUIse\wbload.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\CursorXP\CursorXP.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe -k eapsvcs D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\edsom luis\Desktop\Virus Removal Tool\setup_9.0.0.722_15.01.2010_15-37\setup_9.0.0.722_15.01.2010_15-37.exe D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mWindow Title = uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - d:\arquivos de programas\dvdvideosoft\tbDVDV.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - d:\arquivos de programas\dvdvideosoft\tbDVDV.dll TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - d:\arquivos de programas\dvdvideosoft\tbDVDV.dll uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe mRun: [MSConfig] d:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\setup_~1.lnk - d:\documents and settings\edsom luis\desktop\virus removal tool\setup_9.0.0.722_15.01.2010_15-37\startup.exe StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\setup_~1.lnk - d:\documents and settings\edsom luis\desktop\virus removal tool\setup_9.0.0.722_15.01.2010_15-37\startup.exe uPolicies-explorer: NoRealMode = 0 (0x0) uPolicies-explorer: HonorAutoRunSetting = 0 (0x0) uPolicies-explorer: NoFileUrl = 0 (0x0) uPolicies-explorer: NoUpdateCheck = 0 (0x0) mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1) IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Notify: WB - d:\arquivos de programas\alienguise\fastload.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 24114672;24114672 Boot Guard Driver;d:\windows\system32\drivers\24114672.sys [2010-1-15 37392] R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160] R1 24114671;24114671;d:\windows\system32\drivers\24114671.sys [2010-1-15 128016] R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-11-24 11608] R1 setup_9.0.0.722_15.01.2010_15-37drv;setup_9.0.0.722_15.01.2010_15-37drv;d:\windows\system32\drivers\2411467.sys [2010-1-15 315408] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-11-24 108289] R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-11-24 185089] R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 56816] R3 pxkbf;pxkbf;d:\windows\system32\drivers\pxkbf.sys [2010-1-2 24496] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568] S3 KProcWatch;KProcWatch; [x] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136] S4 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x] S4 ZeppelinService;plasservice; [x] ============== File Associations =============== inifile=Notepad.exe "%1" =============== Created Last 30 ================ 2010-01-15 14:52:03 37392 ----a-w- d:\windows\system32\drivers\24114672.sys 2010-01-15 14:52:03 315408 ----a-w- d:\windows\system32\drivers\2411467.sys 2010-01-15 14:52:03 128016 ----a-w- d:\windows\system32\drivers\24114671.sys 2010-01-15 14:05:14 0 d-sha-r- D:\autorun.inf 2010-01-14 00:33:40 471552 ------w- d:\windows\system32\dllcache\aclayers.dll 2010-01-13 07:56:58 0 d-----w- d:\arquivos de programas\arquivos comuns\DVDVideoSoft 2010-01-13 07:56:57 0 d-----w- d:\arquivos de programas\DVDVideoSoft 2010-01-05 21:29:02 0 d-----w- d:\docume~1\alluse~1\dadosd~1\VOWSoft 2010-01-05 21:28:56 0 d-----w- d:\arquivos de programas\ABC 3GP Converter 2010-01-05 04:15:21 3 ----a-w- d:\windows\rrxx.dll 2010-01-05 04:08:34 0 d-sh--w- D:\Recycled 2010-01-05 00:26:29 0 d-----w- d:\arquivos de programas\trend micro 2010-01-04 23:26:22 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\IObit 2010-01-03 06:34:45 0 d-----w- d:\windows\system32\wbem\Repository 2010-01-03 06:34:39 0 d-----w- d:\docume~1\alluse~1\dadosd~1\PrevxCSI 2010-01-03 06:28:02 0 d--h--w- d:\windows\system32\GroupPolicy 2010-01-02 18:42:55 0 d---a-w- D:\autorun(3).inf 2010-01-02 16:15:24 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-02 16:15:24 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-02 16:15:24 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-02 16:15:23 24496 ----a-w- d:\windows\system32\drivers\pxkbf.sys 2010-01-02 16:15:14 51 ----a-w- d:\windows\wininit.ini 2009-12-30 21:02:48 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy 2009-12-29 22:00:35 0 d-----w- D:\MSNCleaner 2009-12-29 21:50:20 0 d-----w- D:\!FixIEDef 2009-12-29 20:18:12 184320 ----a-w- d:\windows\system32\delnext.exe 2009-12-28 03:13:54 8688 ----a-w- d:\documents and settings\edsom luis\run2.hax 2009-12-28 03:13:54 6656 ----a-w- d:\documents and settings\edsom luis\md5file.exe 2009-12-28 03:13:54 51200 ----a-w- d:\documents and settings\edsom luis\dumphive.exe 2009-12-28 03:13:54 49152 ----a-w- d:\documents and settings\edsom luis\vfind.exe 2009-12-28 03:13:54 40960 ----a-w- d:\documents and settings\edsom luis\swsc.exe 2009-12-28 03:13:54 38400 ----a-w- d:\documents and settings\edsom luis\moveex.exe 2009-12-28 03:13:54 156160 ----a-w- d:\documents and settings\edsom luis\swreg.exe 2009-12-28 03:13:54 146944 ----a-w- d:\documents and settings\edsom luis\catchme.exe 2009-12-27 20:20:54 0 d-----w- d:\arquivos de programas\ZHPDiag 2009-12-27 20:17:29 583854 ----a-w- D:\HaxFix.exe 2009-12-27 19:39:43 0 d-----w- D:\HaxFix 2009-12-27 19:29:48 0 d-----w- d:\arquivos de programas\Navilog1 2009-12-26 23:43:34 0 d-----w- d:\arquivos de programas\Gadwin Systems 2009-12-25 01:22:51 0 d-----w- d:\arquivos de programas\Conduit 2009-12-24 19:24:19 0 d-----w- d:\docume~1\alluse~1\dadosd~1\ParetoLogic 2009-12-24 18:39:51 0 d-----w- d:\docume~1\alluse~1\dadosd~1\ParetoLogic Anti-Virus PLUS 2009-12-24 16:45:45 0 d-----w- d:\arquivos de programas\MRBDG 2009-12-24 16:21:45 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2009-12-24 16:21:41 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2009-12-24 16:04:27 0 d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware 2009-12-19 04:10:17 0 d-----w- d:\arquivos de programas\CCleaner 2009-12-18 17:36:17 0 d--h--w- d:\documents and settings\edsom luis\Recent(2) ==================== Find3M ==================== 2010-01-15 13:04:58 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-01-13 06:01:00 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-04 17:21:42 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-01-04 17:21:42 471376 ----a-w- d:\windows\system32\perfh016.dat 2009-12-14 07:35:46 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-14 07:35:46 249856 ------w- d:\windows\Setup1.exe 2009-12-10 00:54:08 261632 ----a-w- d:\windows\PEV.exe 2009-12-08 02:21:34 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-01 17:16:32 38338 ----a-w- d:\arquivos de programas\Uninst.isu 2009-12-01 01:12:40 579072 ----a-w- d:\windows\system32\dllcache\user32.dll 2009-11-27 20:47:52 218 ----a-w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\find.exe 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\dllcache\find.exe 2009-11-24 21:40:16 411368 ----a-w- d:\windows\system32\deploytk.dll 2009-11-24 08:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.idx 2009-11-24 08:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-11-20 21:11:28 15828 ----a-w- d:\arquivos de programas\arquivos comuns\license.rtf 2009-11-20 21:01:18 832296 ----a-w- d:\arquivos de programas\arquivos comuns\opera.exe 2009-11-20 21:01:16 4450088 ----a-w- d:\arquivos de programas\arquivos comuns\opera.dll 2009-11-20 21:00:42 20480 ----a-w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll 2009-11-20 21:00:24 653419 ----a-w- d:\arquivos de programas\arquivos comuns\encoding.bin 2009-11-13 20:19:06 2320 ----a-w- d:\arquivos de programas\arquivos comuns\operadef6.ini 2009-10-28 14:40:48 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe 2009-10-25 08:11:36 77312 ----a-w- d:\windows\MBR.exe 2009-10-21 05:39:40 75776 ----a-w- d:\windows\system32\strmfilt.dll 2009-10-21 05:39:40 75776 ------w- d:\windows\system32\dllcache\strmfilt.dll 2009-10-21 05:39:40 25088 ----a-w- d:\windows\system32\httpapi.dll 2009-10-21 05:39:40 25088 ------w- d:\windows\system32\dllcache\httpapi.dll 2009-10-20 16:20:16 265728 ------w- d:\windows\system32\dllcache\http.sys 2009-08-20 14:06:06 126704693 ----a-w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04:26 9812992 ----a-w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39:36 330 ----a-w- d:\arquivos de programas\setup.ini 2009-07-10 05:20:00 621546 ----a-w- d:\arquivos de programas\ACIHELP.HLP 2009-07-10 05:20:00 3219 ----a-w- d:\arquivos de programas\Acihelp.cnt 2009-06-17 16:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt 2008-06-09 12:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml 2004-02-26 15:35:04 7904 ----a-w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd 2002-03-11 08:06:30 1822520 ----a-w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45:04 1708856 ----a-w- d:\arquivos de programas\instmsia.exe 2009-01-21 14:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat 2009-09-11 16:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-03-08 16:09:26 638816 --sha-w- d:\windows\servicepackfiles\i386\iexplore.exe ============= FINISH: 14:08:43,34 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 19/09/2007 10:51:37 System Uptime: 15/01/2010 11:04:43 (3 hours ago) Motherboard: ECS | | M825G Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (FAT32) - 17 GiB total, 7,469 GiB free. D: is FIXED (FAT32) - 59 GiB total, 38,174 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Service: ati2mtag Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO SEC Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO SEC Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Service: ati2mtag Class GUID: Description: Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Manufacturer: Name: PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Controlador de comunicação PCI simples Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Manufacturer: Name: Controlador de comunicação PCI simples PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Service: Class GUID: Description: Device ID: ROOT\LEGACY_BOCDRIVE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000 Service: Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Dispositivo de áudio USB Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Manufacturer: (Áudio USB genérico) Name: Dispositivo de áudio USB PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Service: usbaudio Class GUID: Description: Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Service: ==== System Restore Points =================== RP9: 06/01/2010 04:32:16 - Ponto de verificação do sistema RP10: 05/01/2010 23:34:00 - 06012010 tuche info RP11: 06/01/2010 01:28:48 - Software Distribution Service 3.0 RP12: 06/01/2010 12:52:34 - Software Distribution Service 3.0 RP13: 07/01/2010 00:01:39 - Software Distribution Service 3.0 RP14: 07/01/2010 02:43:40 - Software Distribution Service 3.0 RP15: 07/01/2010 18:45:11 - Software Distribution Service 3.0 RP16: 07/01/2010 22:20:52 - Software Distribution Service 3.0 RP17: 08/01/2010 17:14:01 - Software Distribution Service 3.0 RP18: 08/01/2010 18:51:52 - Software Distribution Service 3.0 RP19: 08/01/2010 20:14:31 - Software Distribution Service 3.0 RP20: 09/01/2010 00:00:18 - Software Distribution Service 3.0 RP21: 09/01/2010 13:49:51 - Revo Uninstaller's restore point - Ad-Remover By C_XX RP22: 09/01/2010 13:51:29 - Revo Uninstaller's restore point - Uninstall 1.0.0.1 RP23: 09/01/2010 23:53:17 - Software Distribution Service 3.0 RP24: 11/01/2010 00:00:24 - Software Distribution Service 3.0 RP25: 11/01/2010 02:00:02 - Software Distribution Service 3.0 RP26: 12/01/2010 04:07:11 - Software Distribution Service 3.0 RP27: 12/01/2010 05:18:53 - Software Distribution Service 3.0 RP28: 13/01/2010 00:00:34 - Software Distribution Service 3.0 RP29: 13/01/2010 13:18:17 - Software Distribution Service 3.0 RP30: 14/01/2010 00:00:17 - Software Distribution Service 3.0 RP31: 14/01/2010 01:17:02 - Software Distribution Service 3.0 RP32: 15/01/2010 05:51:49 - Revo Uninstaller's restore point - ACI Windows RP33: 15/01/2010 13:08:32 - Software Distribution Service 3.0 RP34: 16/01/2010 00:00:37 - Software Distribution Service 3.0 RP35: 14/01/2010 06:35:20 - Revo Uninstaller's restore point - Gerador da Rais Genérico - GDRais Genérico76_08 [Versão 2008.01.00] RP36: 14/01/2010 06:36:26 - Revo Uninstaller's restore point - Gerador de Declaração RAIS - GDRAIS 2009 ( Versão 2009.01.00 ) RP37: 14/01/2010 06:53:09 - Revo Uninstaller's restore point - ACI Windows RP38: 14/01/2010 09:05:47 - Revo Uninstaller's restore point - Exterminate It! RP39: 15/01/2010 00:00:27 - Software Distribution Service 3.0 RP40: 15/01/2010 00:43:11 - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.2 - Português AlienGUIse Theme Manager Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2) Atualização de Segurança para Windows Internet Explorer 7 (KB938127) Atualização de Segurança para Windows Internet Explorer 7 (KB958215) Atualização de Segurança para Windows Internet Explorer 7 (KB960714) Atualização de Segurança para Windows Internet Explorer 7 (KB961260) Atualização de Segurança para Windows Internet Explorer 8 (KB969897) Atualização de Segurança para Windows Internet Explorer 8 (KB971961) Atualização de Segurança para Windows Internet Explorer 8 (KB972260) Atualização de Segurança para Windows Internet Explorer 8 (KB974455) Atualização de Segurança para Windows Internet Explorer 8 (KB976325) Atualização de Segurança para Windows XP (KB961371-v2) Atualização de Segurança para Windows XP (KB972270) Atualização para Windows Internet Explorer 8 (KB973874) Atualização para Windows Internet Explorer 8 (KB976749) Atualização para Windows XP (KB955759) BrOffice.org 3.1 C-Media WDM Audio Driver CCleaner CursorXP DVDVideoSoft Toolbar EVEREST Home Edition v2.20 Free Audio CD Burner version 1.2 Free YouTube to MP3 Converter version 3.2 Gadwin PrintScreen Google Chrome HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IRPF2010 - Declaração de Ajuste Anual e Final de Espólio Java 6 Update 17 Junk Mail filter update K-Meleon 1.5.3 en-US (remove only) Malwarebytes' Anti-Malware MegaJogos (remove only) Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Language Pack - ptb Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.5) MSXML 4.0 SP2 (KB973688) Opera 10.10 Revo Uninstaller 1.85 Sun VirtualBox Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) você 9.0 Runtime VIA Rhine-Family Fast-Ethernet Adapter Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Imaging Component Windows Internet Explorer 7 Windows Media Format 11 runtime XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 ZHPDiag 1.24 ==== End Of File =========================== Obrigado desde já . Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 20, 2010 Opa EDSSX, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos); 3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar. PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix. 4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura. Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente. Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA. Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”. Clique sobre “SIM” para continuar a varredura. 5) O ComboFix iniciará o AUTOSCAN (aguarde). ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco). Ao término do processo a máquina será reiniciada para a emissão do relatório. 6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em D:\ComboFix.txt. 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta. OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO. OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Janeiro 21, 2010 Boa Noite ! Segue combofix: ComboFix 10-01-04.01 - edsom luis 20/01/2010 22:51.2.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.271 [GMT -2:00] Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))) . 2010-01-20 18:36 . 2010-01-20 18:36 -------- d-----w- d:\windows\system32\JAIL 2010-01-14 00:33 . 2009-11-21 15:58 471552 ------w- d:\windows\system32\dllcache\aclayers.dll 2010-01-13 07:56 . 2010-01-13 07:57 -------- d-----w- d:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2010-01-13 07:56 . 2010-01-13 07:56 -------- d-----w- d:\arquivos de programas\DVDVideoSoft 2010-01-12 06:06 . 2010-01-11 19:33 789320 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-01-12 06:06 . 2010-01-11 19:32 698184 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll 2010-01-11 15:45 . 2010-01-11 15:53 52224 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll 2010-01-11 15:45 . 2010-01-11 15:53 114688 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll 2010-01-05 21:29 . 2010-01-05 21:29 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\VOWSoft 2010-01-05 00:26 . 2010-01-05 00:26 -------- d-----w- d:\arquivos de programas\trend micro 2010-01-04 23:26 . 2010-01-04 23:26 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\IObit 2010-01-04 02:32 . 2010-01-04 02:32 -------- d-----w- D:\rsit 2010-01-03 06:34 . 2010-01-03 06:34 -------- d-----w- d:\windows\system32\wbem\Repository 2010-01-03 06:34 . 2010-01-03 06:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\PrevxCSI 2010-01-03 06:28 . 2010-01-03 06:28 -------- d--h--w- d:\windows\system32\GroupPolicy 2010-01-02 18:42 . 2010-01-02 18:42 -------- d---a-w- D:\autorun(3).inf 2010-01-02 16:15 . 2010-01-05 00:40 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-02 16:15 . 2010-01-05 00:40 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-02 16:15 . 2010-01-05 00:40 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-02 16:15 . 2010-01-05 00:40 24496 ----a-w- d:\windows\system32\drivers\pxkbf.sys 2010-01-01 20:04 . 2010-01-09 16:20 5115824 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-30 21:02 . 2009-12-30 21:02 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-12-29 22:00 . 2009-12-29 22:00 -------- d-----w- D:\MSNCleaner 2009-12-29 21:50 . 2009-12-29 21:50 -------- d-----w- D:\ERDNT 2009-12-29 21:50 . 2009-12-29 21:50 -------- d-----w- D:\!FixIEDef 2009-12-29 20:18 . 2007-02-09 12:26 184320 ----a-w- d:\windows\system32\delnext.exe 2009-12-28 03:13 . 2009-12-28 03:13 6656 ----a-w- d:\documents and settings\edsom luis\md5file.exe 2009-12-28 03:13 . 2009-12-28 03:13 51200 ----a-w- d:\documents and settings\edsom luis\dumphive.exe 2009-12-28 03:13 . 2009-12-28 03:13 49152 ----a-w- d:\documents and settings\edsom luis\vfind.exe 2009-12-28 03:13 . 2009-12-28 03:13 40960 ----a-w- d:\documents and settings\edsom luis\swsc.exe 2009-12-28 03:13 . 2009-12-28 03:13 38400 ----a-w- d:\documents and settings\edsom luis\moveex.exe 2009-12-28 03:13 . 2009-12-28 03:13 156160 ----a-w- d:\documents and settings\edsom luis\swreg.exe 2009-12-28 03:13 . 2009-12-28 03:13 146944 ----a-w- d:\documents and settings\edsom luis\catchme.exe 2009-12-27 20:17 . 2009-12-27 19:39 583854 ----a-w- D:\HaxFix.exe 2009-12-27 19:39 . 2009-12-27 19:39 -------- d-----w- D:\HaxFix 2009-12-27 19:29 . 2009-12-27 19:29 -------- d-----w- d:\arquivos de programas\Navilog1 2009-12-27 18:28 . 2009-12-27 18:28 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager 2009-12-26 23:43 . 2009-12-26 23:43 -------- d-----w- d:\arquivos de programas\Gadwin Systems 2009-12-25 01:22 . 2009-12-25 01:22 -------- d-----w- d:\arquivos de programas\Conduit 2009-12-24 19:24 . 2009-12-24 19:24 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\ParetoLogic 2009-12-24 18:39 . 2009-12-24 18:39 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\ParetoLogic Anti-Virus PLUS 2009-12-24 16:45 . 2009-12-24 16:45 -------- d-----w- d:\arquivos de programas\MRBDG 2009-12-24 16:21 . 2010-01-07 18:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2009-12-24 16:21 . 2010-01-07 18:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2009-12-24 16:04 . 2009-12-24 16:04 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware 2009-12-19 04:10 . 2009-12-19 04:10 -------- d-----w- d:\arquivos de programas\CCleaner 2009-12-18 17:36 . 2009-12-18 17:36 -------- d--h--w- d:\documents and settings\edsom luis\Recent(2) . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-20 18:10 . 2009-08-22 13:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-01-20 14:18 . 2009-08-27 00:37 664 ----a-w- d:\windows\system32\d3d9caps.dat 2010-01-20 04:39 . 2009-09-22 19:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-13 06:01 . 2007-09-19 13:24 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-04 17:21 . 2001-10-28 20:07 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-01-04 17:21 . 2001-10-28 20:07 471376 ----a-w- d:\windows\system32\perfh016.dat 2009-12-16 01:22 . 2009-12-16 01:22 -------- d-----w- d:\arquivos de programas\CursorXP 2009-12-14 07:35 . 2007-09-19 12:55 249856 ------w- d:\windows\Setup1.exe 2009-12-14 07:35 . 2007-09-19 12:55 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-14 00:07 . 2009-12-14 00:07 -------- d-----w- d:\arquivos de programas\MegaJogos 2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\GetRightToGo 2009-12-08 02:21 . 2009-03-18 23:30 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-05 20:14 . 2009-12-05 20:14 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\K-Meleon 2009-12-05 20:13 . 2009-12-05 20:13 -------- d-----w- d:\arquivos de programas\K-Meleon 2009-12-01 17:16 . 2009-12-01 17:16 38338 ----a-w- d:\arquivos de programas\Uninst.isu 2009-11-29 02:00 . 2009-11-29 02:00 -------- d-----w- d:\arquivos de programas\MSXML 4.0 2009-11-27 20:47 . 2009-11-13 20:19 218 ----a-w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini 2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- d:\arquivos de programas\Arquivos comuns\unite 2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- d:\arquivos de programas\Arquivos comuns\ui 2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- d:\arquivos de programas\Arquivos comuns\styles 2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- d:\arquivos de programas\Arquivos comuns\skin 2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- d:\arquivos de programas\Arquivos comuns\program 2009-11-27 20:47 . 2009-11-27 20:47 -------- d-----w- d:\arquivos de programas\Arquivos comuns\extra 2009-11-25 16:18 . 2009-11-25 16:18 9216 ----a-w- d:\windows\system32\find.exe 2009-11-25 12:38 . 2009-11-25 12:38 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\QuickScan 2009-11-24 21:40 . 2008-12-04 12:33 411368 ----a-w- d:\windows\system32\deploytk.dll 2009-11-24 21:34 . 2009-11-24 21:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira 2009-11-24 08:18 . 2009-04-29 22:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx 2009-11-24 08:18 . 2009-04-29 22:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-11-21 15:58 . 2004-08-04 09:45 471552 ----a-w- d:\windows\AppPatch\AcLayers.dll 2009-11-20 21:11 . 2009-11-20 21:11 15828 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf 2009-11-20 21:01 . 2009-11-20 21:01 832296 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe 2009-11-20 21:01 . 2009-11-20 21:01 4450088 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll 2009-11-20 21:00 . 2009-11-20 21:00 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll 2009-11-20 21:00 . 2009-11-20 21:00 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin 2009-11-19 04:31 . 2009-11-19 04:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Iomatic 2009-11-18 05:34 . 2009-11-18 05:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-18 00:58 . 2009-11-15 03:37 48 ----a-w- d:\windows\system32\_1PUTILS.dat 2009-11-13 20:19 . 2009-03-27 22:27 2320 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini 2009-10-29 07:42 . 2004-08-04 09:45 916480 ------w- d:\windows\system32\wininet.dll 2009-10-21 05:39 . 2004-08-04 09:45 75776 ----a-w- d:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2004-08-04 09:45 25088 ----a-w- d:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 08:00 265728 ----a-w- d:\windows\system32\drivers\http.sys 2009-08-20 14:06 . 2009-08-20 14:06 126704693 ----a-w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04 . 2009-08-20 14:04 9812992 ----a-w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39 . 2009-08-19 07:39 330 ----a-w- d:\arquivos de programas\setup.ini 2009-07-10 05:20 . 2009-12-01 17:16 621546 ----a-w- d:\arquivos de programas\ACIHELP.HLP 2009-07-10 05:20 . 2009-12-01 17:16 3219 ----a-w- d:\arquivos de programas\Acihelp.cnt 2009-06-17 16:41 . 2009-06-17 16:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt 2008-06-09 12:17 . 2008-06-09 12:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml 2004-02-26 15:35 . 2004-02-26 15:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd 2002-03-11 08:06 . 2002-03-11 08:06 1822520 ----a-w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45 . 2002-03-11 07:45 1708856 ----a-w- d:\arquivos de programas\instmsia.exe 2009-03-08 16:09 . 2008-04-14 02:21 638816 --sha-w- d:\windows\ServicePackFiles\i386\iexplore.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "d:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2009-11-09 20:38 2331672 ----a-w- d:\arquivos de programas\DVDVideoSoft\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "d:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRealMode"= 0 (0x0) "HonorAutoRunSetting"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoUpdateCheck"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 01:34 24576 ----a-w- d:\arquivos de programas\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain [HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk] [HKLM\~\startupfolder\^.mjsync_pt_BR] path=\.mjsync_pt_BR [HKLM\~\startupfolder\^catchme.exe] path=\catchme.exe [HKLM\~\startupfolder\^Desktop.rar] path=\Desktop.rar [HKLM\~\startupfolder\^dumphive.exe] path=\dumphive.exe [HKLM\~\startupfolder\^Favoritos.rar] path=\Favoritos.rar [HKLM\~\startupfolder\^haxoth2.txt] path=\haxoth2.txt [HKLM\~\startupfolder\^md5file.exe] path=\md5file.exe [HKLM\~\startupfolder\^Menu Iniciar.rar] path=\Menu Iniciar.rar [HKLM\~\startupfolder\^moveex.exe] path=\moveex.exe [HKLM\~\startupfolder\^NTUSER.DAT] path=\ntuser.dat [HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt] path=\NTUSER.DAT.bak_jv16pt [HKLM\~\startupfolder\^ntuser.dat.LOG] path=\ntuser.dat.LOG [HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG] path=\NTUSER.DAT.tmp.LOG [HKLM\~\startupfolder\^ntuser.ini] path=\ntuser.ini [HKLM\~\startupfolder\^PrivacIE.rar] path=\PrivacIE.rar [HKLM\~\startupfolder\^process.exe] path=\process.exe [HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar] path=\rebuilt.Menu Iniciar.rar [HKLM\~\startupfolder\^rebuilt.UserData.rar] path=\rebuilt.UserData.rar [HKLM\~\startupfolder\^run2.hax] path=\run2.hax [HKLM\~\startupfolder\^swreg.exe] path=\swreg.exe [HKLM\~\startupfolder\^swsc.exe] path=\swsc.exe [HKLM\~\startupfolder\^tool_en.log] path=\tool_en.log [HKLM\~\startupfolder\^UserData.rar] path=\UserData.rar [HKLM\~\startupfolder\^vfind.exe] path=\vfind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 14:08 935288 ----a-r- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 06:08 35696 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 14:08 209153 ----a-w- d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2008-11-04 03:44 435096 ----a-w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-09-16 21:28 133104 ----a-w- d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-11-24 21:40 149280 ----a-w- d:\arquivos de programas\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZeppelinService"=2 (0x2) "GoogleDesktopManager-060409-093314"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\WINDOWS\\system32\\rtcshare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"= R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [11/09/2009 17:13 64160] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/09/2009 13:11 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/09/2009 13:10 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/11/2009 19:34 108289] R3 pxkbf;pxkbf;d:\windows\system32\drivers\pxkbf.sys [02/01/2010 14:15 24496] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/09/2009 13:11 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [09/09/2009 20:15 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S3 CMC AntiRootkit Service;CMC AntiRootkit Servic;d:\windows\system32\drivers\cmcantirootkit.sys --> d:\windows\system32\drivers\cmcantirootkit.sys [?] S3 KProcWatch;KProcWatch; [x] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [17/09/2009 17:43 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136] S4 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x] S4 ZeppelinService;plasservice; [x] . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-20 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job - d:\windows\system32\msfeedssync.exe [2007-08-13 06:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mWindow Title = IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-20 23:11 Windows 5.1.2600 Service Pack 3 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet049\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet049\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\.Default\Software\Stardock\WindowBlinds] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList] @DACL=(02 0000) "PackageName"="Dashboard.msi" [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList] @DACL=(02 0000) "PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi" "LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1064) d:\arquivos de programas\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(3584) d:\windows\system32\WININET.dll d:\windows\system32\webcheck.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll d:\arquivos de programas\CursorXP\CurXP0.dll . ------------------------ Outros Processos em Execução ------------------------ . d:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe d:\arquivos de programas\Java\jre6\bin\jqs.exe d:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe d:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Tempo para conclusão: 2010-01-20 23:14:17 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-01-20 01:14 ComboFix2.txt 2010-01-05 04:08 Pré-execução: 24 pasta(s) 40.355.102.720 bytes disponíveis Pós execução: 26 pasta(s) 40.347.009.024 bytes disponíveis - - End Of File - - 8CB5CB0278BBA28ED296AF4D2CE0A5A3 Segue novo DDS: DDS (Ver_09-12-01.01) - FAT32x86 Run by edsom luis at 23:42:34,98 on 20/01/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.221 [GMT -2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE D:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE D:\Arquivos de programas\AlienGUIse\wbload.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\CursorXP\CursorXP.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe -k eapsvcs D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\WINDOWS\system32\NOTEPAD.EXE D:\WINDOWS\system32\wuauclt.exe D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mWindow Title = uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - d:\arquivos de programas\dvdvideosoft\tbDVDV.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - d:\arquivos de programas\dvdvideosoft\tbDVDV.dll TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - d:\arquivos de programas\dvdvideosoft\tbDVDV.dll uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe mRun: [DWQueuedReporting] "d:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t uPolicies-explorer: NoRealMode = 0 (0x0) uPolicies-explorer: HonorAutoRunSetting = 0 (0x0) uPolicies-explorer: NoFileUrl = 0 (0x0) uPolicies-explorer: NoUpdateCheck = 0 (0x0) mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1) IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Notify: WB - d:\arquivos de programas\alienguise\fastload.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160] R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-11-24 11608] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-11-24 108289] R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-11-24 185089] R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 56816] R3 pxkbf;pxkbf;d:\windows\system32\drivers\pxkbf.sys [2010-1-2 24496] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S3 CMC AntiRootkit Service;CMC AntiRootkit Servic;d:\windows\system32\drivers\cmcantirootkit.sys --> d:\windows\system32\drivers\cmcantirootkit.sys [?] S3 KProcWatch;KProcWatch; [x] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136] S4 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x] S4 ZeppelinService;plasservice; [x] ============== File Associations =============== inifile=Notepad.exe "%1" =============== Created Last 30 ================ 2010-01-20 04:13:27 0 d-----w- d:\arquivos de programas\ImTOO 2010-01-20 04:03:36 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys 2010-01-20 04:03:36 32128 ----a-w- d:\windows\system32\dllcache\usbccgp.sys 2010-01-20 03:48:38 0 d-----w- d:\arquivos de programas\Xilisoft 2010-01-16 18:21:19 3 ----a-w- d:\windows\rrxx.dll 2010-01-16 18:15:41 0 d-sh--w- D:\Recycled 2010-01-16 17:26:30 0 d-sha-r- D:\autorun.inf 2010-01-15 18:36:23 0 d-----w- d:\windows\system32\JAIL 2010-01-14 00:33:40 471552 ------w- d:\windows\system32\dllcache\aclayers.dll 2010-01-13 07:56:58 0 d-----w- d:\arquivos de programas\arquivos comuns\DVDVideoSoft 2010-01-13 07:56:57 0 d-----w- d:\arquivos de programas\DVDVideoSoft 2010-01-05 21:29:02 0 d-----w- d:\docume~1\alluse~1\dadosd~1\VOWSoft 2010-01-05 00:26:29 0 d-----w- d:\arquivos de programas\trend micro 2010-01-04 23:26:22 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\IObit 2010-01-03 06:34:45 0 d-----w- d:\windows\system32\wbem\Repository 2010-01-03 06:34:39 0 d-----w- d:\docume~1\alluse~1\dadosd~1\PrevxCSI 2010-01-03 06:28:02 0 d--h--w- d:\windows\system32\GroupPolicy 2010-01-02 18:42:55 0 d---a-w- D:\autorun(3).inf 2010-01-02 16:15:24 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-02 16:15:24 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-02 16:15:24 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-02 16:15:23 24496 ----a-w- d:\windows\system32\drivers\pxkbf.sys 2010-01-02 16:15:14 51 ----a-w- d:\windows\wininit.ini 2009-12-30 21:02:48 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy 2009-12-30 02:27:56 421888 ----a-w- d:\windows\system32\RealMediaSplitter.ax 2009-12-29 22:00:35 0 d-----w- D:\MSNCleaner 2009-12-29 21:50:20 0 d-----w- D:\!FixIEDef 2009-12-29 20:18:12 184320 ----a-w- d:\windows\system32\delnext.exe 2009-12-28 03:13:54 8688 ----a-w- d:\documents and settings\edsom luis\run2.hax 2009-12-28 03:13:54 6656 ----a-w- d:\documents and settings\edsom luis\md5file.exe 2009-12-28 03:13:54 51200 ----a-w- d:\documents and settings\edsom luis\dumphive.exe 2009-12-28 03:13:54 49152 ----a-w- d:\documents and settings\edsom luis\vfind.exe 2009-12-28 03:13:54 40960 ----a-w- d:\documents and settings\edsom luis\swsc.exe 2009-12-28 03:13:54 38400 ----a-w- d:\documents and settings\edsom luis\moveex.exe 2009-12-28 03:13:54 156160 ----a-w- d:\documents and settings\edsom luis\swreg.exe 2009-12-28 03:13:54 146944 ----a-w- d:\documents and settings\edsom luis\catchme.exe 2009-12-27 20:17:29 583854 ----a-w- D:\HaxFix.exe 2009-12-27 19:39:43 0 d-----w- D:\HaxFix 2009-12-27 19:29:48 0 d-----w- d:\arquivos de programas\Navilog1 2009-12-26 23:43:34 0 d-----w- d:\arquivos de programas\Gadwin Systems 2009-12-25 01:22:51 0 d-----w- d:\arquivos de programas\Conduit 2009-12-24 19:24:19 0 d-----w- d:\docume~1\alluse~1\dadosd~1\ParetoLogic 2009-12-24 18:39:51 0 d-----w- d:\docume~1\alluse~1\dadosd~1\ParetoLogic Anti-Virus PLUS 2009-12-24 16:45:45 0 d-----w- d:\arquivos de programas\MRBDG 2009-12-24 16:21:45 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2009-12-24 16:21:41 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2009-12-24 16:04:27 0 d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2010-01-20 21:16:10 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-01-13 06:01:00 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-04 17:21:42 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-01-04 17:21:42 471376 ----a-w- d:\windows\system32\perfh016.dat 2009-12-14 07:35:46 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-14 07:35:46 249856 ------w- d:\windows\Setup1.exe 2009-12-10 00:54:08 261632 ----a-w- d:\windows\PEV.exe 2009-12-08 02:21:34 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-01 17:16:32 38338 ----a-w- d:\arquivos de programas\Uninst.isu 2009-12-01 01:12:40 579072 ----a-w- d:\windows\system32\dllcache\user32.dll 2009-11-27 20:47:52 218 ----a-w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\find.exe 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\dllcache\find.exe 2009-11-24 21:40:16 411368 ----a-w- d:\windows\system32\deploytk.dll 2009-11-24 08:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.idx 2009-11-24 08:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-11-20 21:11:28 15828 ----a-w- d:\arquivos de programas\arquivos comuns\license.rtf 2009-11-20 21:01:18 832296 ----a-w- d:\arquivos de programas\arquivos comuns\opera.exe 2009-11-20 21:01:16 4450088 ----a-w- d:\arquivos de programas\arquivos comuns\opera.dll 2009-11-20 21:00:42 20480 ----a-w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll 2009-11-20 21:00:24 653419 ----a-w- d:\arquivos de programas\arquivos comuns\encoding.bin 2009-11-13 20:19:06 2320 ----a-w- d:\arquivos de programas\arquivos comuns\operadef6.ini 2009-10-28 14:40:48 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe 2009-10-25 08:11:36 77312 ----a-w- d:\windows\MBR.exe 2009-08-20 14:06:06 126704693 ----a-w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04:26 9812992 ----a-w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39:36 330 ----a-w- d:\arquivos de programas\setup.ini 2009-07-10 05:20:00 621546 ----a-w- d:\arquivos de programas\ACIHELP.HLP 2009-07-10 05:20:00 3219 ----a-w- d:\arquivos de programas\Acihelp.cnt 2009-06-17 16:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt 2008-06-09 12:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml 2004-02-26 15:35:04 7904 ----a-w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd 2002-03-11 08:06:30 1822520 ----a-w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45:04 1708856 ----a-w- d:\arquivos de programas\instmsia.exe 2009-01-21 14:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat 2009-09-11 16:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-03-08 16:09:26 638816 --sha-w- d:\windows\servicepackfiles\i386\iexplore.exe ============= FINISH: 23:43:21,34 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 19/09/2007 10:51:37 System Uptime: 20/01/2010 18:15:54 (5 hours ago) Motherboard: ECS | | M825G Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (FAT32) - 17 GiB total, 7,489 GiB free. D: is FIXED (FAT32) - 59 GiB total, 39,751 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Service: ati2mtag Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO SEC Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO SEC Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Service: ati2mtag Class GUID: Description: Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Manufacturer: Name: PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Controlador de comunicação PCI simples Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Manufacturer: Name: Controlador de comunicação PCI simples PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Service: Class GUID: Description: Device ID: ROOT\LEGACY_BOCDRIVE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000 Service: Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Dispositivo de áudio USB Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Manufacturer: (Áudio USB genérico) Name: Dispositivo de áudio USB PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Service: usbaudio Class GUID: Description: Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Service: ==== System Restore Points =================== RP48: 16/01/2010 15:27:17 - Ponto de verificação do sistema RP49: 16/01/2010 15:28:21 - QUI P TUCHE RP50: 16/01/2010 18:23:09 - Software Distribution Service 3.0 RP51: 17/01/2010 00:00:20 - Software Distribution Service 3.0 RP52: 17/01/2010 05:25:49 - Software Distribution Service 3.0 RP53: 18/01/2010 00:01:04 - Software Distribution Service 3.0 RP54: 18/01/2010 02:51:11 - Software Distribution Service 3.0 RP55: 19/01/2010 01:20:30 - Software Distribution Service 3.0 RP56: 19/01/2010 07:30:52 - Software Distribution Service 3.0 RP57: 20/01/2010 00:00:17 - Software Distribution Service 3.0 RP58: 20/01/2010 01:37:29 - Revo Uninstaller's restore point - AVOne 3GP Video Converter RP59: 20/01/2010 02:06:08 - Revo Uninstaller's restore point - Xilisoft 3GP Video Converter RP60: 20/01/2010 02:26:45 - Revo Uninstaller's restore point - ImTOO 3GP Video Converter RP61: 20/01/2010 10:32:17 - Software Distribution Service 3.0 RP62: 21/01/2010 00:00:22 - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.2 - Português AlienGUIse Theme Manager Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2) Atualização de Segurança para Windows Internet Explorer 7 (KB938127) Atualização de Segurança para Windows Internet Explorer 7 (KB958215) Atualização de Segurança para Windows Internet Explorer 7 (KB960714) Atualização de Segurança para Windows Internet Explorer 7 (KB961260) Atualização de Segurança para Windows Internet Explorer 8 (KB969897) Atualização de Segurança para Windows Internet Explorer 8 (KB971961) Atualização de Segurança para Windows Internet Explorer 8 (KB972260) Atualização de Segurança para Windows Internet Explorer 8 (KB974455) Atualização de Segurança para Windows Internet Explorer 8 (KB976325) Atualização de Segurança para Windows XP (KB961371-v2) Atualização de Segurança para Windows XP (KB972270) Atualização para Windows Internet Explorer 8 (KB973874) Atualização para Windows Internet Explorer 8 (KB976749) Atualização para Windows XP (KB955759) BrOffice.org 3.1 C-Media WDM Audio Driver CCleaner CursorXP DVDVideoSoft Toolbar EVEREST Home Edition v2.20 Free Audio CD Burner version 1.2 Free YouTube to MP3 Converter version 3.2 Gadwin PrintScreen Google Chrome HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IRPF2010 - Declaração de Ajuste Anual e Final de Espólio Java 6 Update 17 Junk Mail filter update K-Meleon 1.5.3 en-US (remove only) Malwarebytes' Anti-Malware MegaJogos (remove only) Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Language Pack - ptb Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.5) MSXML 4.0 SP2 (KB973688) Opera 10.10 Revo Uninstaller 1.85 Sun VirtualBox Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) você 9.0 Runtime VIA Rhine-Family Fast-Ethernet Adapter Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Imaging Component Windows Internet Explorer 7 Windows Media Format 11 runtime XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 ==== End Of File =========================== Obrigado Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Janeiro 24, 2010 Opa EDSSX, 1. Baixe o DDS e salve-o em seu Desktop. 2. Desabilite seu anti-vírus temporiamente. 3. Dê duplo-clique sobre o ícone alocado em seu Desktop. 4. Quando a janela se abrir solicitando autorização para a execução do arquivo, clique sobre Executar. 5. Uma janela abrir-se-á, conforme abaixo ilustrado: 6. O DDS iniciará a varredura na máquina. 7. Ao fim do processo dois arquivos serão criados: dds.txt e attach.txt. 8. Preciso que você poste o conteúdo do dds.txt em sua próxima resposta. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Janeiro 25, 2010 Boa Noite ! jgarcia Segue o DDS.txt : DDS (Ver_09-12-01.01) - FAT32x86 Run by edsom luis at 22:01:45,85 on 24/01/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.205 [GMT -2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE D:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE D:\Arquivos de programas\AlienGUIse\wbload.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe D:\Arquivos de programas\CursorXP\CursorXP.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe -k eapsvcs D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\system32\wuauclt.exe D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr ============== Pseudo HJT Report =============== uWindow Title = Windows Internet Explorer mWindow Title = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe mRun: [sunJavaUpdateSched] "d:\arquivos de programas\arquivos comuns\java\java update\jusched.exe" uPolicies-explorer: NoRealMode = 0 (0x0) uPolicies-explorer: HonorAutoRunSetting = 0 (0x0) uPolicies-explorer: NoFileUrl = 0 (0x0) uPolicies-explorer: NoUpdateCheck = 0 (0x0) IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Notify: WB - d:\arquivos de programas\alienguise\fastload.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll SSODL: MemMan - {523455E4-ABCD-ABCD-1114-D709ADD3DDAB} - No File SSODL: msindeo.dll - {7ACB5731-5839-13AB-EABC-124791194525} - No File SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - No File SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - No File ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\4frl1nwm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13 FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npdeploytk.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npnul32.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\NPOFF12.DLL FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npOGAPlugin.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\nppdf32.dll FF - plugin: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160] R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-11-24 11608] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-11-24 108289] R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-11-24 185089] R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 56816] R3 pxkbf;pxkbf;d:\windows\system32\drivers\pxkbf.sys [2010-1-2 24496] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S3 CMC AntiRootkit Service;CMC AntiRootkit Servic;d:\windows\system32\drivers\cmcantirootkit.sys --> d:\windows\system32\drivers\cmcantirootkit.sys [?] S3 KProcWatch;KProcWatch; [x] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136] S4 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x] S4 ZeppelinService;plasservice; [x] ============== File Associations =============== inifile=Notepad.exe "%1" =============== Created Last 30 ================ 2010-01-25 00:26:05 0 d-sha-r- D:\autorun.inf 2010-01-23 01:15:19 73728 ----a-w- d:\windows\system32\javacpl.cpl 2010-01-22 21:20:33 0 d-----w- d:\windows\system32\wbem\Repository 2010-01-22 20:42:42 0 d--h--w- d:\documents and settings\edsom luis\Recent(3) 2010-01-20 04:03:36 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys 2010-01-20 04:03:36 32128 ----a-w- d:\windows\system32\dllcache\usbccgp.sys 2010-01-16 18:21:19 3 ----a-w- d:\windows\rrxx.dll 2010-01-16 18:15:41 0 d-sh--w- D:\Recycled 2010-01-15 18:36:23 0 d-----w- d:\windows\system32\JAIL 2010-01-14 00:33:40 471552 ------w- d:\windows\system32\dllcache\aclayers.dll 2010-01-05 21:29:02 0 d-----w- d:\docume~1\alluse~1\dadosd~1\VOWSoft 2010-01-05 00:26:29 0 d-----w- d:\arquivos de programas\trend micro 2010-01-04 23:26:22 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\IObit 2010-01-03 06:34:39 0 d-----w- d:\docume~1\alluse~1\dadosd~1\PrevxCSI 2010-01-03 06:28:02 0 d--h--w- d:\windows\system32\GroupPolicy 2010-01-02 18:42:55 0 d-----w- D:\autorun(3).inf 2010-01-02 16:15:24 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-02 16:15:24 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-02 16:15:24 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-02 16:15:23 24496 ----a-w- d:\windows\system32\drivers\pxkbf.sys 2010-01-02 16:15:14 51 ----a-w- d:\windows\wininit.ini 2009-12-30 21:02:48 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy 2009-12-30 02:27:56 421888 ----a-w- d:\windows\system32\RealMediaSplitter.ax 2009-12-29 22:00:35 0 d-----w- D:\MSNCleaner 2009-12-29 21:50:20 0 d-----w- D:\!FixIEDef 2009-12-29 20:18:12 184320 ----a-w- d:\windows\system32\delnext.exe 2009-12-28 03:13:54 8688 ------w- d:\documents and settings\edsom luis\run2.hax 2009-12-28 03:13:54 6656 ------w- d:\documents and settings\edsom luis\md5file.exe 2009-12-28 03:13:54 51200 ------w- d:\documents and settings\edsom luis\dumphive.exe 2009-12-28 03:13:54 49152 ------w- d:\documents and settings\edsom luis\vfind.exe 2009-12-28 03:13:54 40960 ------w- d:\documents and settings\edsom luis\swsc.exe 2009-12-28 03:13:54 38400 ------w- d:\documents and settings\edsom luis\moveex.exe 2009-12-28 03:13:54 156160 ------w- d:\documents and settings\edsom luis\swreg.exe 2009-12-28 03:13:54 146944 ------w- d:\documents and settings\edsom luis\catchme.exe 2009-12-27 20:17:29 583854 ------w- D:\HaxFix.exe 2009-12-27 19:39:43 0 d-----w- D:\HaxFix 2009-12-27 19:29:48 0 d-----w- d:\arquivos de programas\Navilog1 2009-12-26 23:43:34 0 d-----w- d:\arquivos de programas\Gadwin Systems ==================== Find3M ==================== 2010-01-25 00:54:56 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-01-23 01:15:08 411368 ----a-w- d:\windows\system32\deploytk.dll 2010-01-13 06:01:00 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-07 18:07:14 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07:04 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-01-04 17:21:42 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-01-04 17:21:42 471376 ----a-w- d:\windows\system32\perfh016.dat 2009-12-21 19:08:00 916480 ----a-w- d:\windows\system32\wininet.dll 2009-12-21 19:08:00 916480 ----a-w- d:\windows\system32\dllcache\wininet.dll 2009-12-21 19:08:00 5942784 ----a-w- d:\windows\system32\dllcache\mshtml.dll 2009-12-21 19:08:00 206848 ----a-w- d:\windows\system32\dllcache\occache.dll 2009-12-21 19:08:00 12800 ------w- d:\windows\system32\dllcache\xpshims.dll 2009-12-21 19:08:00 1208832 ----a-w- d:\windows\system32\dllcache\urlmon.dll 2009-12-21 19:07:56 594432 ----a-w- d:\windows\system32\dllcache\msfeeds.dll 2009-12-21 19:07:56 55296 ----a-w- d:\windows\system32\dllcache\msfeedsbs.dll 2009-12-21 19:07:56 25600 ----a-w- d:\windows\system32\dllcache\jsproxy.dll 2009-12-21 19:07:56 246272 ------w- d:\windows\system32\dllcache\ieproxy.dll 2009-12-21 19:07:56 1985536 ----a-w- d:\windows\system32\dllcache\iertutil.dll 2009-12-21 19:07:56 184320 ----a-w- d:\windows\system32\dllcache\iepeers.dll 2009-12-21 19:07:54 11070464 ----a-w- d:\windows\system32\dllcache\ieframe.dll 2009-12-21 19:07:52 387584 ----a-w- d:\windows\system32\dllcache\iedkcs32.dll 2009-12-21 13:22:00 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe 2009-12-14 07:35:46 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-14 07:35:46 249856 ------w- d:\windows\Setup1.exe 2009-12-10 00:54:08 261632 ----a-w- d:\windows\PEV.exe 2009-12-08 02:21:34 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-01 17:16:32 38338 ------w- d:\arquivos de programas\Uninst.isu 2009-12-01 01:12:40 579072 ----a-w- d:\windows\system32\dllcache\user32.dll 2009-11-27 20:47:52 218 ------w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\find.exe 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\dllcache\find.exe 2009-11-20 21:11:28 15828 ------w- d:\arquivos de programas\arquivos comuns\license.rtf 2009-11-20 21:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe 2009-11-20 21:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll 2009-11-20 21:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll 2009-11-20 21:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin 2009-11-13 20:19:06 2320 ------w- d:\arquivos de programas\arquivos comuns\operadef6.ini 2009-08-20 14:06:06 126704693 ------w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04:26 9812992 ------w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39:36 330 ------w- d:\arquivos de programas\setup.ini 2009-07-10 05:20:00 621546 ------w- d:\arquivos de programas\ACIHELP.HLP 2009-07-10 05:20:00 3219 ------w- d:\arquivos de programas\Acihelp.cnt 2009-06-17 16:41:58 3870 ------w- d:\arquivos de programas\arquivos comuns\lngcode.txt 2008-06-09 12:17:20 301 ------w- d:\arquivos de programas\arquivos comuns\c3nform.vxml 2004-02-26 15:35:04 7904 ------w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd 2002-03-11 08:06:30 1822520 ------w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45:04 1708856 ------w- d:\arquivos de programas\instmsia.exe 2009-01-21 14:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat 2009-09-11 16:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-03-08 16:09:26 638816 --sha-w- d:\windows\servicepackfiles\i386\iexplore.exe ============= FINISH: 1:02:33,98 =============== Os arquivos D:\autorun.inf e o D:\autorun(3).inf são vacinações do USBFIX . Grato e abraços Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Janeiro 31, 2010 Boa Noite ! jgarcia A opção editar, não consta mais . Depois de 1 semana, resolvi executar o MBM e o combofix novamente; segue os logs : ComboFix 10-01-04.01 - edsom luis 31/01/2010 18:01.2.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.271 [GMT -3:00] Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . d:\windows\system32\iertutil.dlldedeus . (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))) . 2010-02-02 01:20 . 2010-02-02 01:20 -------- d-----w- d:\arquivos de programas\Windows Live SkyDrive 2010-02-02 01:20 . 2010-02-02 01:20 -------- d-----w- d:\arquivos de programas\Windows Live 2010-02-02 01:09 . 2010-02-02 01:09 -------- d-----w- d:\documents and settings\All Users\Gabaritos 2010-02-02 01:07 . 2010-02-02 01:07 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Windows Live 2010-01-31 19:04 . 2010-01-31 19:04 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Uniblue 2010-01-29 19:18 . 2010-01-29 19:18 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Backup 2010-01-27 01:14 . 2010-01-27 01:14 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\GlarySoft 2010-01-25 23:59 . 2010-01-19 11:16 537829 ----a-w- D:\HaxFix.exe 2010-01-25 23:59 . 2010-01-25 23:59 -------- d-----w- d:\windows\HaxFix 2010-01-23 01:15 . 2010-01-23 01:15 503808 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\msvcp71.dll 2010-01-23 01:15 . 2010-01-23 01:15 499712 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\jmc.dll 2010-01-23 01:15 . 2010-01-23 01:15 348160 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\msvcr71.dll 2010-01-23 01:15 . 2010-01-23 01:15 61440 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46b823b7-n\decora-sse.dll 2010-01-23 01:15 . 2010-01-23 01:15 12800 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46b823b7-n\decora-d3d.dll 2010-01-22 21:20 . 2010-01-22 21:20 -------- d-----w- d:\windows\system32\wbem\Repository 2010-01-22 20:42 . 2010-01-22 20:42 -------- d--h--w- d:\documents and settings\edsom luis\Recent(3) 2010-01-20 04:03 . 2008-04-13 13:45 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys 2010-01-20 04:03 . 2008-04-13 13:45 32128 ----a-w- d:\windows\system32\dllcache\usbccgp.sys 2010-01-15 18:36 . 2010-01-15 18:36 -------- d-----w- d:\windows\system32\JAIL 2010-01-14 00:33 . 2009-11-21 15:58 471552 ------w- d:\windows\system32\dllcache\aclayers.dll 2010-01-12 06:06 . 2010-01-11 19:33 789320 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-01-12 06:06 . 2010-01-11 19:32 698184 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll 2010-01-05 21:29 . 2010-01-05 21:29 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\VOWSoft 2010-01-05 00:26 . 2010-01-05 00:26 -------- d-----w- d:\arquivos de programas\trend micro 2010-01-04 23:26 . 2010-01-04 23:26 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\IObit 2010-01-04 02:32 . 2010-01-04 02:32 -------- d-----w- D:\rsit 2010-01-03 06:34 . 2010-01-03 06:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\PrevxCSI 2010-01-03 06:28 . 2010-01-03 06:28 -------- d--h--w- d:\windows\system32\GroupPolicy 2010-01-02 18:42 . 2010-01-02 18:42 -------- d-----w- D:\autorun(3).inf 2010-01-02 16:15 . 2010-01-05 00:40 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-02 16:15 . 2010-01-05 00:40 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-02 16:15 . 2010-01-05 00:40 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-02 16:15 . 2010-01-05 00:40 24496 ----a-w- d:\windows\system32\drivers\pxkbf.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-31 21:03 . 2009-08-22 13:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-01-31 17:58 . 2009-08-27 00:37 664 ----a-w- d:\windows\system32\d3d9caps.dat 2010-01-27 23:07 . 2009-09-22 19:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-23 01:15 . 2008-12-04 12:33 411368 ----a-w- d:\windows\system32\deploytk.dll 2010-01-13 06:01 . 2007-09-19 13:24 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-09 16:20 . 2010-01-01 20:04 5115824 ------w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 18:07 . 2009-12-24 16:21 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07 . 2009-12-24 16:21 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-01-04 17:21 . 2001-10-28 20:07 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-01-04 17:21 . 2001-10-28 20:07 471376 ----a-w- d:\windows\system32\perfh016.dat 2009-12-27 19:29 . 2009-12-27 19:29 -------- d-----w- d:\arquivos de programas\Navilog1 2009-12-27 18:28 . 2009-12-27 18:28 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager 2009-12-26 23:43 . 2009-12-26 23:43 -------- d-----w- d:\arquivos de programas\Gadwin Systems 2009-12-25 01:22 . 2009-12-25 01:22 -------- d-----w- d:\arquivos de programas\Conduit 2009-12-24 16:04 . 2009-12-24 16:04 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware 2009-12-21 19:08 . 2004-08-04 09:45 916480 ----a-w- d:\windows\system32\wininet.dll 2009-12-19 04:10 . 2009-12-19 04:10 -------- d-----w- d:\arquivos de programas\CCleaner 2009-12-16 01:22 . 2009-12-16 01:22 -------- d-----w- d:\arquivos de programas\CursorXP 2009-12-14 07:35 . 2007-09-19 12:55 249856 ------w- d:\windows\Setup1.exe 2009-12-14 07:35 . 2007-09-19 12:55 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\GetRightToGo 2009-12-08 02:21 . 2009-03-18 23:30 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-05 20:14 . 2009-12-05 20:14 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\K-Meleon 2009-12-05 20:13 . 2009-12-05 20:13 -------- d-----w- d:\arquivos de programas\K-Meleon 2009-12-01 17:16 . 2009-12-01 17:16 38338 ------w- d:\arquivos de programas\Uninst.isu 2009-11-27 20:47 . 2009-11-13 20:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini 2009-11-25 16:18 . 2009-11-25 16:18 9216 ----a-w- d:\windows\system32\find.exe 2009-11-24 08:18 . 2009-04-29 22:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-11-21 15:58 . 2004-08-04 09:45 471552 ----a-w- d:\windows\AppPatch\AcLayers.dll 2009-11-20 21:11 . 2009-11-20 21:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf 2009-11-20 21:01 . 2009-11-20 21:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe 2009-11-20 21:01 . 2009-11-20 21:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll 2009-11-20 21:00 . 2009-11-20 21:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll 2009-11-20 21:00 . 2009-11-20 21:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin 2009-11-18 00:58 . 2009-11-15 03:37 48 ----a-w- d:\windows\system32\_1PUTILS.dat 2009-11-13 20:19 . 2009-03-27 22:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini 2009-08-20 14:06 . 2009-08-20 14:06 126704693 ------w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04 . 2009-08-20 14:04 9812992 ------w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39 . 2009-08-19 07:39 330 ------w- d:\arquivos de programas\setup.ini 2009-07-10 05:20 . 2009-12-01 17:16 621546 ------w- d:\arquivos de programas\ACIHELP.HLP 2009-07-10 05:20 . 2009-12-01 17:16 3219 ------w- d:\arquivos de programas\Acihelp.cnt 2009-06-17 16:41 . 2009-06-17 16:41 3870 ------w- d:\arquivos de programas\Arquivos comuns\lngcode.txt 2008-06-09 12:17 . 2008-06-09 12:17 301 ------w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml 2004-02-26 15:35 . 2004-02-26 15:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd 2002-03-11 08:06 . 2002-03-11 08:06 1822520 ------w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45 . 2002-03-11 07:45 1708856 ------w- d:\arquivos de programas\instmsia.exe 2009-03-08 16:09 . 2008-04-14 02:21 638816 --sha-w- d:\windows\ServicePackFiles\i386\iexplore.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000] "Google Update"="d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-26 135664] "msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRealMode"= 0 (0x0) "HonorAutoRunSetting"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoUpdateCheck"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 01:34 24576 ------w- d:\arquivos de programas\AlienGUIse\fastload.dll [HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk] [HKLM\~\startupfolder\^.mjsync_pt_BR] path=\.mjsync_pt_BR [HKLM\~\startupfolder\^catchme.exe] path=\catchme.exe [HKLM\~\startupfolder\^Desktop.rar] path=\Desktop.rar [HKLM\~\startupfolder\^dumphive.exe] path=\dumphive.exe [HKLM\~\startupfolder\^Favoritos.rar] path=\Favoritos.rar [HKLM\~\startupfolder\^haxoth2.txt] path=\haxoth2.txt [HKLM\~\startupfolder\^md5file.exe] path=\md5file.exe [HKLM\~\startupfolder\^Menu Iniciar.rar] path=\Menu Iniciar.rar [HKLM\~\startupfolder\^moveex.exe] path=\moveex.exe [HKLM\~\startupfolder\^NTUSER.DAT] path=\ntuser.dat [HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt] path=\NTUSER.DAT.bak_jv16pt [HKLM\~\startupfolder\^ntuser.dat.LOG] path=\ntuser.dat.LOG [HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG] path=\NTUSER.DAT.tmp.LOG [HKLM\~\startupfolder\^ntuser.ini] path=\ntuser.ini [HKLM\~\startupfolder\^PrivacIE.rar] path=\PrivacIE.rar [HKLM\~\startupfolder\^process.exe] path=\process.exe [HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar] path=\rebuilt.Menu Iniciar.rar [HKLM\~\startupfolder\^rebuilt.UserData.rar] path=\rebuilt.UserData.rar [HKLM\~\startupfolder\^run2.hax] path=\run2.hax [HKLM\~\startupfolder\^swreg.exe] path=\swreg.exe [HKLM\~\startupfolder\^swsc.exe] path=\swsc.exe [HKLM\~\startupfolder\^tool_en.log] path=\tool_en.log [HKLM\~\startupfolder\^UserData.rar] path=\UserData.rar [HKLM\~\startupfolder\^vfind.exe] path=\vfind.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 17:57 948672 ----a-r- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 03:57 35760 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 14:08 209153 ------w- d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2008-11-04 03:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZeppelinService"=2 (0x2) "GoogleDesktopManager-060409-093314"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\WINDOWS\\system32\\rtcshare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"= "d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [11/09/2009 17:13 64160] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/09/2009 13:11 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/09/2009 13:10 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/11/2009 19:34 108289] R3 pxkbf;pxkbf;d:\windows\system32\drivers\pxkbf.sys [02/01/2010 14:15 24496] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/09/2009 13:11 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [09/09/2009 20:15 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S3 CMC AntiRootkit Service;CMC AntiRootkit Servic;d:\windows\system32\drivers\cmcantirootkit.sys --> d:\windows\system32\drivers\cmcantirootkit.sys [?] S3 KProcWatch;KProcWatch; [x] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [17/09/2009 17:43 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136] S4 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x] S4 ZeppelinService;plasservice; [x] . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-31 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job - d:\windows\system32\msfeedssync.exe [2007-08-13 06:31] . . ------- Scan Suplementar ------- . mWindow Title = IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://ajuda.bol.com.br/pagina-inicial.htm FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npdeploytk.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npnul32.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\NPOFF12.DLL FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npOGAPlugin.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\nppdf32.dll FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-31 19:05 Windows 5.1.2600 Service Pack 3 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet049\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet049\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\.Default\Software\Stardock\WindowBlinds] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList] @DACL=(02 0000) "PackageName"="Dashboard.msi" [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList] @DACL=(02 0000) "PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi" "LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1316) d:\arquivos de programas\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(1812) d:\windows\system32\WININET.dll d:\arquivos de programas\CursorXP\CurXP0.dll d:\windows\system32\webcheck.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . d:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe d:\arquivos de programas\Java\jre6\bin\jqs.exe d:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe d:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Tempo para conclusão: 2010-01-31 19:08:13 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-01-31 21:08 ComboFix2.txt 2010-01-21 01:47 ComboFix3.txt 2010-01-05 04:08 Pré-execução: 20 pasta(s) 38.697.467.904 bytes disponíveis Pós execução: 22 pasta(s) 38.740.951.040 bytes disponíveis - - End Of File - - 267E26ADBD9F8E7A0A2B10693C4D2E82 MBM : Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3669 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31/01/2010 20:20:33 mbam-log-2010-01-31 (20-20-33).txt Tipo de Verificação: Completa (C:\|D:\|) Objetos verificados: 230048 Tempo decorrido: 56 minute(s), 14 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 6 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP4\A0000399.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP14\A0001165.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP14\A0001174.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\ComboFix\pv.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\ComboFix\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\ComboFix\PV.cfxxe (Adware.Swizzor) -> Quarantined and deleted successfully. Segue novo log do DDS : DDS (Ver_09-12-01.01) - FAT32x86 Run by edsom luis at 20:28:08,85 on 31/01/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.209 [GMT -3:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe D:\Arquivos de programas\AlienGUIse\wbload.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe D:\Arquivos de programas\CursorXP\CursorXP.exe D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe -k eapsvcs D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\WINDOWS\system32\msfeedssync.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr ============== Pseudo HJT Report =============== mWindow Title = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe uRun: [Google Update] "d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c mRun: [sunJavaUpdateSched] "d:\arquivos de programas\arquivos comuns\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "d:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe" mRun: [MSConfig] d:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto uPolicies-explorer: NoRealMode = 0 (0x0) uPolicies-explorer: HonorAutoRunSetting = 0 (0x0) uPolicies-explorer: NoFileUrl = 0 (0x0) uPolicies-explorer: NoUpdateCheck = 0 (0x0) mPolicies-explorer: HonorAutoRunSetting = 0 (0x0) IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Notify: WB - d:\arquivos de programas\alienguise\fastload.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\4frl1nwm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://ajuda.bol.com.br/pagina-inicial.htm FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npdeploytk.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npnul32.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\NPOFF12.DLL FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npOGAPlugin.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\nppdf32.dll FF - plugin: d:\documents and settings\edsom luis\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568] R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160] R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-11-24 11608] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-11-24 108289] R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-11-24 185089] R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 56816] R3 pxkbf;pxkbf;d:\windows\system32\drivers\pxkbf.sys [2010-1-2 24496] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S2 PEVSystemStart;PEVSystemStart;d:\combofix\PEV.cfxxe [2010-1-31 261632] S3 CMC AntiRootkit Service;CMC AntiRootkit Servic;d:\windows\system32\drivers\cmcantirootkit.sys --> d:\windows\system32\drivers\cmcantirootkit.sys [?] S3 KProcWatch;KProcWatch; [x] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136] S4 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x] S4 ZeppelinService;plasservice; [x] ============== File Associations =============== inifile=Notepad.exe "%1" =============== Created Last 30 ================ 2010-02-02 01:20:38 0 d-----w- d:\arquivos de programas\Windows Live SkyDrive 2010-02-02 01:09:30 0 d-----w- d:\documents and settings\all users\Gabaritos 2010-02-02 01:07:42 0 d-----w- d:\arquivos de programas\arquivos comuns\Windows Live 2010-01-31 22:36:02 3 ----a-w- d:\windows\rrxx.dll 2010-01-31 22:23:40 0 d-sh--w- D:\FOUND.000 2010-01-31 21:19:17 0 d-s---w- D:\ComboFix 2010-01-31 21:10:41 0 d-sh--w- D:\Recycled 2010-01-31 20:57:11 77312 ----a-w- d:\windows\MBR.exe 2010-01-31 20:57:11 261632 ----a-w- d:\windows\PEV.exe 2010-01-31 20:57:11 161792 ----a-w- d:\windows\SWREG.exe 2010-01-31 20:57:10 98816 ----a-w- d:\windows\sed.exe 2010-01-31 19:04:22 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\Uniblue 2010-01-30 00:17:42 0 d---a-r- D:\autorun.inf 2010-01-29 19:18:02 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Backup 2010-01-27 01:14:06 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\GlarySoft 2010-01-25 23:59:30 537829 ----a-w- D:\HaxFix.exe 2010-01-25 23:59:20 0 d-----w- d:\windows\HaxFix 2010-01-23 01:15:19 73728 ----a-w- d:\windows\system32\javacpl.cpl 2010-01-22 21:20:33 0 d-----w- d:\windows\system32\wbem\Repository 2010-01-22 20:42:42 0 d--h--w- d:\documents and settings\edsom luis\Recent(3) 2010-01-20 04:03:36 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys 2010-01-20 04:03:36 32128 ----a-w- d:\windows\system32\dllcache\usbccgp.sys 2010-01-16 18:21:19 3 ----a-w- d:\windows\rrxx.dll.vir 2010-01-15 18:36:23 0 d-----w- d:\windows\system32\JAIL 2010-01-14 00:33:40 471552 ------w- d:\windows\system32\dllcache\aclayers.dll 2010-01-05 21:29:02 0 d-----w- d:\docume~1\alluse~1\dadosd~1\VOWSoft 2010-01-05 00:26:29 0 d-----w- d:\arquivos de programas\trend micro 2010-01-04 23:26:22 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\IObit 2010-01-03 06:34:39 0 d-----w- d:\docume~1\alluse~1\dadosd~1\PrevxCSI 2010-01-03 06:28:02 0 d--h--w- d:\windows\system32\GroupPolicy 2010-01-02 18:42:55 0 d-----w- D:\autorun(3).inf 2010-01-02 16:15:24 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-02 16:15:24 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-02 16:15:24 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-02 16:15:23 24496 ----a-w- d:\windows\system32\drivers\pxkbf.sys 2010-01-02 16:15:14 51 ----a-w- d:\windows\wininit.ini ==================== Find3M ==================== 2010-01-31 23:37:26 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-01-23 01:15:08 411368 ----a-w- d:\windows\system32\deploytk.dll 2010-01-13 06:01:00 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-07 18:07:14 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07:04 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-01-04 17:21:42 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-01-04 17:21:42 471376 ----a-w- d:\windows\system32\perfh016.dat 2009-12-21 19:08:00 916480 ----a-w- d:\windows\system32\dllcache\wininet.dll 2009-12-21 19:08:00 916480 ------w- d:\windows\system32\wininet.dll 2009-12-21 19:08:00 5942784 ----a-w- d:\windows\system32\dllcache\mshtml.dll 2009-12-21 19:08:00 206848 ----a-w- d:\windows\system32\dllcache\occache.dll 2009-12-21 19:08:00 12800 ------w- d:\windows\system32\dllcache\xpshims.dll 2009-12-21 19:08:00 1208832 ----a-w- d:\windows\system32\dllcache\urlmon.dll 2009-12-21 19:07:56 594432 ----a-w- d:\windows\system32\dllcache\msfeeds.dll 2009-12-21 19:07:56 55296 ----a-w- d:\windows\system32\dllcache\msfeedsbs.dll 2009-12-21 19:07:56 25600 ----a-w- d:\windows\system32\dllcache\jsproxy.dll 2009-12-21 19:07:56 246272 ------w- d:\windows\system32\dllcache\ieproxy.dll 2009-12-21 19:07:56 1985536 ----a-w- d:\windows\system32\dllcache\iertutil.dll 2009-12-21 19:07:56 184320 ----a-w- d:\windows\system32\dllcache\iepeers.dll 2009-12-21 19:07:54 11070464 ----a-w- d:\windows\system32\dllcache\ieframe.dll 2009-12-21 19:07:52 387584 ----a-w- d:\windows\system32\dllcache\iedkcs32.dll 2009-12-21 13:22:00 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe 2009-12-14 07:35:46 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-14 07:35:46 249856 ------w- d:\windows\Setup1.exe 2009-12-08 02:21:34 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-01 17:16:32 38338 ------w- d:\arquivos de programas\Uninst.isu 2009-12-01 01:12:40 579072 ----a-w- d:\windows\system32\dllcache\user32.dll 2009-11-27 20:47:52 218 ------w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\find.exe 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\dllcache\find.exe 2009-11-20 21:11:28 15828 ------w- d:\arquivos de programas\arquivos comuns\license.rtf 2009-11-20 21:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe 2009-11-20 21:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll 2009-11-20 21:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll 2009-11-20 21:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin 2009-11-13 20:19:06 2320 ------w- d:\arquivos de programas\arquivos comuns\operadef6.ini 2009-08-20 14:06:06 126704693 ------w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04:26 9812992 ------w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39:36 330 ------w- d:\arquivos de programas\setup.ini 2009-07-10 05:20:00 621546 ------w- d:\arquivos de programas\ACIHELP.HLP 2009-07-10 05:20:00 3219 ------w- d:\arquivos de programas\Acihelp.cnt 2009-06-17 16:41:58 3870 ------w- d:\arquivos de programas\arquivos comuns\lngcode.txt 2008-06-09 12:17:20 301 ------w- d:\arquivos de programas\arquivos comuns\c3nform.vxml 2004-02-26 15:35:04 7904 ------w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd 2002-03-11 08:06:30 1822520 ------w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45:04 1708856 ------w- d:\arquivos de programas\instmsia.exe 2009-01-21 14:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat 2009-09-11 16:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-03-08 16:09:26 638816 --sha-w- d:\windows\servicepackfiles\i386\iexplore.exe ============= FINISH: 20:28:51,79 =============== Consegui rodar o hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:40:55, on 31/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\AlienGUIse\wbload.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe D:\Arquivos de programas\CursorXP\CursorXP.exe D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: PEVSystemStart - Unknown owner - D:\ComboFix\PEV.cfxxe -- End of file - 4379 bytes Grato e abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 2, 2010 Opa EDSSX, Siga as instruções: 1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote": File::d:\arquivos de programas\Arquivos comuns\lngcode.txt d:\arquivos de programas\Arquivos comuns\c3nform.vxml d:\arquivos de programas\ACIHELP.HLP d:\arquivos de programas\Acihelp.cnt d:\windows\system32\drivers\pxkbf.sys d:\windows\system32\drivers\cmcantirootkit.sys d:\windows\system32\drivers\IncompleteBoot.cnt D:\autorun(3).inf Driver:: "pxkbf" "KProcWatch" "CMC AntiRootkit Service" "GoogleDesktopManager-060409-093314" ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário. 2. Salve o arquivo como CFScript.txt; 3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe. 4. Ao término do processo a ferramenta irá gerar um log. Poste-o (D:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Fevereiro 4, 2010 Bom dia ! Prezado amigo jgarcia, após estes proçedimentos supra; meu teclado travou ( quando inicia o windows ele funciona; depois somente teclar uma única/primeira tecla, trava - se o mesmo, o mouse e o sistema . Obs 1 : Troquei o teclado ( por um novinho ) e o problema ainda persistiu . Obs 2 : Não estou podendo utilizar o pc ( digitar nada; ele inicia o os , navega normal e rodam programas; no entanto como citado acima; só digitar em uma tecla e puf ) devido a isto e neste momento estou em outro pc . Abraços Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 4, 2010 Opa EDSSX, Quando da primeira execução do Combofix você instalou o CONSOLE DE RECUPERAÇÃO DO WINDOWS? Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Fevereiro 6, 2010 Boa tarde ! jgarcia A principio estou em outro pc . Na 1 ª vez que utilizei o combofix ( há muito tempo ) foi instalado sim o console; porém já desinstalei varias vezes o combofix e instalei novamente. Nesta ultima execução do mesmo; no ato de rodar o programa não foi pedido a instalação do console pois o combofix já estava em meu pc sendo que assim o console idem . Dei um copiar e colar nos teores dos logs e passei para um disquete ; segue os logs; o do combofix, um novo do DDS e um novo do hijackthis : ComboFix 10-02-01.02 - edsom luis 02/02/2010 9:23.5.1 - FAT32x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.361 [GMT -3:00] Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "d:\arquivos de programas\Acihelp.cnt" "d:\arquivos de programas\ACIHELP.HLP" "d:\arquivos de programas\Arquivos comuns\c3nform.vxml" "d:\arquivos de programas\Arquivos comuns\lngcode.txt" "D:\autorun(3).inf" "d:\windows\system32\drivers\cmcantirootkit.sys" "d:\windows\system32\drivers\IncompleteBoot.cnt" "d:\windows\system32\drivers\pxkbf.sys" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . d:\arquivos de programas\Acihelp.cnt d:\arquivos de programas\ACIHELP.HLP d:\arquivos de programas\Arquivos comuns\c3nform.vxml d:\arquivos de programas\Arquivos comuns\lngcode.txt d:\windows\rrxx.dll d:\windows\system32\AVSredirect.dll d:\windows\system32\drivers\IncompleteBoot.cnt d:\windows\system32\drivers\pxkbf.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMC_ANTIROOTKIT_SERVICE -------\Legacy_GOOGLEDESKTOPMANAGER-060409-093314 -------\Legacy_KPROCWATCH -------\Service_CMC AntiRootkit Service -------\Service_GoogleDesktopManager-060409-093314 -------\Service_KProcWatch -------\Service_pxkbf (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))) . 2010-02-02 01:20 . 2010-02-02 01:20 -------- d-----w- d:\arquivos de programas\Windows Live SkyDrive 2010-02-02 01:20 . 2010-02-02 01:20 -------- d-----w- d:\arquivos de programas\Windows Live 2010-02-02 01:09 . 2010-02-02 01:09 -------- d-----w- d:\documents and settings\All Users\Gabaritos 2010-02-02 01:07 . 2010-02-02 01:07 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Windows Live 2010-02-01 22:31 . 2010-02-01 22:31 4484 ----a-w- d:\windows\system32\drivers\cpuidlep.sys 2010-02-01 22:31 . 2010-02-01 22:31 -------- d-----w- d:\arquivos de programas\CpuIdle 2010-02-01 17:54 . 2010-02-01 17:54 52224 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll 2010-02-01 17:54 . 2010-02-01 17:54 114688 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll 2010-02-01 17:53 . 2010-02-01 17:53 -------- d-----w- d:\arquivos de programas\DVDVideoSoft 2010-02-01 17:53 . 2010-02-01 17:53 -------- d-----w- d:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2010-02-01 17:33 . 2009-09-27 11:39 369152 ----a-w- d:\windows\system32\avisynth.dll 2010-02-01 17:33 . 2004-02-22 12:11 719872 ----a-w- d:\windows\system32\devil.dll 2010-02-01 17:33 . 2004-01-25 02:00 70656 ----a-w- d:\windows\system32\yv12vfw.dll 2010-02-01 17:33 . 2004-01-25 02:00 70656 ----a-w- d:\windows\system32\i420vfw.dll 2010-02-01 17:32 . 2007-09-19 12:44 -------- d-----w- d:\arquivos de programas\AviSynth 2.5 2010-02-01 17:20 . 2010-02-01 17:20 -------- d-----w- d:\arquivos de programas\Witcobber 2010-02-01 03:46 . 2010-02-01 03:46 -------- d-----w- d:\arquivos de programas\Yahoo! 2010-01-31 19:04 . 2010-01-31 19:04 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Uniblue 2010-01-29 19:18 . 2010-01-29 19:18 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Backup 2010-01-27 01:14 . 2010-01-27 01:14 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\GlarySoft 2010-01-25 23:59 . 2010-01-19 11:16 537829 ----a-w- D:\HaxFix.exe 2010-01-25 23:59 . 2010-01-25 23:59 -------- d-----w- d:\windows\HaxFix 2010-01-23 01:15 . 2010-01-23 01:15 503808 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\msvcp71.dll 2010-01-23 01:15 . 2010-01-23 01:15 499712 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\jmc.dll 2010-01-23 01:15 . 2010-01-23 01:15 348160 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\msvcr71.dll 2010-01-23 01:15 . 2010-01-23 01:15 61440 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46b823b7-n\decora-sse.dll 2010-01-23 01:15 . 2010-01-23 01:15 12800 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46b823b7-n\decora-d3d.dll 2010-01-22 21:20 . 2010-01-22 21:20 -------- d-----w- d:\windows\system32\wbem\Repository 2010-01-22 20:42 . 2010-01-22 20:42 -------- d--h--w- d:\documents and settings\edsom luis\Recent(3) 2010-01-20 04:03 . 2008-04-13 13:45 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys 2010-01-20 04:03 . 2008-04-13 13:45 32128 ----a-w- d:\windows\system32\dllcache\usbccgp.sys 2010-01-16 18:21 . 2010-01-16 18:21 3 ----a-w- d:\windows\rrxx.dll.vir 2010-01-15 18:36 . 2010-01-15 18:36 -------- d-----w- d:\windows\system32\JAIL 2010-01-14 00:33 . 2009-11-21 15:58 471552 ------w- d:\windows\system32\dllcache\aclayers.dll 2010-01-12 06:06 . 2010-01-11 19:33 789320 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-01-12 06:06 . 2010-01-11 19:32 698184 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll 2010-01-05 21:29 . 2010-01-05 21:29 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\VOWSoft 2010-01-05 00:26 . 2010-01-05 00:26 -------- d-----w- d:\arquivos de programas\trend micro 2010-01-04 23:26 . 2010-01-04 23:26 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\IObit 2010-01-04 02:32 . 2010-01-04 02:32 -------- d-----w- D:\rsit . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-02 13:40 . 2001-10-28 20:07 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-02-02 13:40 . 2001-10-28 20:07 471376 ----a-w- d:\windows\system32\perfh016.dat 2010-02-02 06:59 . 2009-08-27 00:37 664 ----a-w- d:\windows\system32\d3d9caps.dat 2010-01-27 23:07 . 2009-09-22 19:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-23 01:15 . 2008-12-04 12:33 411368 ----a-w- d:\windows\system32\deploytk.dll 2010-01-13 06:01 . 2007-09-19 13:24 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-09 16:20 . 2010-01-01 20:04 5115824 ------w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 18:07 . 2009-12-24 16:21 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07 . 2009-12-24 16:21 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-01-05 00:40 . 2010-01-02 16:15 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-05 00:40 . 2010-01-02 16:15 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-05 00:40 . 2010-01-02 16:15 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-03 06:34 . 2010-01-03 06:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\PrevxCSI 2009-12-27 19:29 . 2009-12-27 19:29 -------- d-----w- d:\arquivos de programas\Navilog1 2009-12-27 18:28 . 2009-12-27 18:28 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager 2009-12-26 23:43 . 2009-12-26 23:43 -------- d-----w- d:\arquivos de programas\Gadwin Systems 2009-12-25 01:22 . 2009-12-25 01:22 -------- d-----w- d:\arquivos de programas\Conduit 2009-12-24 16:04 . 2009-12-24 16:04 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware 2009-12-21 19:08 . 2004-08-04 09:45 916480 ------w- d:\windows\system32\wininet.dll 2009-12-19 04:10 . 2009-12-19 04:10 -------- d-----w- d:\arquivos de programas\CCleaner 2009-12-16 01:22 . 2009-12-16 01:22 -------- d-----w- d:\arquivos de programas\CursorXP 2009-12-14 07:35 . 2007-09-19 12:55 249856 ------w- d:\windows\Setup1.exe 2009-12-14 07:35 . 2007-09-19 12:55 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\GetRightToGo 2009-12-08 02:21 . 2009-03-18 23:30 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-05 20:14 . 2009-12-05 20:14 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\K-Meleon 2009-12-05 20:13 . 2009-12-05 20:13 -------- d-----w- d:\arquivos de programas\K-Meleon 2009-12-01 17:16 . 2009-12-01 17:16 38338 ------w- d:\arquivos de programas\Uninst.isu 2009-11-27 20:47 . 2009-11-13 20:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini 2009-11-25 16:18 . 2009-11-25 16:18 9216 ----a-w- d:\windows\system32\find.exe 2009-11-24 08:18 . 2009-04-29 22:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-11-21 15:58 . 2004-08-04 09:45 471552 ----a-w- d:\windows\AppPatch\AcLayers.dll 2009-11-20 21:11 . 2009-11-20 21:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf 2009-11-20 21:01 . 2009-11-20 21:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe 2009-11-20 21:01 . 2009-11-20 21:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll 2009-11-20 21:00 . 2009-11-20 21:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll 2009-11-20 21:00 . 2009-11-20 21:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin 2009-11-18 00:58 . 2009-11-15 03:37 48 ----a-w- d:\windows\system32\_1PUTILS.dat 2009-11-13 20:19 . 2009-03-27 22:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini 2009-08-20 14:06 . 2009-08-20 14:06 126704693 ------w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04 . 2009-08-20 14:04 9812992 ------w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39 . 2009-08-19 07:39 330 ------w- d:\arquivos de programas\setup.ini 2004-02-26 15:35 . 2004-02-26 15:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd 2002-03-11 08:06 . 2002-03-11 08:06 1822520 ------w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45 . 2002-03-11 07:45 1708856 ------w- d:\arquivos de programas\instmsia.exe 2009-03-08 16:09 . 2008-04-14 02:21 638816 --sha-w- d:\windows\ServicePackFiles\i386\iexplore.exe . ((((((((((((((((((((((((((((( SnapShot@2010-01-31_21.04.29 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-02 13:38 . 2010-02-02 13:38 16384 d:\windows\temp\Perflib_Perfdata_35c.dat + 2001-10-28 20:07 . 2010-02-02 11:26 68156 d:\windows\system32\perfc009.dat + 2001-10-28 20:07 . 2010-02-02 11:26 435260 d:\windows\system32\perfh009.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "d:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2009-11-09 20:38 2331672 ----a-w- d:\arquivos de programas\DVDVideoSoft\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "d:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "d:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000] "Google Update"="d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-26 135664] "msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRealMode"= 0 (0x0) "HonorAutoRunSetting"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoUpdateCheck"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 01:34 24576 ------w- d:\arquivos de programas\AlienGUIse\fastload.dll [HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk] [HKLM\~\startupfolder\^.mjsync_pt_BR] path=\.mjsync_pt_BR [HKLM\~\startupfolder\^catchme.exe] path=\catchme.exe [HKLM\~\startupfolder\^Desktop.rar] path=\Desktop.rar [HKLM\~\startupfolder\^dumphive.exe] path=\dumphive.exe [HKLM\~\startupfolder\^Favoritos.rar] path=\Favoritos.rar [HKLM\~\startupfolder\^haxoth2.txt] path=\haxoth2.txt [HKLM\~\startupfolder\^md5file.exe] path=\md5file.exe [HKLM\~\startupfolder\^Menu Iniciar.rar] path=\Menu Iniciar.rar [HKLM\~\startupfolder\^moveex.exe] path=\moveex.exe [HKLM\~\startupfolder\^NTUSER.DAT] path=\ntuser.dat [HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt] path=\NTUSER.DAT.bak_jv16pt [HKLM\~\startupfolder\^ntuser.dat.LOG] path=\ntuser.dat.LOG [HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG] path=\NTUSER.DAT.tmp.LOG [HKLM\~\startupfolder\^ntuser.ini] path=\ntuser.ini [HKLM\~\startupfolder\^PrivacIE.rar] path=\PrivacIE.rar [HKLM\~\startupfolder\^process.exe] path=\process.exe [HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar] path=\rebuilt.Menu Iniciar.rar [HKLM\~\startupfolder\^rebuilt.UserData.rar] path=\rebuilt.UserData.rar [HKLM\~\startupfolder\^run2.hax] path=\run2.hax [HKLM\~\startupfolder\^swreg.exe] path=\swreg.exe [HKLM\~\startupfolder\^swsc.exe] path=\swsc.exe [HKLM\~\startupfolder\^tool_en.log] path=\tool_en.log [HKLM\~\startupfolder\^UserData.rar] path=\UserData.rar [HKLM\~\startupfolder\^vfind.exe] path=\vfind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 17:57 948672 ----a-r- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 03:57 35760 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 14:08 209153 ------w- d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2008-11-04 03:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 18:44 3883840 ----a-w- d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZeppelinService"=2 (0x2) "GoogleDesktopManager-060409-093314"=3 (0x3) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\WINDOWS\\system32\\rtcshare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"= "d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [11/09/2009 17:13 64160] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/09/2009 13:11 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/09/2009 13:10 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/11/2009 19:34 108289] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/09/2009 13:11 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [09/09/2009 20:15 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [17/09/2009 17:43 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136] S4 ZeppelinService;plasservice; [x] . Conteúdo da pasta 'Tarefas Agendadas' 2010-02-02 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job - d:\windows\system32\msfeedssync.exe [2007-08-13 06:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mWindow Title = IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://ajuda.bol.com.br/pagina-inicial.htm FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npdeploytk.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npnul32.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\NPOFF12.DLL FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npOGAPlugin.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\nppdf32.dll FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll ---- FIREFOX POLICIES ---- d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-02 11:39 Windows 5.1.2600 Service Pack 3 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet049\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet049\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\.Default\Software\Stardock\WindowBlinds] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList] @DACL=(02 0000) "PackageName"="Dashboard.msi" [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList] @DACL=(02 0000) "PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi" "LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1324) d:\arquivos de programas\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(2844) d:\windows\system32\WININET.dll d:\arquivos de programas\CursorXP\CurXP0.dll d:\windows\system32\webcheck.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . d:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe d:\arquivos de programas\Java\jre6\bin\jqs.exe d:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Tempo para conclusão: 2010-02-02 11:42:37 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-02-02 13:42 ComboFix2.txt 2010-01-31 21:08 ComboFix3.txt 2010-01-21 01:47 ComboFix4.txt 2010-01-05 04:08 Pré-execução: 20 pasta(s) 39.498.612.736 bytes disponíveis Pós execução: 24 pasta(s) 39.461.879.808 bytes disponíveis - - End Of File - - 0E9D580BC5A1FCDFB71110FBD80BF62B Segue log do DDS: DDS (Ver_09-12-01.01) - FAT32x86 Run by edsom luis at 9:50:34,68 on --- 05/02/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.241 [GMT -3:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe -k eapsvcs D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe D:\WINDOWS\system32\notepad.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mWindow Title = BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uPolicies-explorer: NoRealMode = 0 (0x0) uPolicies-explorer: HonorAutoRunSetting = 0 (0x0) uPolicies-explorer: NoFileUrl = 0 (0x0) uPolicies-explorer: NoUpdateCheck = 0 (0x0) mPolicies-explorer: HonorAutoRunSetting = 0 (0x0) IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\4frl1nwm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://ajuda.bol.com.br/pagina-inicial.htm FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npdeploytk.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npnul32.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\NPOFF12.DLL FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npOGAPlugin.dll FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\nppdf32.dll FF - plugin: d:\documents and settings\edsom luis\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160] R1 80939841;80939841;d:\windows\system32\drivers\80939841.sys [2010-2-7 128016] R1 80939842;80939842 Boot Guard Driver;d:\windows\system32\drivers\80939842.sys [2010-2-7 37392] R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-11-24 11608] R1 setup_9.0.0.722_15.01.2010_15-37drv;setup_9.0.0.722_15.01.2010_15-37drv;d:\windows\system32\drivers\8093984.sys [2010-2-7 315408] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-11-24 108289] R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-11-24 185089] R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 56816] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S2 ZeppelinService;plasservice; [x] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136] ============== File Associations =============== inifile=Notepad.exe "%1" =============== Created Last 30 ================ ==================== Find3M ==================== 2010-02-02 13:40:34 80198 ----a-w- d:\windows\system32\perfc016.dat 2010-02-02 13:40:34 471376 ----a-w- d:\windows\system32\perfh016.dat 2010-01-23 01:15:08 411368 ----a-w- d:\windows\system32\deploytk.dll 2010-01-13 06:01:00 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-07 18:07:14 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 18:07:04 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-01-05 00:40:06 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-05 00:40:06 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-05 00:40:06 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-05 00:40:06 24496 ----a-w- d:\windows\system32\pxkbf.sys.vir 2009-12-28 03:13:56 6656 ----a-w- d:\documents and settings\edsom luis\md5file.exe 2009-12-28 03:13:56 51200 ----a-w- d:\documents and settings\edsom luis\dumphive.exe 2009-12-28 03:13:56 49152 ----a-w- d:\documents and settings\edsom luis\vfind.exe 2009-12-28 03:13:56 40960 ----a-w- d:\documents and settings\edsom luis\swsc.exe 2009-12-28 03:13:56 38400 ----a-w- d:\documents and settings\edsom luis\moveex.exe 2009-12-28 03:13:56 156160 ----a-w- d:\documents and settings\edsom luis\swreg.exe 2009-12-28 03:13:56 146944 ----a-w- d:\documents and settings\edsom luis\catchme.exe 2009-12-21 19:08:00 916480 ----a-w- d:\windows\system32\dllcache\wininet.dll 2009-12-21 19:08:00 916480 ------w- d:\windows\system32\wininet.dll 2009-12-21 19:08:00 5942784 ----a-w- d:\windows\system32\dllcache\mshtml.dll 2009-12-21 19:08:00 206848 ----a-w- d:\windows\system32\dllcache\occache.dll 2009-12-21 19:08:00 12800 ------w- d:\windows\system32\dllcache\xpshims.dll 2009-12-21 19:08:00 1208832 ----a-w- d:\windows\system32\dllcache\urlmon.dll 2009-12-21 19:07:56 594432 ----a-w- d:\windows\system32\dllcache\msfeeds.dll 2009-12-21 19:07:56 55296 ----a-w- d:\windows\system32\dllcache\msfeedsbs.dll 2009-12-21 19:07:56 25600 ----a-w- d:\windows\system32\dllcache\jsproxy.dll 2009-12-21 19:07:56 246272 ------w- d:\windows\system32\dllcache\ieproxy.dll 2009-12-21 19:07:56 1985536 ----a-w- d:\windows\system32\dllcache\iertutil.dll 2009-12-21 19:07:56 184320 ----a-w- d:\windows\system32\dllcache\iepeers.dll 2009-12-21 19:07:54 11070464 ----a-w- d:\windows\system32\dllcache\ieframe.dll 2009-12-21 19:07:52 387584 ----a-w- d:\windows\system32\dllcache\iedkcs32.dll 2009-12-21 13:22:00 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe 2009-12-14 07:35:46 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-14 07:35:46 249856 ------w- d:\windows\Setup1.exe 2009-12-08 02:21:34 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-01 17:16:32 38338 ------w- d:\arquivos de programas\Uninst.isu 2009-12-01 01:12:40 579072 ----a-w- d:\windows\system32\dllcache\user32.dll 2009-11-27 20:47:52 218 ------w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\find.exe 2009-11-25 16:18:44 9216 ----a-w- d:\windows\system32\dllcache\find.exe 2009-11-20 21:11:28 15828 ------w- d:\arquivos de programas\arquivos comuns\license.rtf 2009-11-20 21:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe 2009-11-20 21:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll 2009-11-20 21:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll 2009-11-20 21:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin 2009-11-13 20:19:06 2320 ------w- d:\arquivos de programas\arquivos comuns\operadef6.ini 2009-08-20 14:06:06 126704693 ------w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 14:04:26 9812992 ------w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 07:39:36 330 ------w- d:\arquivos de programas\setup.ini 2009-07-10 05:20:00 621546 ----a-w- d:\arquivos de programas\arquivos comuns\ACIHELP.HLP.vir 2009-07-10 05:20:00 621546 ----a-w- d:\arquivos de programas\ACIHELP.HLP 2009-07-10 05:20:00 3219 ----a-w- d:\arquivos de programas\arquivos comuns\Acihelp.cnt.vir 2009-07-10 05:20:00 3219 ----a-w- d:\arquivos de programas\Acihelp.cnt 2009-06-17 16:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt.vir 2009-06-17 16:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt 2008-06-09 12:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml.vir 2008-06-09 12:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml 2004-02-26 15:35:04 7904 ------w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd 2002-03-11 08:06:30 1822520 ------w- d:\arquivos de programas\instmsiw.exe 2002-03-11 07:45:04 1708856 ------w- d:\arquivos de programas\instmsia.exe 2009-01-21 14:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat 2009-09-11 16:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-03-08 16:09:26 638816 --sha-w- d:\windows\servicepackfiles\i386\iexplore.exe ============= FINISH: 9:51:19,98 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 19/9/2007 10:51:37 System Uptime: 2/5/2010 09:42:49 (-2064 hours ago) Motherboard: ECS | | M825G Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (FAT32) - 17 GiB total, 7,501 GiB free. D: is FIXED (FAT32) - 59 GiB total, 35,028 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Service: ati2mtag Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO SEC Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO SEC Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Service: ati2mtag Class GUID: Description: Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Manufacturer: Name: PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Service: Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Teclado padrão com 101/102 teclas ou Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&3656B0&0 Manufacturer: (teclados padrões) Name: Teclado padrão com 101/102 teclas ou Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&3656B0&0 Service: i8042prt Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Controlador de comunicação PCI simples Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Manufacturer: Name: Controlador de comunicação PCI simples PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Service: Class GUID: Description: Device ID: ROOT\LEGACY_BOCDRIVE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000 Service: Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Dispositivo de áudio USB Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Manufacturer: (Áudio USB genérico) Name: Dispositivo de áudio USB PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Service: usbaudio Class GUID: Description: Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: VirtualBox Bridged Networking Driver Miniport Device ID: ROOT\SUN_VBOXNETFLTMP\0004 Manufacturer: Sun Microsystems, Inc. Name: WAN Miniport (PPTP) - VirtualBox Bridged Networking Driver Miniport PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0004 Service: VBoxNetFlt Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: VirtualBox Bridged Networking Driver Miniport Device ID: ROOT\SUN_VBOXNETFLTMP\0005 Manufacturer: Sun Microsystems, Inc. Name: Miniporta WAN (PPPOE) - VirtualBox Bridged Networking Driver Miniport PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0005 Service: VBoxNetFlt ==== System Restore Points =================== RP15: 1/2/2010 01:50:55 - Ponto de verificação do sistema RP16: 31/1/2010 23:52:37 - TUCHE PERICIA DIGITAL RP17: 1/2/2010 15:22:23 - Revo Uninstaller's restore point - Super Video Converter 5.8 RP18: 1/2/2010 15:23:32 - Revo Uninstaller's restore point - Super Video Converter 5.8 RP19: 1/2/2010 15:51:54 - Revo Uninstaller's restore point - SUPER © Version 2010.bld.37 (Jan 2, 2010) RP20: 2/2/2010 03:47:36 - Revo Uninstaller's restore point - Barra de Ferramentas do Yahoo! RP21: 2/2/2010 06:54:05 - Revo Uninstaller's restore point - CpuIdle (remove only) RP22: 2/2/2010 10:11:31 - Removido Assistente de Conexão do Windows Live RP23: 2/2/2010 16:21:49 - Removido Ferramenta de Carregamento do Windows Live RP24: 6/2/2010 11:50:58 - Operação de restauração RP25: 6/2/2010 11:54:42 - Operação de restauração RP26: 6/2/2010 12:58:28 - Operação de restauração RP27: 6/2/2010 14:07:53 - Operação de restauração RP28: 8/2/2010 13:31:37 - Operação de restauração RP29: 2/2/2010 15:30:04 - Installed Keyboard Designer RP30: 2/2/2010 16:40:07 - Recuperação de utilitário de backup da Microsoft RP31: 3/2/2010 05:15:44 - Recuperação de utilitário de backup da Microsoft RP32: 3/2/2010 09:26:04 - Revo Uninstaller's restore point - Keyboard Designer RP33: 3/2/2010 09:26:15 - Removed Keyboard Designer RP34: 3/2/2010 17:02:39 - Operação de restauração RP35: 3/2/2010 18:06:46 - Operação de restauração RP36: 4/2/2010 21:21:58 - Operação de restauração RP37: 4/2/2010 22:26:41 - Operação de restauração RP38: 4/2/2010 03:13:44 - Ponto de verificação do sistema RP39: 5/2/2010 03:33:08 - Ponto de verificação do sistema RP40: 6/2/2010 04:33:10 - Ponto de verificação do sistema ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3 - Português Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2) Atualização de Segurança para Windows Internet Explorer 7 (KB938127) Atualização de Segurança para Windows Internet Explorer 7 (KB958215) Atualização de Segurança para Windows Internet Explorer 7 (KB960714) Atualização de Segurança para Windows Internet Explorer 7 (KB961260) Atualização de Segurança para Windows Internet Explorer 8 (KB969897) Atualização de Segurança para Windows Internet Explorer 8 (KB971961) Atualização de Segurança para Windows Internet Explorer 8 (KB972260) Atualização de Segurança para Windows Internet Explorer 8 (KB974455) Atualização de Segurança para Windows Internet Explorer 8 (KB976325) Atualização de Segurança para Windows Internet Explorer 8 (KB978207) Atualização para Windows Internet Explorer 8 (KB973874) Atualização para Windows Internet Explorer 8 (KB976749) BrOffice.org 3.1 C-Media WDM Audio Driver CCleaner CursorXP EVEREST Home Edition v2.20 Gadwin PrintScreen Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IRPF2010 - Declaração de Ajuste Anual e Final de Espólio Java Auto Updater Java 6 Update 18 Junk Mail filter update K-Meleon 1.5.3 en-US (remove only) Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 Language Pack - ptb Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.5) Mozilla Firefox (3.6) MSXML 4.0 SP2 (KB973688) Opera 10.10 Revo Uninstaller 1.85 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) você 9.0 Runtime VIA Rhine-Family Fast-Ethernet Adapter Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Imaging Component Windows Internet Explorer 7 Windows Media Format 11 runtime XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 ==== End Of File =========================== Segue log do hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:55:04, on 5/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe D:\WINDOWS\system32\notepad.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: plasservice (ZeppelinService) - Unknown owner - (no file) -- End of file - 3437 bytes Abraços e obrigado ------------------ Boa Tarde A Opção editar não consta mais . Esqueçi de mencionar isto cfe. abaixo: Logo após o problema no teclado , rodei o malwarebytes : Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3669 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/02/2010 20:20:33 mbam-log-2010-02-04 (20-20-33).txt Tipo de Verificação: Completa (C:\|D:\|) Objetos verificados: 230048 Tempo decorrido: 56 minute(s), 14 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 6 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP4\A0000399.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP14\A0001165.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP14\A0001174.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\ComboFix\pv.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\ComboFix\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\ComboFix\PV.cfxxe (Adware.Swizzor) -> Quarantined and deleted successfully. O estranho que os diretórios foram para a 40ena e deletados ; com a execução do Malwarebytes novamente os mesmos retornaram cfe. o outro log infra: Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3669 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/02/2010 23:59:21 mbam-log-2010-02-04 (23-59-21).txt Tipo de Verificação: Completa (D:\|) Objetos verificados: 152119 Tempo decorrido: 26 minute(s), 0 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 5 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP21\A0002471.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP21\A0002480.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\32788R22FWJFW\pv.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\32788R22FWJFW\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\32788R22FWJFW\PV.cfxxe (Adware.Swizzor) -> Quarantined and deleted successfully. Dei um executar>osk Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Fevereiro 25, 2010 Nossa, que abacaxi em :) rs Assumirei o seu caso complicado. • Baixe:OTL.exe • Salve-o no desktop! • Segundo a imagem, mude a opção em "Output" para "Minimal Output". • Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". • Marque as caixas: -- [] LOP check e [] Purity check • Clique em: e aguarde. • Poste: 1) OTL.txt <-- <3> 2) Extra.txt <-- Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Fevereiro 25, 2010 Boa tarde OTL logfile created on: 25/2/2010 17:35:42 - Run 10 OTL by OldTimer - Version 3.1.30.2 Folder = D:\Documents and Settings\edsom luis\Meus documentos\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 511,00 Mb Total Physical Memory | 165,00 Mb Available Physical Memory | 32,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Arquivos de programas Drive C: | 17,28 Gb Total Space | 7,50 Gb Free Space | 43,42% Space Free | Partition Type: FAT32 Drive D: | 59,00 Gb Total Space | 33,41 Gb Free Space | 56,63% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EDIM Current User Name: edsom luis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Documents and Settings\edsom luis\Meus documentos\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - D:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\WINDOWS\system32\osk.exe (Microsoft Corporation) PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Arquivos de programas\AlienGUIse\wbload.exe (Stardock Systems, Inc) PRC - D:\Arquivos de programas\CursorXP\CursorXP.exe ( ) PRC - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - D:\WINDOWS\system32\msswchx.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Documents and Settings\edsom luis\Meus documentos\Downloads\OTL.exe (OldTimer Tools) MOD - D:\Arquivos de programas\AlienGUIse\wblind.dll (Stardock.Net, Inc) MOD - D:\Arquivos de programas\CursorXP\CurXP0.dll ( ) MOD - D:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc) MOD - D:\Arquivos de programas\AlienGUIse\wbhelp.dll (Stardock.Net, Inc) ========== Win32 Services (SafeList) ========== SRV - (ZeppelinService) -- File not found SRV - (WLSetupSvc) -- File not found SRV - (usnjsvc) -- File not found SRV - (PEVSystemStart) -- File not found SRV - (gusvc) -- File not found SRV - (JavaQuickStarterService) -- D:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (AntiVirService) -- D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (IDriverT) -- D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation) SRV - (MDM) -- D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (cpuidlep) -- D:\WINDOWS\system32\drivers\cpuidlep.sys () DRV - (avgntflt) -- D:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (RegGuard) -- D:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (Lbd) -- D:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (VBoxNetAdp) -- D:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxUSBMon) -- D:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.) DRV - (VBoxDrv) -- D:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (ssmdrv) -- D:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- D:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (GbpKm) -- D:\WINDOWS\system32\drivers\GbpKm.sys (GAS Tecnologia) DRV - (rspSanity) -- D:\WINDOWS\system32\drivers\rspSanity32.sys (Resplendence Software Projects Sp.) DRV - (avgio) -- D:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FET5X86V) -- D:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. ) DRV - (usbaudio) Driver de áudio USB (WDM) -- D:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (xpvcom) -- D:\WINDOWS\system32\drivers\XPVCOM.sys () DRV - (cmuda) -- D:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc) DRV - (713xTVCard) -- D:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors) DRV - (Ptilink) -- D:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (FETNDIS) -- D:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: D:\Arquivos de programas\K-Meleon\Plugins [2009/12/05 18:13:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: D:\Arquivos de programas\K-Meleon\Components [2009/12/05 18:13:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Arquivos de programas\Mozilla Firefox\components [2010/01/21 14:31:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Arquivos de programas\Mozilla Firefox\plugins [2010/01/21 14:31:06 | 000,000,000 | ---D | M] [2009/08/27 21:45:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Extensions [2009/12/19 18:01:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions [2010/02/22 22:26:28 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/02/06 21:38:42 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010/01/02 22:42:02 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}(2) [2010/01/21 17:26:46 | 000,000,927 | ---- | M] () -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\searchplugins\conduit.xml [2010/01/21 14:31:06 | 000,000,000 | ---D | M] -- D:\Arquivos de programas\Mozilla Firefox\extensions [2010/01/15 23:18:56 | 000,001,027 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml [2010/01/15 23:18:56 | 000,001,212 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2010/01/15 23:18:56 | 000,001,168 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2010/01/15 23:18:56 | 000,000,952 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2010/02/20 12:26:32 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-839522115-1409082233-725345543-1003..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe ( ) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.96.15 189.7.96.16 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (D:\WINDOWS\system32\wbsys.dll) - D:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\WB: DllName - D:\Arquivos de programas\AlienGUIse\fastload.dll - D:\Arquivos de programas\AlienGUIse\fastload.dll (Stardock) O24 - Desktop WallPaper: D:\WINDOWS\InvaderDark1280.bmp O24 - Desktop BackupWallPaper: D:\WINDOWS\InvaderDark1280.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/02/23 14:03:16 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009/11/14 20:15:58 | 000,000,000 | ---D | M] - C:\autorun(2).inf -- [ FAT32 ] O32 - AutoRun File - [2010/01/02 16:42:56 | 000,000,000 | ---D | M] - C:\autorun(3).inf -- [ FAT32 ] O32 - AutoRun File - [2010/02/23 14:03:16 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009/11/14 20:15:58 | 000,000,000 | ---D | M] - D:\autorun(2).inf -- [ FAT32 ] O32 - AutoRun File - [2010/01/02 16:42:56 | 000,000,000 | ---D | M] - D:\autorun(3).inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/25 16:01:10 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood [2010/02/25 15:57:34 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\edsom luis\Recent [2010/02/23 23:54:37 | 000,308,224 | ---- | C] (InstallShield Software Corporation) -- D:\WINDOWS\IsUn0816.exe [2010/02/23 23:50:26 | 000,073,728 | R--- | C] (InstallShield Software Corporation) -- D:\Documents and Settings\edsom luis\Meus documentos\Setup.exe [2010/02/23 23:50:26 | 000,027,648 | R--- | C] (InstallShield Software Corporation) -- D:\Documents and Settings\edsom luis\Meus documentos\_ISDel.exe [2010/02/23 23:50:26 | 000,000,000 | R--D | C] -- D:\Documents and Settings\edsom luis\Meus documentos\setupdir [2010/02/23 23:50:23 | 000,000,000 | R--D | C] -- D:\Documents and Settings\edsom luis\Meus documentos\Multi_Lang [2010/02/23 23:30:57 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Setting.files [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon [2010/02/23 23:30:56 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon [2010/02/23 23:30:55 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Head [2010/02/23 23:30:55 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Head [2010/02/23 23:30:55 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Head [2010/02/23 23:30:54 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Head [2010/02/23 23:30:54 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Head [2010/02/23 23:30:54 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Head [2010/02/23 23:30:54 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Head [2010/02/23 23:30:51 | 000,035,840 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\0010\_Setup.dll [2010/02/23 23:30:51 | 000,035,840 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\000a\_Setup.dll [2010/02/23 23:30:51 | 000,035,328 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\0816\_Setup.dll [2010/02/23 23:30:51 | 000,035,328 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\0007\_Setup.dll [2010/02/23 23:30:51 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Head [2010/02/23 23:30:51 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Head [2010/02/23 23:30:51 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\0816 [2010/02/23 23:30:51 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\0010 [2010/02/23 23:30:51 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\000a [2010/02/23 23:30:50 | 000,073,728 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\Setup.exe [2010/02/23 23:30:50 | 000,034,816 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\040c\_Setup.dll [2010/02/23 23:30:50 | 000,034,816 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\0404\_Setup.dll [2010/02/23 23:30:50 | 000,034,816 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\0012\_Setup.dll [2010/02/23 23:30:50 | 000,034,816 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\0011\_Setup.dll [2010/02/23 23:30:50 | 000,034,816 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\setupdir\0009\_Setup.dll [2010/02/23 23:30:50 | 000,027,648 | R--- | C] (InstallShield Software Corporation) -- D:\WINDOWS\System32\drivers\_ISDel.exe [2010/02/23 23:30:50 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir [2010/02/23 23:30:50 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\040c [2010/02/23 23:30:50 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\0404 [2010/02/23 23:30:50 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\0012 [2010/02/23 23:30:50 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\0011 [2010/02/23 23:30:50 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\0009 [2010/02/23 23:30:50 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\setupdir\0007 [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\It [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm [2010/02/23 23:30:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\En [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help [2010/02/23 23:30:47 | 000,000,000 | R--D | C] -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr [2010/02/23 14:03:14 | 000,000,000 | RHSD | C] -- D:\autorun.inf [2010/02/23 13:47:12 | 000,019,072 | ---- | C] (Hewlett-Packard Company) -- D:\WINDOWS\System32\drivers\PS2.sys [2010/02/22 19:14:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\.receitanet [2010/02/22 09:54:23 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Programas RFB [2010/02/21 17:09:53 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\CursorXP [2010/02/21 12:42:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\FileCure [2010/02/20 15:04:02 | 000,000,000 | -HSD | C] -- D:\FOUND.000 [2010/02/19 23:53:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DriverCure [2010/02/19 23:53:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\DriverCure [2010/02/19 19:58:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Abelssoft [2010/02/19 12:16:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software [2010/02/19 01:13:37 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2010/02/19 01:13:37 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2010/02/19 01:13:37 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2010/02/19 01:13:11 | 000,000,000 | ---D | C] -- D:\Qoobox [2010/02/17 01:06:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\.assinador [2010/02/16 23:54:30 | 000,000,000 | -HSD | C] -- D:\Recycled [2010/02/16 23:54:01 | 000,000,000 | ---D | C] -- D:\WINDOWS\temp [2010/02/16 23:38:26 | 000,000,000 | ---D | C] -- D:\WORT [2010/02/16 19:39:47 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\Logishrd [2010/02/16 19:39:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\LogiShrd [2010/02/16 19:20:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Easeware [2010/02/14 17:16:27 | 000,000,000 | ---D | C] -- D:\Drivers Backup [2010/02/12 18:25:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DeviceDoctorSoftware [2010/02/09 16:33:12 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\InCode Solutions [2010/02/07 02:08:33 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ati2cqag.dll [2010/02/07 02:08:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpcdll.dll [2010/02/07 02:08:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\smtpapi.dll [2010/02/07 02:08:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rwnh.dll [2010/02/07 02:08:32 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- D:\WINDOWS\System32\ati3duag.dll [2010/02/07 02:08:32 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- D:\WINDOWS\System32\ati3d1ag.dll [2010/02/07 02:08:32 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- D:\WINDOWS\System32\ativvaxx.dll [2010/02/07 02:08:32 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ati2dvaa.dll [2010/02/07 02:08:32 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ati2dvag.dll [2010/02/07 02:08:32 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ativtmxx.dll [2010/02/07 02:08:32 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ativmvxx.ax [2010/02/07 02:08:32 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ativdaxx.ax [2010/02/07 02:08:28 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1rvxx.sys [2010/02/07 02:08:28 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1btxx.sys [2010/02/07 02:08:28 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1tuxx.sys [2010/02/07 02:08:28 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1xsxx.sys [2010/02/07 02:08:28 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1raxx.sys [2010/02/07 02:08:28 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1xbxx.sys [2010/02/07 02:08:28 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1snxx.sys [2010/02/07 02:08:28 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1ttxx.sys [2010/02/07 02:08:28 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1pdxx.sys [2010/02/07 02:08:28 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1mdxx.sys [2010/02/07 02:08:27 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati2mtag.sys [2010/02/07 02:08:27 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati2mtaa.sys [2010/02/07 02:08:27 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinrvxx.sys [2010/02/07 02:08:27 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atintuxx.sys [2010/02/07 02:08:27 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinxsxx.sys [2010/02/07 02:08:27 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinbtxx.sys [2010/02/07 02:08:27 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinraxx.sys [2010/02/07 02:08:27 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinxbxx.sys [2010/02/07 02:08:27 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinsnxx.sys [2010/02/07 02:08:27 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinpdxx.sys [2010/02/07 02:08:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinttxx.sys [2010/02/07 02:08:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinmdxx.sys [2010/02/07 01:01:57 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\MSBuild [2010/02/07 00:24:48 | 002,959,376 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\edsom luis\Meus documentos\dotnetfx35setup.exe [2010/02/04 02:35:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mouhid.sys [2010/02/04 02:35:44 | 000,010,368 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidusb.sys [2010/02/01 23:09:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Gabaritos [2010/02/01 23:07:42 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\Windows Live [2010/02/01 15:54:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Meus documentos\DVDVideoSoft [2010/02/01 15:53:55 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\DVDVideoSoft [2010/02/01 15:33:14 | 000,719,872 | ---- | C] (Abysmal Software) -- D:\WINDOWS\System32\devil.dll [2010/02/01 15:33:14 | 000,369,152 | ---- | C] (The Public) -- D:\WINDOWS\System32\avisynth.dll [2010/02/01 15:33:07 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- D:\WINDOWS\System32\yv12vfw.dll [2010/02/01 15:33:07 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- D:\WINDOWS\System32\i420vfw.dll [2010/02/01 15:20:49 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Witcobber [2010/02/01 01:46:44 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Yahoo! [2010/01/31 17:04:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Uniblue [2010/01/29 17:18:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\Backup [2010/01/26 23:14:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GlarySoft [2009/11/20 19:01:18 | 000,832,296 | ---- | C] (Opera Software) -- D:\Arquivos de programas\Arquivos comuns\opera.exe [2009/11/20 19:01:16 | 004,450,088 | ---- | C] (Opera Software) -- D:\Arquivos de programas\Arquivos comuns\opera.dll [2008/12/04 22:08:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET [2007/09/19 10:52:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft [2007/09/19 10:52:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft [2007/09/19 10:33:32 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft [2007/09/19 10:33:32 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft [2002/03/11 06:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- D:\Arquivos de programas\instmsiw.exe [2002/03/11 05:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- D:\Arquivos de programas\instmsia.exe ========== Files - Modified Within 30 Days ========== [2010/02/25 17:38:24 | 000,000,464 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job [2010/02/25 16:02:22 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2010/02/25 16:01:18 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2010/02/25 15:33:06 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010/02/25 15:33:02 | 000,002,262 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010/02/25 15:32:58 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010/02/25 15:32:46 | 000,000,012 | ---- | M] () -- D:\WINDOWS\System32\drivers\IncompleteBoot.cnt [2010/02/25 15:21:32 | 005,353,396 | -H-- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\IconCache.db [2010/02/25 13:32:56 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\CADASTRO CEI INSS GERAL LEGAL PGFN.doc [2010/02/25 13:32:48 | 000,011,264 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\PIS IMPORTANTE PARA RECOLHIMENTO.doc [2010/02/24 23:37:26 | 000,013,312 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\DIRPF 2011.doc [2010/02/24 00:01:08 | 012,505,088 | ---- | M] () -- D:\Documents and Settings\edsom luis\ntuser.dat [2010/02/23 23:32:10 | 000,000,210 | -HS- | M] () -- D:\Documents and Settings\edsom luis\ntuser.ini [2010/02/22 15:52:06 | 000,017,408 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\DIRPF 2010 1 ANO R CH ESP.doc [2010/02/22 09:54:00 | 002,721,794 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\ReceitanetJava2010.02_setup_win32.exe [2010/02/22 09:52:34 | 000,000,129 | ---- | M] () -- D:\WINDOWS\REC-NET.INI [2010/02/22 09:51:58 | 001,719,314 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Receitanet2010_02.EXE [2010/02/22 00:58:00 | 003,868,001 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\ComboFix.exe [2010/02/21 10:10:22 | 000,001,277 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\osk.lnk [2010/02/21 10:08:20 | 000,284,520 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2010/02/20 14:44:30 | 000,072,176 | ---- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [2010/02/19 17:54:38 | 000,002,970 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT [2010/02/19 11:44:44 | 000,000,170 | ---- | M] () -- D:\WINDOWS\spywarebegone-fullversion-installed.html [2010/02/18 20:10:18 | 000,000,003 | ---- | M] () -- D:\WINDOWS\rrxx.dll [2010/02/18 20:00:10 | 000,000,736 | ---- | M] () -- D:\WINDOWS\win.ini [2010/02/18 20:00:10 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini [2010/02/17 01:06:58 | 000,126,976 | ---- | M] () -- D:\WINDOWS\MSKeyStoreJNI.dll [2010/02/12 16:52:40 | 000,000,008 | RHS- | M] () -- D:\Documents and Settings\edsom luis\ntuser.pol [2010/02/11 21:33:30 | 000,008,018 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\34.pdf [2010/02/08 17:15:44 | 000,039,856 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Configuration.mc [2010/02/08 08:23:12 | 000,007,725 | ---- | M] () -- D:\WINDOWS\System32\tcpip.reg [2010/02/07 00:24:50 | 002,959,376 | ---- | M] (Microsoft Corporation) -- D:\Documents and Settings\edsom luis\Meus documentos\dotnetfx35setup.exe [2010/02/06 19:14:36 | 001,026,982 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI [2010/02/06 19:14:36 | 000,471,828 | ---- | M] () -- D:\WINDOWS\System32\perfh016.dat [2010/02/06 19:14:36 | 000,435,836 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2010/02/06 19:14:36 | 000,080,630 | ---- | M] () -- D:\WINDOWS\System32\perfc016.dat [2010/02/06 19:14:36 | 000,068,628 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2010/02/05 17:30:32 | 000,001,486 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\AlienGUIse.lnk [2010/02/05 17:29:42 | 000,000,064 | ---- | M] () -- D:\WINDOWS\wb.ini [2010/02/04 23:57:04 | 000,000,499 | ---- | M] () -- D:\WINDOWS\System32\Atalho para pxkbf.sys.vir.lnk [2010/02/02 11:37:52 | 000,000,008 | ---- | M] () -- D:\WINDOWS\System32\IncompleteBoot.cnt.vir [2010/02/02 09:27:42 | 000,003,132 | ---- | M] () -- D:\WINDOWS\System32\Service_GoogleDesktopManager-060409-093314.reg.dat [2010/02/02 09:27:42 | 000,002,404 | ---- | M] () -- D:\WINDOWS\System32\Service_pxkbf.reg.dat [2010/02/02 09:27:42 | 000,002,380 | ---- | M] () -- D:\WINDOWS\System32\Service_CMC AntiRootkit Service.reg.dat [2010/02/02 09:27:42 | 000,002,012 | ---- | M] () -- D:\WINDOWS\System32\Service_KProcWatch.reg.dat [2010/02/02 09:27:42 | 000,001,400 | ---- | M] () -- D:\WINDOWS\System32\Legacy_CMC_ANTIROOTKIT_SERVICE.reg.dat [2010/02/02 09:27:42 | 000,001,358 | ---- | M] () -- D:\WINDOWS\System32\Legacy_KPROCWATCH.reg.dat [2010/02/02 09:27:42 | 000,001,030 | ---- | M] () -- D:\WINDOWS\System32\Legacy_GOOGLEDESKTOPMANAGER-060409-093314.reg.dat [2010/02/01 20:31:26 | 000,004,484 | ---- | M] () -- D:\WINDOWS\System32\drivers\cpuidlep.sys [2010/02/01 01:46:44 | 000,001,524 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\CCleaner.lnk [2010/01/31 20:36:04 | 000,000,003 | ---- | M] () -- D:\WINDOWS\System32\rrxx.dll.vir [2010/01/31 17:59:24 | 000,050,688 | ---- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/28 09:05:08 | 000,069,632 | ---- | M] () -- D:\WINDOWS\System32\MSJCE.dll [2010/01/26 20:01:04 | 000,002,317 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2010/02/25 16:01:16 | 000,001,374 | ---- | C] () -- D:\WINDOWS\imsins.BAK [2010/02/24 00:01:06 | 012,505,088 | ---- | C] () -- D:\Documents and Settings\edsom luis\ntuser.dat [2010/02/23 23:50:34 | 000,000,097 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\DATA.TAG [2010/02/23 23:50:33 | 000,296,674 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\_inst32i.ex_ [2010/02/23 23:50:33 | 000,067,913 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\setup.ins [2010/02/23 23:50:33 | 000,013,911 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\data1.hdr [2010/02/23 23:50:33 | 000,011,294 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\_user1.hdr [2010/02/23 23:50:33 | 000,009,233 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\_sys1.hdr [2010/02/23 23:50:33 | 000,000,137 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\setup.lid [2010/02/23 23:50:32 | 001,684,079 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\data1.cab [2010/02/23 23:50:32 | 001,425,520 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\_sys1.cab [2010/02/23 23:50:32 | 000,023,541 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\lang.dat [2010/02/23 23:50:32 | 000,008,100 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\_user1.cab [2010/02/23 23:50:32 | 000,000,450 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\os.dat [2010/02/23 23:50:26 | 000,000,867 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\layout.bin [2010/02/23 23:50:25 | 000,000,098 | R--- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\SETUP.INI [2010/02/23 23:31:11 | 000,004,693 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Icon4.jpg [2010/02/23 23:31:11 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Icon21.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Icon31.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Icon3.jpg [2010/02/23 23:31:11 | 000,003,483 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Icon3.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,124 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Icon21.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,004,087 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Icon2.jpg [2010/02/23 23:31:10 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Icon11.jpg [2010/02/23 23:31:10 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\home.jpg [2010/02/23 23:31:09 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\home.jpg [2010/02/23 23:31:09 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\home.jpg [2010/02/23 23:31:09 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\home.jpg [2010/02/23 23:31:09 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,003,318 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Icon11.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Icon1.jpg [2010/02/23 23:31:09 | 000,003,240 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Icon1.jpg [2010/02/23 23:31:08 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\home.jpg [2010/02/23 23:31:08 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\home.jpg [2010/02/23 23:31:08 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\home.jpg [2010/02/23 23:31:08 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\home.jpg [2010/02/23 23:31:08 | 000,009,658 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\home.jpg [2010/02/23 23:31:08 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\favorite.jpg [2010/02/23 23:31:08 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\favorite.jpg [2010/02/23 23:31:08 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\favorite.jpg [2010/02/23 23:31:08 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\favorite.jpg [2010/02/23 23:31:08 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\favorite.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\forward.jpg [2010/02/23 23:31:08 | 000,004,892 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\forward.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,009,500 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\explorer.jpg [2010/02/23 23:31:07 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\eject.jpg [2010/02/23 23:31:07 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\eject.jpg [2010/02/23 23:31:07 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\eject.jpg [2010/02/23 23:31:07 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\eject.jpg [2010/02/23 23:31:07 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\eject.jpg [2010/02/23 23:31:07 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\eject.jpg [2010/02/23 23:31:07 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\favorite.jpg [2010/02/23 23:31:07 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\favorite.jpg [2010/02/23 23:31:07 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\favorite.jpg [2010/02/23 23:31:07 | 000,004,900 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\favorite.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\computer.jpg [2010/02/23 23:31:06 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\eject.jpg [2010/02/23 23:31:06 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\eject.jpg [2010/02/23 23:31:06 | 000,008,447 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\eject.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\dvp.jpg [2010/02/23 23:31:06 | 000,004,942 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\dvp.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,765 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\cal.jpg [2010/02/23 23:31:05 | 000,009,446 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\computer.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\close.jpg [2010/02/23 23:31:05 | 000,004,885 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\close.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,009,204 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Banner4.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,928 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Banner5.jpg [2010/02/23 23:31:04 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,007,747 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Banner2.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,006,081 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Banner3.jpg [2010/02/23 23:31:03 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Banner1.jpg [2010/02/23 23:31:03 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Banner.jpg [2010/02/23 23:31:02 | 000,009,619 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Banner.jpg [2010/02/23 23:31:02 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,005,832 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Banner1.jpg [2010/02/23 23:31:02 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\icon\back.jpg [2010/02/23 23:31:02 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\icon\back.jpg [2010/02/23 23:31:02 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\icon\back.jpg [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Image52.gif [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Image52.gif [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Image52.gif [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Image52.gif [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Image52.gif [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Image52.gif [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Image52.gif [2010/02/23 23:31:01 | 000,020,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Image52.gif [2010/02/23 23:31:01 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\icon\back.jpg [2010/02/23 23:31:01 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\icon\back.jpg [2010/02/23 23:31:01 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\icon\back.jpg [2010/02/23 23:31:01 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\icon\back.jpg [2010/02/23 23:31:01 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\icon\back.jpg [2010/02/23 23:31:01 | 000,004,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\icon\back.jpg [2010/02/23 23:31:01 | 000,000,896 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Instal2.gif [2010/02/23 23:31:01 | 000,000,896 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Instal1.gif [2010/02/23 23:31:01 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Image44.gif [2010/02/23 23:31:01 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Image44.gif [2010/02/23 23:31:01 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Image44.gif [2010/02/23 23:31:01 | 000,000,266 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Setting.files\image001.png [2010/02/23 23:31:00 | 000,049,578 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Setting.files\image007.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Image1.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Image1.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Image1.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Image1.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Image1.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Image1.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Image1.gif [2010/02/23 23:31:00 | 000,018,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Image1.gif [2010/02/23 23:31:00 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Image44.gif [2010/02/23 23:31:00 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Image44.gif [2010/02/23 23:31:00 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Image44.gif [2010/02/23 23:31:00 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Image44.gif [2010/02/23 23:31:00 | 000,000,891 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Image44.gif [2010/02/23 23:31:00 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\BD10265.GIF [2010/02/23 23:31:00 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\BD10265.GIF [2010/02/23 23:31:00 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\BD10265.GIF [2010/02/23 23:31:00 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\BD10265.GIF [2010/02/23 23:31:00 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\BD10265.GIF [2010/02/23 23:31:00 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\BD10265.GIF [2010/02/23 23:31:00 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\BD10265.GIF [2010/02/23 23:30:59 | 000,095,788 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Setting.files\image006.wmz [2010/02/23 23:30:59 | 000,015,585 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Magickey.reg [2010/02/23 23:30:59 | 000,015,443 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Magickey.reg [2010/02/23 23:30:59 | 000,015,366 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Magickey.reg [2010/02/23 23:30:59 | 000,015,153 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Magickey.reg [2010/02/23 23:30:59 | 000,015,120 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Magickey.reg [2010/02/23 23:30:59 | 000,014,919 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Magickey.reg [2010/02/23 23:30:59 | 000,003,036 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Default.wtg [2010/02/23 23:30:59 | 000,003,027 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Default.wtg [2010/02/23 23:30:59 | 000,003,024 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Default.wtg [2010/02/23 23:30:59 | 000,003,009 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Default.wtg [2010/02/23 23:30:59 | 000,002,992 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Default.wtg [2010/02/23 23:30:59 | 000,002,974 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Default.wtg [2010/02/23 23:30:59 | 000,002,964 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Default.wtg [2010/02/23 23:30:59 | 000,002,959 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Default.wtg [2010/02/23 23:30:59 | 000,002,927 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Default.wtg [2010/02/23 23:30:59 | 000,000,548 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Setting.files\filelist.xml [2010/02/23 23:30:59 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\BD10265.GIF [2010/02/23 23:30:59 | 000,000,308 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\BD10265.GIF [2010/02/23 23:30:59 | 000,000,097 | R--- | C] () -- D:\WINDOWS\System32\drivers\DATA.TAG [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,163,803 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Head\Listing.psd [2010/02/23 23:30:58 | 000,104,820 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Setting.files\oledata.mso [2010/02/23 23:30:58 | 000,067,913 | R--- | C] () -- D:\WINDOWS\System32\drivers\setup.ins [2010/02/23 23:30:58 | 000,014,399 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Magickey.reg [2010/02/23 23:30:58 | 000,014,295 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Magickey.reg [2010/02/23 23:30:58 | 000,013,911 | R--- | C] () -- D:\WINDOWS\System32\drivers\data1.hdr [2010/02/23 23:30:58 | 000,013,719 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Magickey.reg [2010/02/23 23:30:58 | 000,011,294 | R--- | C] () -- D:\WINDOWS\System32\drivers\_user1.hdr [2010/02/23 23:30:58 | 000,009,233 | R--- | C] () -- D:\WINDOWS\System32\drivers\_sys1.hdr [2010/02/23 23:30:58 | 000,000,137 | R--- | C] () -- D:\WINDOWS\System32\drivers\setup.lid [2010/02/23 23:30:57 | 001,684,079 | R--- | C] () -- D:\WINDOWS\System32\drivers\data1.cab [2010/02/23 23:30:57 | 000,296,674 | R--- | C] () -- D:\WINDOWS\System32\drivers\_inst32i.ex_ [2010/02/23 23:30:57 | 000,023,541 | R--- | C] () -- D:\WINDOWS\System32\drivers\lang.dat [2010/02/23 23:30:57 | 000,008,100 | R--- | C] () -- D:\WINDOWS\System32\drivers\_user1.cab [2010/02/23 23:30:57 | 000,000,450 | R--- | C] () -- D:\WINDOWS\System32\drivers\os.dat [2010/02/23 23:30:56 | 001,425,520 | R--- | C] () -- D:\WINDOWS\System32\drivers\_sys1.cab [2010/02/23 23:30:54 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\option4.bmp [2010/02/23 23:30:54 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\option4.bmp [2010/02/23 23:30:54 | 000,047,562 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Head\uptop.bmp [2010/02/23 23:30:54 | 000,045,990 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Head\uptop.bmp [2010/02/23 23:30:54 | 000,045,786 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\uptop.bmp [2010/02/23 23:30:54 | 000,045,786 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Head\uptop.bmp [2010/02/23 23:30:54 | 000,042,678 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Head\uptop.bmp [2010/02/23 23:30:54 | 000,041,958 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Head\uptop.bmp [2010/02/23 23:30:54 | 000,041,854 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\uptop.bmp [2010/02/23 23:30:54 | 000,037,854 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Head\uptop.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\UI0314-2.bmp [2010/02/23 23:30:54 | 000,001,232 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\UI0314-2.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\option4.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\option4.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\option4.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\option4.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\option4.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\option3.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\option3.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\option3.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\option3.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\option3.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\option3.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\option3.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\option2.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\option2.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\option2.bmp [2010/02/23 23:30:53 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\option2.bmp [2010/02/23 23:30:52 | 001,368,056 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\image52.bmp [2010/02/23 23:30:52 | 001,368,056 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\image52.bmp [2010/02/23 23:30:52 | 001,361,216 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\image52.bmp [2010/02/23 23:30:52 | 001,360,984 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\image52.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\option2.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\option2.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\option2.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\option1.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\option1.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\option1.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\option1.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\option1.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\option1.bmp [2010/02/23 23:30:52 | 000,671,926 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\option1.bmp [2010/02/23 23:30:51 | 001,356,440 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\image52.bmp [2010/02/23 23:30:51 | 001,356,440 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\image52.bmp [2010/02/23 23:30:51 | 001,356,440 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\image52.bmp [2010/02/23 23:30:51 | 000,000,867 | R--- | C] () -- D:\WINDOWS\System32\drivers\layout.bin [2010/02/23 23:30:51 | 000,000,758 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\image44.bmp [2010/02/23 23:30:51 | 000,000,726 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\image44.bmp [2010/02/23 23:30:51 | 000,000,694 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\image44.bmp [2010/02/23 23:30:51 | 000,000,654 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\image44.bmp [2010/02/23 23:30:51 | 000,000,654 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Head\image44.bmp [2010/02/23 23:30:51 | 000,000,614 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\image44.bmp [2010/02/23 23:30:51 | 000,000,614 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\image44.bmp [2010/02/23 23:30:51 | 000,000,614 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Head\image44.bmp [2010/02/23 23:30:50 | 000,004,544 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\System.htm.bak [2010/02/23 23:30:50 | 000,002,624 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\System.htm.bak [2010/02/23 23:30:50 | 000,002,494 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\System.htm.bak [2010/02/23 23:30:50 | 000,002,414 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\System.htm.bak [2010/02/23 23:30:50 | 000,002,390 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\System.htm.bak [2010/02/23 23:30:50 | 000,002,338 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\System.htm.bak [2010/02/23 23:30:50 | 000,002,241 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\system.htm.bak [2010/02/23 23:30:50 | 000,002,161 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\System.htm.bak [2010/02/23 23:30:50 | 000,001,939 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\System.htm.bak [2010/02/23 23:30:49 | 000,018,416 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\setting.htm [2010/02/23 23:30:49 | 000,018,268 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Setting.htm [2010/02/23 23:30:49 | 000,017,593 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Setting.htm [2010/02/23 23:30:49 | 000,017,465 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Setting.htm [2010/02/23 23:30:49 | 000,017,176 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Setting.htm [2010/02/23 23:30:49 | 000,016,852 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Setting.htm [2010/02/23 23:30:49 | 000,015,778 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Setting.htm [2010/02/23 23:30:49 | 000,015,251 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Setting.htm [2010/02/23 23:30:49 | 000,014,450 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Setting.htm [2010/02/23 23:30:49 | 000,004,556 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\System.htm [2010/02/23 23:30:49 | 000,002,636 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\System.htm [2010/02/23 23:30:49 | 000,002,506 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\System.htm [2010/02/23 23:30:49 | 000,002,426 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\System.htm [2010/02/23 23:30:49 | 000,002,402 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\System.htm [2010/02/23 23:30:49 | 000,002,350 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\System.htm [2010/02/23 23:30:49 | 000,002,265 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\system.htm [2010/02/23 23:30:49 | 000,002,173 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\System.htm [2010/02/23 23:30:49 | 000,001,952 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\System.htm [2010/02/23 23:30:49 | 000,000,098 | R--- | C] () -- D:\WINDOWS\System32\drivers\SETUP.INI [2010/02/23 23:30:48 | 000,037,285 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Interfc.htm [2010/02/23 23:30:48 | 000,036,998 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Interfc.htm [2010/02/23 23:30:48 | 000,027,414 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\interfc.htm [2010/02/23 23:30:48 | 000,027,140 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Interfc.htm [2010/02/23 23:30:48 | 000,026,594 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Interfc.htm [2010/02/23 23:30:48 | 000,026,396 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Interfc.htm [2010/02/23 23:30:48 | 000,026,379 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Interfc.htm [2010/02/23 23:30:48 | 000,025,673 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Interfc.htm [2010/02/23 23:30:48 | 000,025,106 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Interfc.htm [2010/02/23 23:30:48 | 000,010,116 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\Install.htm [2010/02/23 23:30:48 | 000,009,591 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\Install.htm [2010/02/23 23:30:48 | 000,008,755 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Install.htm [2010/02/23 23:30:48 | 000,008,525 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Install.htm [2010/02/23 23:30:48 | 000,008,513 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Install.htm [2010/02/23 23:30:48 | 000,004,321 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Gm\Help\overview.htm [2010/02/23 23:30:48 | 000,004,197 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Pt\Help\Overview.htm [2010/02/23 23:30:48 | 000,004,060 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\It\Help\Overview.htm [2010/02/23 23:30:48 | 000,003,715 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\En\Help\Overview.htm [2010/02/23 23:30:48 | 000,003,694 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Overview.htm [2010/02/23 23:30:48 | 000,003,536 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Overview.htm [2010/02/23 23:30:48 | 000,003,372 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Overview.htm [2010/02/23 23:30:48 | 000,003,259 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Sp\Help\overview.htm [2010/02/23 23:30:48 | 000,002,921 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Overview.htm [2010/02/23 23:30:47 | 000,008,406 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Jp\Help\Install.htm [2010/02/23 23:30:47 | 000,007,841 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Tc\Help\Install.htm [2010/02/23 23:30:47 | 000,007,588 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Fr\Help\Install.htm [2010/02/23 23:30:47 | 000,003,193 | R--- | C] () -- D:\WINDOWS\System32\drivers\Multi_Lang\Kr\Help\Install.htm [2010/02/22 09:53:43 | 002,721,794 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\ReceitanetJava2010.02_setup_win32.exe [2010/02/22 09:51:56 | 001,719,314 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Receitanet2010_02.EXE [2010/02/22 00:56:51 | 003,868,001 | ---- | C] () -- D:\Documents and Settings\edsom luis\Desktop\ComboFix.exe [2010/02/19 01:13:37 | 000,261,632 | ---- | C] () -- D:\WINDOWS\PEV.exe [2010/02/19 01:13:37 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2010/02/19 01:13:37 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2010/02/19 01:13:37 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe [2010/02/19 01:13:37 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2010/02/18 20:10:16 | 000,000,003 | ---- | C] () -- D:\WINDOWS\rrxx.dll [2010/02/17 01:06:57 | 000,126,976 | ---- | C] () -- D:\WINDOWS\MSKeyStoreJNI.dll [2010/02/13 16:57:20 | 000,001,277 | ---- | C] () -- D:\Documents and Settings\edsom luis\Desktop\osk.lnk [2010/02/12 16:50:57 | 000,000,008 | RHS- | C] () -- D:\Documents and Settings\edsom luis\ntuser.pol [2010/02/11 21:33:28 | 000,008,018 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\34.pdf [2010/02/08 17:15:54 | 000,039,856 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Configuration.mc [2010/02/07 02:08:27 | 000,064,352 | ---- | C] () -- D:\WINDOWS\System32\drivers\ativmc20.cod [2010/02/06 19:21:16 | 000,000,012 | ---- | C] () -- D:\WINDOWS\System32\drivers\IncompleteBoot.cnt [2010/02/05 17:30:30 | 000,001,486 | ---- | C] () -- D:\Documents and Settings\edsom luis\Desktop\AlienGUIse.lnk [2010/02/05 17:29:40 | 000,000,064 | ---- | C] () -- D:\WINDOWS\wb.ini [2010/02/04 23:57:03 | 000,000,499 | ---- | C] () -- D:\WINDOWS\System32\Atalho para pxkbf.sys.vir.lnk [2010/02/02 09:30:44 | 000,000,008 | ---- | C] () -- D:\WINDOWS\System32\IncompleteBoot.cnt.vir [2010/02/02 09:27:40 | 000,003,132 | ---- | C] () -- D:\WINDOWS\System32\Service_GoogleDesktopManager-060409-093314.reg.dat [2010/02/02 09:27:40 | 000,002,404 | ---- | C] () -- D:\WINDOWS\System32\Service_pxkbf.reg.dat [2010/02/02 09:27:40 | 000,002,380 | ---- | C] () -- D:\WINDOWS\System32\Service_CMC AntiRootkit Service.reg.dat [2010/02/02 09:27:40 | 000,002,012 | ---- | C] () -- D:\WINDOWS\System32\Service_KProcWatch.reg.dat [2010/02/02 09:27:40 | 000,001,400 | ---- | C] () -- D:\WINDOWS\System32\Legacy_CMC_ANTIROOTKIT_SERVICE.reg.dat [2010/02/02 09:27:40 | 000,001,358 | ---- | C] () -- D:\WINDOWS\System32\Legacy_KPROCWATCH.reg.dat [2010/02/02 09:27:40 | 000,001,030 | ---- | C] () -- D:\WINDOWS\System32\Legacy_GOOGLEDESKTOPMANAGER-060409-093314.reg.dat [2010/02/01 20:31:25 | 000,004,484 | ---- | C] () -- D:\WINDOWS\System32\drivers\cpuidlep.sys [2010/02/01 15:33:07 | 000,027,648 | ---- | C] () -- D:\WINDOWS\System32\AVSredirect.dll.vir.vir [2010/01/31 20:36:02 | 000,000,003 | ---- | C] () -- D:\WINDOWS\System32\rrxx.dll.vir [2010/01/16 16:21:19 | 000,000,003 | ---- | C] () -- D:\WINDOWS\rrxx.dll.vir [2010/01/02 14:15:14 | 000,000,051 | ---- | C] () -- D:\WINDOWS\wininit.ini [2009/12/01 15:16:18 | 000,621,546 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir [2009/12/01 15:16:18 | 000,038,338 | ---- | C] () -- D:\Arquivos de programas\Uninst.isu [2009/12/01 15:16:18 | 000,003,219 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\Acihelp.cnt.vir [2009/11/21 09:56:57 | 000,000,180 | ---- | C] () -- D:\WINDOWS\System32\BsMain.ini [2009/11/20 19:11:28 | 000,015,828 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\license.rtf [2009/11/20 19:00:42 | 000,020,480 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\OUniAnsi.dll [2009/11/20 19:00:24 | 000,653,419 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\encoding.bin [2009/11/13 18:19:33 | 000,000,218 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\operaprefs_default.ini [2009/09/17 17:42:12 | 000,001,181 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\ShLog.txt [2009/09/10 15:31:20 | 000,000,506 | ---- | C] () -- D:\WINDOWS\ATICIM.INI [2009/08/26 13:15:46 | 000,011,233 | ---- | C] () -- D:\WINDOWS\System32\fm20enu.dll.zip [2009/08/20 12:06:06 | 126,704,693 | ---- | C] () -- D:\Arquivos de programas\brofficeorg1.cab [2009/08/20 12:04:26 | 009,812,992 | ---- | C] () -- D:\Arquivos de programas\brofficeorg31.msi [2009/08/19 05:39:36 | 000,000,330 | ---- | C] () -- D:\Arquivos de programas\setup.ini [2009/08/14 22:00:32 | 000,000,046 | ---- | C] () -- D:\WINDOWS\Rav.ini [2009/06/17 14:41:58 | 000,003,870 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\lngcode.txt.vir [2009/06/08 19:29:10 | 000,000,036 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\housecall.guid.cache [2009/04/30 11:50:11 | 000,000,041 | ---- | C] () -- D:\WINDOWS\Filzip.ini [2009/04/24 20:16:40 | 000,162,304 | ---- | C] () -- D:\WINDOWS\System32\ztvunrar36.dll [2009/04/24 20:16:40 | 000,077,312 | ---- | C] () -- D:\WINDOWS\System32\ztvunace26.dll [2009/03/27 20:27:53 | 000,002,320 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\operadef6.ini [2009/03/23 22:25:02 | 000,000,129 | ---- | C] () -- D:\WINDOWS\REC-NET.INI [2009/03/16 14:08:40 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\Hlsoft32.dll [2009/03/16 14:08:38 | 000,076,800 | ---- | C] () -- D:\WINDOWS\System32\Hl_enc32.dll [2009/03/16 14:08:37 | 000,031,744 | ---- | C] () -- D:\WINDOWS\System32\Hl_med32.dll [2009/03/16 14:08:35 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\RaisVal.dll [2009/03/16 14:08:34 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\PKWIN32.DLL [2009/03/16 14:08:33 | 000,020,480 | ---- | C] () -- D:\WINDOWS\System32\selar32.dll [2009/02/19 13:29:33 | 000,000,002 | ---- | C] () -- D:\WINDOWS\scanreg.ini [2009/02/18 14:43:08 | 000,111,960 | ---- | C] () -- D:\WINDOWS\System32\INetHTTPFilter.dll [2008/11/17 16:19:54 | 000,000,041 | ---- | C] () -- D:\WINDOWS\crw.ini [2008/10/08 20:54:04 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\MSJCE.dll [2008/09/29 19:22:26 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI [2008/06/27 22:44:10 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\base64.dll [2008/06/27 22:43:47 | 000,132,096 | ---- | C] () -- D:\WINDOWS\System32\Zipdll.dll [2008/06/27 22:43:47 | 000,117,760 | ---- | C] () -- D:\WINDOWS\System32\Unzdll.dll [2008/06/20 21:53:34 | 000,000,025 | ---- | C] () -- D:\WINDOWS\recibo.ini [2008/06/20 21:42:32 | 000,005,361 | ---- | C] () -- D:\WINDOWS\DesinstWRecnet.ini [2008/06/09 10:17:20 | 000,000,301 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\c3nform.vxml.vir [2008/04/03 15:37:06 | 000,027,136 | ---- | C] () -- D:\WINDOWS\System32\WiseDLL.dll [2008/03/26 10:04:42 | 000,002,821 | ---- | C] () -- D:\WINDOWS\TVP3XDrv.ini [2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- D:\WINDOWS\bdoscandellang.ini [2007/09/19 11:23:08 | 000,010,512 | ---- | C] () -- D:\WINDOWS\hpdj3500.ini [2007/09/19 11:08:04 | 000,050,688 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/09/19 11:06:07 | 000,000,421 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2007/03/23 02:00:14 | 000,030,032 | ---- | C] () -- D:\WINDOWS\System32\drivers\XPVCOM.sys [2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\vuins32.dll [2004/03/07 20:16:06 | 000,040,448 | ---- | C] () -- D:\WINDOWS\System32\regobj.dll [2004/02/26 13:35:04 | 000,007,904 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\html40_entities.dtd [2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll [1996/04/03 16:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2008/12/08 20:26:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Newsoft [2009/01/09 11:24:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Playrix Entertainment [2009/02/26 19:04:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\MicroWorld [2009/11/19 02:31:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Iomatic [2010/01/03 04:34:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\PrevxCSI [2010/01/05 19:29:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\VOWSoft [2010/01/29 17:18:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Backup [2009/12/24 17:24:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic [2009/12/24 16:39:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic Anti-Virus PLUS [2009/11/18 03:34:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\TEMP [2010/02/19 12:16:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software [2010/02/19 23:53:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\DriverCure [2010/02/21 12:42:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\FileCure [2008/10/09 14:22:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Opera [2009/01/08 18:52:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\PlayFirst [2009/09/22 17:51:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\BrOffice.org [2009/11/25 10:38:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\QuickScan [2009/12/05 18:14:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\K-Meleon [2009/12/12 20:34:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GetRightToGo [2010/01/04 21:26:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\IObit [2010/01/26 23:14:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GlarySoft [2010/01/31 17:04:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Uniblue [2010/02/12 18:25:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DeviceDoctorSoftware [2010/02/16 19:20:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Easeware [2010/02/19 23:53:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DriverCure [2010/02/25 17:38:24 | 000,000,464 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job [2010/02/25 15:31:08 | 000,032,616 | ---- | M] () -- D:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Obrigado e abraços Compartilhar este post Link para o post Compartilhar em outros sites
Matias Rezende 50 Denunciar post Postado Março 2, 2010 Outro analista/moderador pode assumir o caso? Carlos Eduardo Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Março 2, 2010 Boa tarde Analistas Conforme resposta neste tópico do jgarcia infra; gostaria de saber ,qual o motivo da pergunta sobre o console de recuperação do windows ( a instalação do mesmo no ato de rodar o combofix); possibilidade de ser a causa do problema ; até mesmo a solução ? Segue: Postou 04 fevereiro 2010 - 20:11 Opa EDSSX, Quando da primeira execução do Combofix você instalou o CONSOLE DE RECUPERAÇÃO DO WINDOWS? José Carlos Moura Garcia Junior. Moderador - Segurança & Malwares - Imasters Assistente - Remoção de Malwares - Linha Defensiva Resolvi também rodar o MBM : Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3814 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/3/2010 15:59:52 mbam-log-2010-03-02 (15-59-52).txt Tipo de Verificação: Completa (D:\|) Objetos verificados: 160146 Tempo decorrido: 30 minute(s), 48 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 1 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP8\A0000502.DLL (Trojan.Agent) -> Quarantined and deleted successfully. Este log supra é equiparado aos logs infra do MBM em meu post do dia 06/02/2010 10:55 ; editado pelo jgarcia . Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3669 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/02/2010 20:20:33 mbam-log-2010-02-04 (20-20-33).txt Tipo de Verificação: Completa (C:\|D:\|) Objetos verificados: 230048 Tempo decorrido: 56 minute(s), 14 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 6 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP4\A0000399.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP14\A0001165.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP14\A0001174.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\ComboFix\pv.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\ComboFix\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\ComboFix\PV.cfxxe (Adware.Swizzor) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3669 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/02/2010 23:59:21 mbam-log-2010-02-04 (23-59-21).txt Tipo de Verificação: Completa (D:\|) Objetos verificados: 152119 Tempo decorrido: 26 minute(s), 0 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 5 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP21\A0002471.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EEF64C4D-500C-4C7F-9CA6-B6525621900A}\RP21\A0002480.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\32788R22FWJFW\pv.com (Adware.Swizzor) -> Quarantined and deleted successfully. D:\32788R22FWJFW\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. D:\32788R22FWJFW\PV.cfxxe (Adware.Swizzor) -> Quarantined and deleted successfully. Abraços e obrigado Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 2, 2010 Desculpe pela demora, vamos continuar o seu caso. Acesse este site: http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261360413531 Clique em Siga as instruções de configuração do verificador conforme imagem abaixo. poste o log do scan aqui mesmo no tópico Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Março 3, 2010 Boa noite PedroN Esquenta não . Segue: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, March 2, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, March 02, 2010 20:07:04 Records in database: 3445144 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 97147 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:17:11 No final da tarde, logo após o meu post acima; resolvi rodar o combofix no modo seguro ;pois no normal o os requisitava despejo de memória fisica e desligava o pc antes mesmo de despejar ( um código de erro da tela parada/BAD POOL HEADER (tela azul) ) , se ajudar: ComboFix 10-03-02.02 - edsom luis 02/03/2010 17:46:43.2.1 - FAT32x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.370 [GMT -3:00] Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . . (((((((((((((((( Arquivos/Ficheiros criados de 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))) . 2010-03-02 20:03 . 2010-03-02 20:03 -------- d-----w- D:\FOUND.001 2010-03-01 15:49 . 2010-03-01 15:49 -------- d-----w- d:\documents and settings\edsom luis\.receitanet 2010-02-28 21:44 . 2010-01-07 19:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-02-28 21:44 . 2010-01-07 19:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-02-28 21:31 . 2010-02-28 21:33 147997 ----a-w- D:\BdUninstallTool2010.02.28-06.31.50.reg 2010-02-28 19:23 . 2010-02-28 19:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\thecleaner 2010-02-28 14:38 . 2010-02-28 14:38 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\ESET 2010-02-25 18:31 . 2010-02-25 18:31 -------- d-----w- d:\windows\system32\wbem\Repository 2010-02-24 02:54 . 1998-11-13 16:19 308224 ----a-w- d:\windows\IsUn0816.exe 2010-02-24 02:30 . 1999-01-12 14:34 23541 ------r- d:\windows\system32\drivers\lang.dat 2010-02-24 02:30 . 1998-07-27 20:41 450 ------r- d:\windows\system32\drivers\os.dat 2010-02-24 02:30 . 2004-01-06 19:52 867 ------r- d:\windows\system32\drivers\layout.bin 2010-02-24 02:30 . 2010-02-24 02:30 -------- d-----r- d:\windows\system32\drivers\setupdir 2010-02-24 02:30 . 1999-01-12 15:42 73728 ------r- d:\windows\system32\drivers\Setup.exe 2010-02-24 02:30 . 2010-02-24 02:30 -------- d-----r- d:\windows\system32\drivers\Multi_Lang 2010-02-23 16:47 . 2005-12-12 20:27 19072 ----a-w- d:\windows\system32\drivers\PS2.sys 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- d:\arquivos de programas\CursorXP 2010-02-21 15:42 . 2010-02-21 15:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\FileCure 2010-02-20 18:04 . 2010-02-20 18:04 -------- d-----w- D:\FOUND.000 2010-02-20 02:53 . 2010-02-20 02:53 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\DriverCure 2010-02-20 02:53 . 2010-02-20 02:53 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\DriverCure 2010-02-19 15:16 . 2010-02-19 15:16 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Alwil Software 2010-02-17 04:06 . 2010-02-17 04:06 126976 ----a-w- d:\windows\MSKeyStoreJNI.dll 2010-02-17 04:06 . 2010-02-17 04:06 -------- d-----w- d:\documents and settings\edsom luis\.assinador 2010-02-17 02:38 . 2010-02-17 02:38 -------- d-----w- D:\WORT 2010-02-16 22:39 . 2010-02-16 22:39 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Logishrd 2010-02-16 22:39 . 2010-02-16 22:39 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\LogiShrd 2010-02-16 22:20 . 2010-02-16 22:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Easeware 2010-02-14 20:16 . 2010-02-14 20:16 -------- d-----w- D:\Drivers Backup 2010-02-12 21:25 . 2010-02-12 21:25 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\DeviceDoctorSoftware 2010-02-09 19:33 . 2010-02-09 19:33 -------- d-----w- d:\arquivos de programas\InCode Solutions 2010-02-07 17:44 . 2010-02-07 17:44 -------- d-----w- d:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2010-02-04 05:35 . 2001-09-06 02:20 12288 ----a-w- d:\windows\system32\drivers\mouhid.sys 2010-02-04 05:35 . 2001-09-06 02:20 12288 ----a-w- d:\windows\system32\dllcache\mouhid.sys 2010-02-04 05:35 . 2008-04-13 14:45 10368 ----a-w- d:\windows\system32\drivers\hidusb.sys 2010-02-04 05:35 . 2008-04-13 14:45 10368 ----a-w- d:\windows\system32\dllcache\hidusb.sys 2010-02-02 12:30 . 2010-02-02 14:37 8 ----a-w- d:\windows\system32\IncompleteBoot.cnt.vir 2010-02-02 12:27 . 2010-02-02 12:27 3132 ----a-w- d:\windows\system32\Service_GoogleDesktopManager-060409-093314.reg.dat 2010-02-02 12:27 . 2010-02-02 12:27 2404 ----a-w- d:\windows\system32\Service_pxkbf.reg.dat 2010-02-02 12:27 . 2010-02-02 12:27 2380 ----a-w- d:\windows\system32\Service_CMC AntiRootkit Service.reg.dat 2010-02-02 12:27 . 2010-02-02 12:27 2012 ----a-w- d:\windows\system32\Service_KProcWatch.reg.dat 2010-02-02 12:27 . 2010-02-02 12:27 1400 ----a-w- d:\windows\system32\Legacy_CMC_ANTIROOTKIT_SERVICE.reg.dat 2010-02-02 12:27 . 2010-02-02 12:27 1358 ----a-w- d:\windows\system32\Legacy_KPROCWATCH.reg.dat 2010-02-02 12:27 . 2010-02-02 12:27 1030 ----a-w- d:\windows\system32\Legacy_GOOGLEDESKTOPMANAGER-060409-093314.reg.dat 2010-02-02 02:09 . 2010-02-02 02:09 -------- d-----w- d:\documents and settings\All Users\Gabaritos 2010-02-01 23:31 . 2010-02-01 23:31 4484 ----a-w- d:\windows\system32\drivers\cpuidlep.sys 2010-02-01 18:33 . 2009-09-27 12:39 369152 ----a-w- d:\windows\system32\avisynth.dll 2010-02-01 18:33 . 2004-02-22 13:11 719872 ----a-w- d:\windows\system32\devil.dll 2010-02-01 18:33 . 2005-07-14 15:31 27648 ----a-w- d:\windows\system32\AVSredirect.dll.vir.vir 2010-02-01 18:33 . 2004-01-25 03:00 70656 ----a-w- d:\windows\system32\yv12vfw.dll 2010-02-01 18:33 . 2004-01-25 03:00 70656 ----a-w- d:\windows\system32\i420vfw.dll 2010-02-01 18:20 . 2010-02-01 18:20 -------- d-----w- d:\arquivos de programas\Witcobber 2010-02-01 04:46 . 2010-02-01 04:46 -------- d-----w- d:\arquivos de programas\Yahoo! 2010-01-31 23:36 . 2010-01-31 23:36 3 ----a-w- d:\windows\system32\rrxx.dll.vir . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-02 20:44 . 2010-02-06 22:21 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-03-02 05:16 . 2009-09-22 20:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-02 04:02 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat 2010-02-08 11:23 . 2010-01-16 19:07 7725 ----a-w- d:\windows\system32\tcpip.reg 2010-02-06 22:14 . 2001-10-28 21:07 80630 ----a-w- d:\windows\system32\perfc016.dat 2010-02-06 22:14 . 2001-10-28 21:07 471828 ----a-w- d:\windows\system32\perfh016.dat 2010-01-31 20:04 . 2010-01-31 20:04 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Uniblue 2010-01-29 20:18 . 2010-01-29 20:18 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Backup 2010-01-28 12:05 . 2008-10-08 23:54 69632 ----a-w- d:\windows\system32\MSJCE.dll 2010-01-27 02:14 . 2010-01-27 02:14 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\GlarySoft 2010-01-23 02:15 . 2010-01-23 02:15 503808 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\msvcp71.dll 2010-01-23 02:15 . 2010-01-23 02:15 499712 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\jmc.dll 2010-01-23 02:15 . 2010-01-23 02:15 348160 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2138ad2b-n\msvcr71.dll 2010-01-23 02:15 . 2010-01-23 02:15 61440 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46b823b7-n\decora-sse.dll 2010-01-23 02:15 . 2010-01-23 02:15 12800 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46b823b7-n\decora-d3d.dll 2010-01-23 02:15 . 2008-12-04 13:33 411368 ----a-w- d:\windows\system32\deploytk.dll 2010-01-19 12:16 . 2010-01-26 00:59 537829 ----a-w- D:\HaxFix.exe 2010-01-16 19:21 . 2010-01-16 19:21 3 ----a-w- d:\windows\rrxx.dll.vir 2010-01-16 19:07 . 2010-01-16 19:07 798 ----a-w- d:\windows\system32\Service_ndisrd.reg.dat 2010-01-13 07:01 . 2007-09-19 14:24 327168 ----a-w- d:\windows\IsUn0416.exe 2010-01-05 22:29 . 2010-01-05 22:29 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\VOWSoft 2010-01-05 01:40 . 2010-01-02 17:15 53136 ----a-w- d:\windows\system32\PxSecure.dll 2010-01-05 01:40 . 2010-01-02 17:15 47408 ----a-w- d:\windows\system32\drivers\PXRTS.SYS 2010-01-05 01:40 . 2010-01-02 17:15 30280 ----a-w- d:\windows\system32\drivers\PXSCAN.SYS 2010-01-05 01:40 . 2010-01-02 17:15 24496 ----a-w- d:\windows\system32\pxkbf.sys.vir 2010-01-05 01:26 . 2010-01-05 01:26 -------- d-----w- d:\arquivos de programas\trend micro 2010-01-05 00:26 . 2010-01-05 00:26 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\IObit 2010-01-03 07:34 . 2010-01-03 07:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\PrevxCSI 2009-12-31 17:50 . 2004-08-04 09:14 353792 ----a-w- d:\windows\system32\drivers\srv.sys 2009-12-28 04:13 . 2009-12-28 04:13 6656 ----a-w- d:\documents and settings\edsom luis\md5file.exe 2009-12-28 04:13 . 2009-12-28 04:13 51200 ----a-w- d:\documents and settings\edsom luis\dumphive.exe 2009-12-28 04:13 . 2009-12-28 04:13 49152 ----a-w- d:\documents and settings\edsom luis\vfind.exe 2009-12-28 04:13 . 2009-12-28 04:13 40960 ----a-w- d:\documents and settings\edsom luis\swsc.exe 2009-12-28 04:13 . 2009-12-28 04:13 38400 ----a-w- d:\documents and settings\edsom luis\moveex.exe 2009-12-28 04:13 . 2009-12-28 04:13 156160 ----a-w- d:\documents and settings\edsom luis\swreg.exe 2009-12-28 04:13 . 2009-12-28 04:13 146944 ----a-w- d:\documents and settings\edsom luis\catchme.exe 2009-12-21 20:08 . 2004-08-04 10:45 916480 ------w- d:\windows\system32\wininet.dll 2009-12-14 08:35 . 2007-09-19 13:55 249856 ------w- d:\windows\Setup1.exe 2009-12-14 08:35 . 2007-09-19 13:55 73216 ----a-w- d:\windows\ST6UNST.EXE 2009-12-14 08:09 . 2004-08-04 10:45 33280 ----a-w- d:\windows\system32\csrsrv.dll 2009-12-09 11:09 . 2004-08-04 10:40 2193408 ------w- d:\windows\system32\ntoskrnl.exe 2009-12-09 11:09 . 2004-08-04 03:40 2070272 ------w- d:\windows\system32\ntkrnlpa.exe 2009-12-08 03:21 . 2009-03-19 00:30 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-12-04 19:22 . 2004-08-04 09:15 455424 ----a-w- d:\windows\system32\drivers\mrxsmb.sys 2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir 2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir 2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ------w- d:\arquivos de programas\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ------w- d:\arquivos de programas\instmsia.exe 2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-03-08 17:09 . 2008-04-14 03:21 638816 --sha-w- d:\windows\ServicePackFiles\i386\iexplore.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRealMode"= 0 (0x0) "HonorAutoRunSetting"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoUpdateCheck"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 02:34 24576 ----a-w- d:\arquivos de programas\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=d:\windows\system32\wbsys.dll [HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk] [HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk] backup=d:\windows\pss\setup_9.0.0.722_15.01.2010_15-37.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk] backup=d:\windows\pss\setup_9.0.0.722_18.02.2010_16-03.lnkStartup [HKLM\~\startupfolder\^.mjsync_pt_BR] path=\.mjsync_pt_BR backup=d:\windows\pss\.mjsync_pt_BRCommon Startup [HKLM\~\startupfolder\^catchme.exe] path=\catchme.exe backup=d:\windows\pss\catchme.exeCommon Startup [HKLM\~\startupfolder\^Desktop.rar] path=\Desktop.rar backup=d:\windows\pss\Desktop.rarCommon Startup [HKLM\~\startupfolder\^dumphive.exe] path=\dumphive.exe backup=d:\windows\pss\dumphive.exeCommon Startup [HKLM\~\startupfolder\^Favoritos.rar] path=\Favoritos.rar [HKLM\~\startupfolder\^haxoth2.txt] path=\haxoth2.txt [HKLM\~\startupfolder\^md5file.exe] path=\md5file.exe backup=d:\windows\pss\md5file.exeCommon Startup [HKLM\~\startupfolder\^moveex.exe] path=\moveex.exe backup=d:\windows\pss\moveex.exeCommon Startup [HKLM\~\startupfolder\^NTUSER.DAT] path=\ntuser.dat backup=d:\windows\pss\ntuser.datCommon Startup [HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt] path=\NTUSER.DAT.bak_jv16pt backup=d:\windows\pss\NTUSER.DAT.bak_jv16ptCommon Startup [HKLM\~\startupfolder\^ntuser.dat.LOG] path=\ntuser.dat.LOG backup=d:\windows\pss\ntuser.dat.LOGCommon Startup [HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG] path=\NTUSER.DAT.tmp.LOG backup=d:\windows\pss\NTUSER.DAT.tmp.LOGCommon Startup [HKLM\~\startupfolder\^ntuser.ini] path=\ntuser.ini backup=d:\windows\pss\ntuser.iniCommon Startup [HKLM\~\startupfolder\^ntuser.pol] path=\ntuser.pol backup=d:\windows\pss\ntuser.polCommon Startup [HKLM\~\startupfolder\^PrivacIE.rar] path=\PrivacIE.rar backup=d:\windows\pss\PrivacIE.rarCommon Startup [HKLM\~\startupfolder\^process.exe] path=\process.exe [HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar] path=\rebuilt.Menu Iniciar.rar backup=d:\windows\pss\rebuilt.Menu Iniciar.rarCommon Startup [HKLM\~\startupfolder\^rebuilt.UserData.rar] path=\rebuilt.UserData.rar backup=d:\windows\pss\rebuilt.UserData.rarCommon Startup [HKLM\~\startupfolder\^run2.hax] path=\run2.hax backup=d:\windows\pss\run2.haxCommon Startup [HKLM\~\startupfolder\^swreg.exe] path=\swreg.exe backup=d:\windows\pss\swreg.exeCommon Startup [HKLM\~\startupfolder\^swsc.exe] path=\swsc.exe backup=d:\windows\pss\swsc.exeCommon Startup [HKLM\~\startupfolder\^tool_en.log] path=\tool_en.log [HKLM\~\startupfolder\^UserData.rar] path=\UserData.rar backup=d:\windows\pss\UserData.rarCommon Startup [HKLM\~\startupfolder\^vfind.exe] path=\vfind.exe backup=d:\windows\pss\vfind.exeCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 18:57 948672 ----a-r- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 04:57 35760 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 15:08 209153 ------w- d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 03:20 15360 ------w- d:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] 2005-01-19 19:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2008-11-04 04:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-01-26 22:50 135664 ----a-w- d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 18:21 246504 ------w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GoogleDesktopManager-060409-093314"=3 (0x3) "ZeppelinService"=2 (0x2) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"= "d:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"= "d:\\Arquivos de programas\\Opera\\opera.exe"= R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [11/9/2009 17:13 64160] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/4/2009 21:46 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 115856] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41424] S2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/11/2009 19:34 108289] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [17/9/2009 17:43 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/4/2009 19:51 30136] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 91856] S3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [9/9/2009 20:15 100368] S4 ZeppelinService;plasservice; [x] . Conteúdo da pasta 'Tarefas Agendadas' 2010-03-02 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job - d:\windows\system32\msfeedssync.exe [2007-08-13 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.msn.com mWindow Title = IE: E&xportar para o Microsoft Excel FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br ---- FIREFOX POLICIES ---- d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . . ------- Associação de arquivos/ficheiros ------- . inifile=Notepad.exe "%1" . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-nwiz - nwiz.exe MSConfigStartUp-egui - d:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-02 17:51 Windows 5.1.2600 Service Pack 3 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\.Default\Software\Stardock\WindowBlinds] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList] @DACL=(02 0000) "PackageName"="Dashboard.msi" [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList] @DACL=(02 0000) "PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi" "LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(304) d:\arquivos de programas\AlienGUIse\fastload.dll . Tempo para conclusão: 2010-03-02 17:53:27 ComboFix-quarantined-files.txt 2010-03-02 20:53 Pré-execução: 20 pasta(s) 41.591.177.216 bytes disponíveis Pós execução: 24 pasta(s) 41.576.824.832 bytes disponíveis - - End Of File - - C9AE22E345C8B13CA70022842744D1ED Obrigado e abraços Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 3, 2010 EDSSX como mostra no scan, o seu está limpo. • Abra o OTL.exe --> Clique em -> Aguarde. • Na solicitação, clique OK --> Reinicie o computador! Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Março 7, 2010 Ok então, caso esclareçido , pode encerrar o tópico . Abraços EDSSX como mostra no scan, o seu está limpo. • Abra o OTL.exe --> Clique em -> Aguarde. • Na solicitação, clique OK --> Reinicie o computador! Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 8, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
