Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

EDSSX

[Resolvido!] Firewall do windows XP PRO SP 3

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

EDSSX    0

EDSSX
Postado

Boa noite

 

 

Toda vez que desligo/reinicio o os ; desativa o firewall do windows .

Aqui constou um winsys.exe; primeiro em D/arquivos de programas e depois em D:\WINDOWS\system32\winsys.exe .

 

Virus ?

 

 

 

Grato e abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

Laurentino Mello    1

Laurentino Mello
Postado

Estou movendo seu tópico para área de Segurança & Malwares, eles analisarão seu logfile e lhe orientarão da maneira correta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Segue hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:48:51, on 20/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\osk.exe

D:\WINDOWS\system32\MSSWCHX.EXE

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PEVSystemStart - Unknown owner - D:\ComboFix\PEV.cfxxe

 

--

End of file - 2725 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! EDSSX

 

<@> Baixe: < marcinsig.gif >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Boa noite DigRam

 

 

 

Malwarebytes,já tinha em meu pc ; apenas atualizei .

 

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3772

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

21/2/2010 23:22:46

mbam-log-2010-02-21 (23-22-46).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 247311

Tempo decorrido: 40 minute(s), 8 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:30:09, on 21/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\System32\alg.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\WINDOWS\system32\osk.exe

D:\WINDOWS\system32\MSSWCHX.EXE

D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

D:\Arquivos de programas\Spyware Doctor\pctsTray.exe

D:\Arquivos de programas\Spyware Doctor\pctsGui.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

D:\WINDOWS\system32\msfeedssync.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSTray] "D:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PEVSystemStart - Unknown owner - D:\ComboFix\PEV.cfxxe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 3684 bytes

 

 

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! EDSSX

 

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Bom dia DigRam

Não abriu o Extra.txt .

 

Segue o log do OTL :

 

OTL logfile created on: 22/2/2010 00:47:55 - Run 9

OTL by OldTimer - Version 3.1.24.0 Folder = D:\Documents and Settings\edsom luis\Meus documentos\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

511,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 46,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): [binary data over 100 bytes]

 

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Arquivos de programas

Drive C: | 17,28 Gb Total Space | 7,50 Gb Free Space | 43,42% Space Free | Partition Type: FAT32

Drive D: | 59,00 Gb Total Space | 33,22 Gb Free Space | 56,30% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: EDIM

Current User Name: edsom luis

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - D:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - D:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - D:\Documents and Settings\edsom luis\Meus documentos\Downloads\OTL.exe (OldTimer Tools)

PRC - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - D:\Arquivos de programas\AlienGUIse\wbload.exe (Stardock Systems, Inc)

PRC - D:\Arquivos de programas\CursorXP\CursorXP.exe ( )

PRC - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - D:\Documents and Settings\edsom luis\Meus documentos\Downloads\OTL.exe (OldTimer Tools)

MOD - D:\Arquivos de programas\AlienGUIse\wblind.dll (Stardock.Net, Inc)

MOD - D:\Arquivos de programas\CursorXP\CurXP0.dll ( )

MOD - D:\Arquivos de programas\AlienGUIse\wbhelp.dll (Stardock.Net, Inc)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (ZeppelinService) -- File not found

SRV - (WLSetupSvc) -- File not found

SRV - (usnjsvc) -- File not found

SRV - (PEVSystemStart) -- File not found

SRV - (gusvc) -- File not found

SRV - (JavaQuickStarterService) -- D:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (AntiVirService) -- D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (SeaPort) -- D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (IDriverT) -- D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)

SRV - (MDM) -- D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (PCTCore) -- File not found

DRV - (cpuidlep) -- D:\WINDOWS\system32\drivers\cpuidlep.sys ()

DRV - (avgntflt) -- D:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (RegGuard) -- D:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)

DRV - (Lbd) -- D:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (VBoxNetAdp) -- D:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)

DRV - (VBoxUSBMon) -- D:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)

DRV - (VBoxDrv) -- D:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)

DRV - (VBoxNetFlt) -- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)

DRV - (ssmdrv) -- D:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- D:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (GbpKm) -- D:\WINDOWS\system32\drivers\GbpKm.sys (GAS Tecnologia)

DRV - (rspSanity) -- D:\WINDOWS\system32\drivers\rspSanity32.sys (Resplendence Software Projects Sp.)

DRV - (avgio) -- D:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (FET5X86V) -- D:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )

DRV - (usbaudio) Driver de áudio USB (WDM) -- D:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (xpvcom) -- D:\WINDOWS\system32\drivers\XPVCOM.sys ()

DRV - (cmuda) -- D:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)

DRV - (713xTVCard) -- D:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors)

DRV - (Ptilink) -- D:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (FETNDIS) -- D:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]

IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.2

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0

 

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: D:\Arquivos de programas\K-Meleon\Plugins [2009/12/05 18:13:40 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: D:\Arquivos de programas\K-Meleon\Components [2009/12/05 18:13:24 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Arquivos de programas\Mozilla Firefox\components [2010/01/21 14:31:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Arquivos de programas\Mozilla Firefox\plugins [2010/01/21 14:31:06 | 00,000,000 | ---D | M]

 

[2009/08/27 21:45:22 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Extensions

[2009/12/19 18:01:06 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions

[2010/02/21 23:39:48 | 00,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2010/02/06 21:38:42 | 00,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

[2010/01/02 22:42:02 | 00,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}(2)

[2010/01/21 17:26:46 | 00,000,927 | ---- | M] () -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\4frl1nwm.default\searchplugins\conduit.xml

[2010/01/21 14:31:06 | 00,000,000 | ---D | M] -- D:\Arquivos de programas\Mozilla Firefox\extensions

[2010/01/15 23:18:56 | 00,001,027 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/01/15 23:18:56 | 00,001,212 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/01/15 23:18:56 | 00,001,168 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/01/15 23:18:56 | 00,000,952 | ---- | M] () -- D:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (27 bytes) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-839522115-1409082233-725345543-1003..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe ( )

O4 - HKLM..\RunOnce: [] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.96.15 189.7.96.16

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (D:\WINDOWS\system32\wbsys.dll) - D:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\WB: DllName - D:\Arquivos de programas\AlienGUIse\fastload.dll - D:\Arquivos de programas\AlienGUIse\fastload.dll (Stardock)

O24 - Desktop WallPaper: D:\WINDOWS\InvaderDark1280.bmp

O24 - Desktop BackupWallPaper: D:\WINDOWS\InvaderDark1280.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/02/21 21:25:22 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2009/11/14 20:15:58 | 00,000,000 | ---D | M] - C:\autorun(2).inf -- [ FAT32 ]

O32 - AutoRun File - [2010/01/02 16:42:56 | 00,000,000 | ---D | M] - C:\autorun(3).inf -- [ FAT32 ]

O32 - AutoRun File - [2010/02/21 21:25:22 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2009/11/14 20:15:58 | 00,000,000 | ---D | M] - D:\autorun(2).inf -- [ FAT32 ]

O32 - AutoRun File - [2010/01/02 16:42:56 | 00,000,000 | ---D | M] - D:\autorun(3).inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/02/22 00:39:08 | 00,000,000 | RH-D | C] -- D:\Documents and Settings\edsom luis\Recent

[2010/02/21 21:25:20 | 00,000,000 | RHSD | C] -- D:\autorun.inf

[2010/02/21 20:45:50 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\PC Tools

[2010/02/21 20:45:28 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\Spyware Doctor

[2010/02/21 17:09:53 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\CursorXP

[2010/02/21 12:42:22 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\FileCure

[2010/02/20 15:04:02 | 00,000,000 | -HSD | C] -- D:\FOUND.000

[2010/02/19 23:53:28 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DriverCure

[2010/02/19 23:53:18 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\DriverCure

[2010/02/19 19:58:38 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Abelssoft

[2010/02/19 12:16:53 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2010/02/19 01:13:37 | 00,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe

[2010/02/19 01:13:37 | 00,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe

[2010/02/19 01:13:37 | 00,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe

[2010/02/19 01:13:11 | 00,000,000 | ---D | C] -- D:\Qoobox

[2010/02/17 01:06:56 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\.assinador

[2010/02/16 23:54:30 | 00,000,000 | -HSD | C] -- D:\Recycled

[2010/02/16 23:54:01 | 00,000,000 | ---D | C] -- D:\WINDOWS\temp

[2010/02/16 23:38:26 | 00,000,000 | ---D | C] -- D:\WORT

[2010/02/16 19:39:47 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\Logishrd

[2010/02/16 19:39:34 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\LogiShrd

[2010/02/16 19:20:04 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Easeware

[2010/02/14 17:16:27 | 00,000,000 | ---D | C] -- D:\Drivers Backup

[2010/02/12 18:25:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DeviceDoctorSoftware

[2010/02/09 16:33:12 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\InCode Solutions

[2010/02/07 02:08:33 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ati2cqag.dll

[2010/02/07 02:08:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpcdll.dll

[2010/02/07 02:08:33 | 00,010,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\smtpapi.dll

[2010/02/07 02:08:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rwnh.dll

[2010/02/07 02:08:32 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- D:\WINDOWS\System32\ati3duag.dll

[2010/02/07 02:08:32 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- D:\WINDOWS\System32\ati3d1ag.dll

[2010/02/07 02:08:32 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- D:\WINDOWS\System32\ativvaxx.dll

[2010/02/07 02:08:32 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ati2dvaa.dll

[2010/02/07 02:08:32 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ati2dvag.dll

[2010/02/07 02:08:32 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ativtmxx.dll

[2010/02/07 02:08:32 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ativmvxx.ax

[2010/02/07 02:08:32 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\ativdaxx.ax

[2010/02/07 02:08:28 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1rvxx.sys

[2010/02/07 02:08:28 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1btxx.sys

[2010/02/07 02:08:28 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1tuxx.sys

[2010/02/07 02:08:28 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1xsxx.sys

[2010/02/07 02:08:28 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1raxx.sys

[2010/02/07 02:08:28 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1xbxx.sys

[2010/02/07 02:08:28 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1snxx.sys

[2010/02/07 02:08:28 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1ttxx.sys

[2010/02/07 02:08:28 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1pdxx.sys

[2010/02/07 02:08:28 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati1mdxx.sys

[2010/02/07 02:08:27 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati2mtag.sys

[2010/02/07 02:08:27 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\ati2mtaa.sys

[2010/02/07 02:08:27 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinrvxx.sys

[2010/02/07 02:08:27 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atintuxx.sys

[2010/02/07 02:08:27 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinxsxx.sys

[2010/02/07 02:08:27 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinbtxx.sys

[2010/02/07 02:08:27 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinraxx.sys

[2010/02/07 02:08:27 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinxbxx.sys

[2010/02/07 02:08:27 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinsnxx.sys

[2010/02/07 02:08:27 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinpdxx.sys

[2010/02/07 02:08:27 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinttxx.sys

[2010/02/07 02:08:27 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\drivers\atinmdxx.sys

[2010/02/07 01:01:57 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\MSBuild

[2010/02/07 00:24:48 | 02,959,376 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\edsom luis\Meus documentos\dotnetfx35setup.exe

[2010/02/04 02:35:49 | 00,012,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mouhid.sys

[2010/02/04 02:35:44 | 00,010,368 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidusb.sys

[2010/02/01 23:09:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Gabaritos

[2010/02/01 23:07:42 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\Windows Live

[2010/02/01 15:54:11 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Meus documentos\DVDVideoSoft

[2010/02/01 15:53:55 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

[2010/02/01 15:33:14 | 00,719,872 | ---- | C] (Abysmal Software) -- D:\WINDOWS\System32\devil.dll

[2010/02/01 15:33:14 | 00,369,152 | ---- | C] (The Public) -- D:\WINDOWS\System32\avisynth.dll

[2010/02/01 15:33:07 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- D:\WINDOWS\System32\yv12vfw.dll

[2010/02/01 15:33:07 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- D:\WINDOWS\System32\i420vfw.dll

[2010/02/01 15:20:49 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\Witcobber

[2010/02/01 01:46:44 | 00,000,000 | ---D | C] -- D:\Arquivos de programas\Yahoo!

[2010/01/31 17:04:22 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Uniblue

[2010/01/29 17:18:02 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\Backup

[2010/01/26 23:14:06 | 00,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GlarySoft

[2010/01/25 21:59:20 | 00,000,000 | ---D | C] -- D:\WINDOWS\HaxFix

[2009/11/20 19:01:18 | 00,832,296 | ---- | C] (Opera Software) -- D:\Arquivos de programas\Arquivos comuns\opera.exe

[2009/11/20 19:01:16 | 04,450,088 | ---- | C] (Opera Software) -- D:\Arquivos de programas\Arquivos comuns\opera.dll

[2008/12/04 22:08:14 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET

[2007/09/19 10:52:56 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2007/09/19 10:52:50 | 00,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2007/09/19 10:33:32 | 00,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2007/09/19 10:33:32 | 00,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2002/03/11 06:06:30 | 01,822,520 | ---- | C] (Microsoft Corporation) -- D:\Arquivos de programas\instmsiw.exe

[2002/03/11 05:45:04 | 01,708,856 | ---- | C] (Microsoft Corporation) -- D:\Arquivos de programas\instmsia.exe

 

========== Files - Modified Within 30 Days ==========

 

[2010/02/22 00:53:44 | 00,000,464 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

[2010/02/21 19:58:14 | 00,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat

[2010/02/21 17:24:34 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT

[2010/02/21 17:24:28 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2010/02/21 17:24:16 | 00,000,012 | ---- | M] () -- D:\WINDOWS\System32\drivers\IncompleteBoot.cnt

[2010/02/21 17:22:54 | 12,505,088 | ---- | M] () -- D:\Documents and Settings\edsom luis\ntuser.dat

[2010/02/21 17:22:54 | 00,000,210 | -HS- | M] () -- D:\Documents and Settings\edsom luis\ntuser.ini

[2010/02/21 17:22:44 | 04,786,564 | -H-- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\IconCache.db

[2010/02/21 15:49:02 | 00,025,088 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbdclass.sys

[2010/02/21 10:10:22 | 00,001,277 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\osk.lnk

[2010/02/21 10:08:20 | 00,284,520 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/20 15:59:26 | 00,002,262 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2010/02/20 14:44:30 | 00,072,176 | ---- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/02/19 17:54:38 | 00,002,970 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT

[2010/02/19 11:44:44 | 00,000,170 | ---- | M] () -- D:\WINDOWS\spywarebegone-fullversion-installed.html

[2010/02/18 20:10:18 | 00,000,003 | ---- | M] () -- D:\WINDOWS\rrxx.dll

[2010/02/18 20:00:10 | 00,000,736 | ---- | M] () -- D:\WINDOWS\win.ini

[2010/02/18 20:00:10 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini

[2010/02/17 01:06:58 | 00,126,976 | ---- | M] () -- D:\WINDOWS\MSKeyStoreJNI.dll

[2010/02/12 16:52:40 | 00,000,008 | RHS- | M] () -- D:\Documents and Settings\edsom luis\ntuser.pol

[2010/02/11 21:33:30 | 00,008,018 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\34.pdf

[2010/02/08 17:15:44 | 00,039,856 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Configuration.mc

[2010/02/08 08:23:12 | 00,007,725 | ---- | M] () -- D:\WINDOWS\System32\tcpip.reg

[2010/02/07 00:24:50 | 02,959,376 | ---- | M] (Microsoft Corporation) -- D:\Documents and Settings\edsom luis\Meus documentos\dotnetfx35setup.exe

[2010/02/06 19:14:36 | 01,026,982 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI

[2010/02/06 19:14:36 | 00,471,828 | ---- | M] () -- D:\WINDOWS\System32\perfh016.dat

[2010/02/06 19:14:36 | 00,435,836 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat

[2010/02/06 19:14:36 | 00,080,630 | ---- | M] () -- D:\WINDOWS\System32\perfc016.dat

[2010/02/06 19:14:36 | 00,068,628 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat

[2010/02/05 17:30:32 | 00,001,486 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\AlienGUIse.lnk

[2010/02/05 17:29:42 | 00,000,064 | ---- | M] () -- D:\WINDOWS\wb.ini

[2010/02/04 23:57:04 | 00,000,499 | ---- | M] () -- D:\WINDOWS\System32\Atalho para pxkbf.sys.vir.lnk

[2010/02/02 11:37:52 | 00,000,008 | ---- | M] () -- D:\WINDOWS\System32\IncompleteBoot.cnt.vir

[2010/02/02 09:27:42 | 00,003,132 | ---- | M] () -- D:\WINDOWS\System32\Service_GoogleDesktopManager-060409-093314.reg.dat

[2010/02/02 09:27:42 | 00,002,404 | ---- | M] () -- D:\WINDOWS\System32\Service_pxkbf.reg.dat

[2010/02/02 09:27:42 | 00,002,380 | ---- | M] () -- D:\WINDOWS\System32\Service_CMC AntiRootkit Service.reg.dat

[2010/02/02 09:27:42 | 00,002,012 | ---- | M] () -- D:\WINDOWS\System32\Service_KProcWatch.reg.dat

[2010/02/02 09:27:42 | 00,001,400 | ---- | M] () -- D:\WINDOWS\System32\Legacy_CMC_ANTIROOTKIT_SERVICE.reg.dat

[2010/02/02 09:27:42 | 00,001,358 | ---- | M] () -- D:\WINDOWS\System32\Legacy_KPROCWATCH.reg.dat

[2010/02/02 09:27:42 | 00,001,030 | ---- | M] () -- D:\WINDOWS\System32\Legacy_GOOGLEDESKTOPMANAGER-060409-093314.reg.dat

[2010/02/01 20:31:26 | 00,004,484 | ---- | M] () -- D:\WINDOWS\System32\drivers\cpuidlep.sys

[2010/02/01 01:46:44 | 00,001,524 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\CCleaner.lnk

[2010/01/31 20:36:04 | 00,000,003 | ---- | M] () -- D:\WINDOWS\System32\rrxx.dll.vir

[2010/01/31 17:59:24 | 00,050,688 | ---- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/26 20:01:04 | 00,002,317 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\Google Chrome.lnk

[2010/01/24 22:09:14 | 00,040,960 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\CURRICULO INFORMATICA.doc

[2010/01/23 21:12:54 | 42,949,39648 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\SALVAÇÃO PERICIA DIGITAL..bkf

 

========== Files Created - No Company Name ==========

 

[2010/02/19 01:13:37 | 00,261,632 | ---- | C] () -- D:\WINDOWS\PEV.exe

[2010/02/19 01:13:37 | 00,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe

[2010/02/19 01:13:37 | 00,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe

[2010/02/19 01:13:37 | 00,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe

[2010/02/19 01:13:37 | 00,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe

[2010/02/18 20:10:16 | 00,000,003 | ---- | C] () -- D:\WINDOWS\rrxx.dll

[2010/02/17 01:06:57 | 00,126,976 | ---- | C] () -- D:\WINDOWS\MSKeyStoreJNI.dll

[2010/02/13 16:57:20 | 00,001,277 | ---- | C] () -- D:\Documents and Settings\edsom luis\Desktop\osk.lnk

[2010/02/12 16:50:57 | 00,000,008 | RHS- | C] () -- D:\Documents and Settings\edsom luis\ntuser.pol

[2010/02/11 21:33:28 | 00,008,018 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\34.pdf

[2010/02/11 13:54:36 | 12,505,088 | ---- | C] () -- D:\Documents and Settings\edsom luis\ntuser.dat

[2010/02/08 17:15:54 | 00,039,856 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Configuration.mc

[2010/02/07 02:08:27 | 00,064,352 | ---- | C] () -- D:\WINDOWS\System32\drivers\ativmc20.cod

[2010/02/06 19:21:16 | 00,000,012 | ---- | C] () -- D:\WINDOWS\System32\drivers\IncompleteBoot.cnt

[2010/02/05 17:30:30 | 00,001,486 | ---- | C] () -- D:\Documents and Settings\edsom luis\Desktop\AlienGUIse.lnk

[2010/02/05 17:29:40 | 00,000,064 | ---- | C] () -- D:\WINDOWS\wb.ini

[2010/02/04 23:57:03 | 00,000,499 | ---- | C] () -- D:\WINDOWS\System32\Atalho para pxkbf.sys.vir.lnk

[2010/02/02 09:30:44 | 00,000,008 | ---- | C] () -- D:\WINDOWS\System32\IncompleteBoot.cnt.vir

[2010/02/02 09:27:40 | 00,003,132 | ---- | C] () -- D:\WINDOWS\System32\Service_GoogleDesktopManager-060409-093314.reg.dat

[2010/02/02 09:27:40 | 00,002,404 | ---- | C] () -- D:\WINDOWS\System32\Service_pxkbf.reg.dat

[2010/02/02 09:27:40 | 00,002,380 | ---- | C] () -- D:\WINDOWS\System32\Service_CMC AntiRootkit Service.reg.dat

[2010/02/02 09:27:40 | 00,002,012 | ---- | C] () -- D:\WINDOWS\System32\Service_KProcWatch.reg.dat

[2010/02/02 09:27:40 | 00,001,400 | ---- | C] () -- D:\WINDOWS\System32\Legacy_CMC_ANTIROOTKIT_SERVICE.reg.dat

[2010/02/02 09:27:40 | 00,001,358 | ---- | C] () -- D:\WINDOWS\System32\Legacy_KPROCWATCH.reg.dat

[2010/02/02 09:27:40 | 00,001,030 | ---- | C] () -- D:\WINDOWS\System32\Legacy_GOOGLEDESKTOPMANAGER-060409-093314.reg.dat

[2010/02/01 20:31:25 | 00,004,484 | ---- | C] () -- D:\WINDOWS\System32\drivers\cpuidlep.sys

[2010/02/01 15:33:07 | 00,027,648 | ---- | C] () -- D:\WINDOWS\System32\AVSredirect.dll.vir.vir

[2010/01/31 20:36:02 | 00,000,003 | ---- | C] () -- D:\WINDOWS\System32\rrxx.dll.vir

[2010/01/25 21:59:30 | 00,537,829 | ---- | C] () -- D:\HaxFix.exe

[2010/01/23 20:57:20 | 42,949,39648 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\SALVAÇÃO PERICIA DIGITAL..bkf

[2010/01/16 16:21:19 | 00,000,003 | ---- | C] () -- D:\WINDOWS\rrxx.dll.vir

[2010/01/02 14:15:14 | 00,000,051 | ---- | C] () -- D:\WINDOWS\wininit.ini

[2009/12/01 15:16:18 | 00,621,546 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir

[2009/12/01 15:16:18 | 00,038,338 | ---- | C] () -- D:\Arquivos de programas\Uninst.isu

[2009/12/01 15:16:18 | 00,003,219 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\Acihelp.cnt.vir

[2009/11/21 09:56:57 | 00,000,180 | ---- | C] () -- D:\WINDOWS\System32\BsMain.ini

[2009/11/20 19:11:28 | 00,015,828 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\license.rtf

[2009/11/20 19:00:42 | 00,020,480 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\OUniAnsi.dll

[2009/11/20 19:00:24 | 00,653,419 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\encoding.bin

[2009/11/13 18:19:33 | 00,000,218 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\operaprefs_default.ini

[2009/09/17 17:42:12 | 00,001,181 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\ShLog.txt

[2009/09/10 15:31:20 | 00,000,506 | ---- | C] () -- D:\WINDOWS\ATICIM.INI

[2009/08/26 13:15:46 | 00,011,233 | ---- | C] () -- D:\WINDOWS\System32\fm20enu.dll.zip

[2009/08/20 12:06:06 | 12,670,4693 | ---- | C] () -- D:\Arquivos de programas\brofficeorg1.cab

[2009/08/20 12:04:26 | 09,812,992 | ---- | C] () -- D:\Arquivos de programas\brofficeorg31.msi

[2009/08/19 05:39:36 | 00,000,330 | ---- | C] () -- D:\Arquivos de programas\setup.ini

[2009/08/14 22:00:32 | 00,000,046 | ---- | C] () -- D:\WINDOWS\Rav.ini

[2009/06/17 14:41:58 | 00,003,870 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\lngcode.txt.vir

[2009/06/08 19:29:10 | 00,000,036 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\housecall.guid.cache

[2009/04/30 11:50:11 | 00,000,041 | ---- | C] () -- D:\WINDOWS\Filzip.ini

[2009/04/24 20:16:40 | 00,162,304 | ---- | C] () -- D:\WINDOWS\System32\ztvunrar36.dll

[2009/04/24 20:16:40 | 00,077,312 | ---- | C] () -- D:\WINDOWS\System32\ztvunace26.dll

[2009/03/27 20:27:53 | 00,002,320 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\operadef6.ini

[2009/03/23 22:25:02 | 00,000,129 | ---- | C] () -- D:\WINDOWS\REC-NET.INI

[2009/03/16 14:08:40 | 00,139,264 | ---- | C] () -- D:\WINDOWS\System32\Hlsoft32.dll

[2009/03/16 14:08:38 | 00,076,800 | ---- | C] () -- D:\WINDOWS\System32\Hl_enc32.dll

[2009/03/16 14:08:37 | 00,031,744 | ---- | C] () -- D:\WINDOWS\System32\Hl_med32.dll

[2009/03/16 14:08:35 | 00,061,440 | ---- | C] () -- D:\WINDOWS\System32\RaisVal.dll

[2009/03/16 14:08:34 | 00,040,960 | ---- | C] () -- D:\WINDOWS\System32\PKWIN32.DLL

[2009/03/16 14:08:33 | 00,020,480 | ---- | C] () -- D:\WINDOWS\System32\selar32.dll

[2009/02/19 13:29:33 | 00,000,002 | ---- | C] () -- D:\WINDOWS\scanreg.ini

[2009/02/18 14:43:08 | 00,111,960 | ---- | C] () -- D:\WINDOWS\System32\INetHTTPFilter.dll

[2008/11/17 16:19:54 | 00,000,041 | ---- | C] () -- D:\WINDOWS\crw.ini

[2008/10/08 20:54:04 | 00,069,632 | ---- | C] () -- D:\WINDOWS\System32\MSJCE.dll

[2008/09/29 19:22:26 | 00,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI

[2008/06/27 22:44:10 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\base64.dll

[2008/06/27 22:43:47 | 00,132,096 | ---- | C] () -- D:\WINDOWS\System32\Zipdll.dll

[2008/06/27 22:43:47 | 00,117,760 | ---- | C] () -- D:\WINDOWS\System32\Unzdll.dll

[2008/06/20 21:53:34 | 00,000,025 | ---- | C] () -- D:\WINDOWS\recibo.ini

[2008/06/20 21:42:32 | 00,005,361 | ---- | C] () -- D:\WINDOWS\DesinstWRecnet.ini

[2008/06/09 10:17:20 | 00,000,301 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\c3nform.vxml.vir

[2008/04/03 15:37:06 | 00,027,136 | ---- | C] () -- D:\WINDOWS\System32\WiseDLL.dll

[2008/03/26 10:04:42 | 00,002,821 | ---- | C] () -- D:\WINDOWS\TVP3XDrv.ini

[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- D:\WINDOWS\bdoscandellang.ini

[2007/09/19 11:23:08 | 00,010,512 | ---- | C] () -- D:\WINDOWS\hpdj3500.ini

[2007/09/19 11:08:04 | 00,050,688 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/09/19 11:06:07 | 00,000,421 | ---- | C] () -- D:\WINDOWS\ODBC.INI

[2007/03/23 02:00:14 | 00,030,032 | ---- | C] () -- D:\WINDOWS\System32\drivers\XPVCOM.sys

[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- D:\WINDOWS\System32\vuins32.dll

[2004/03/07 20:16:06 | 00,040,448 | ---- | C] () -- D:\WINDOWS\System32\regobj.dll

[2004/02/26 13:35:04 | 00,007,904 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\html40_entities.dtd

[2003/02/18 18:26:28 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll

[1996/04/03 16:33:26 | 00,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

 

========== LOP Check ==========

 

[2008/12/08 20:26:50 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Newsoft

[2009/01/09 11:24:26 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Playrix Entertainment

[2009/02/26 19:04:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\MicroWorld

[2009/11/19 02:31:34 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Iomatic

[2010/01/03 04:34:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\PrevxCSI

[2010/01/05 19:29:04 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\VOWSoft

[2010/01/29 17:18:04 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Backup

[2009/12/24 17:24:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic

[2009/12/24 16:39:52 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic Anti-Virus PLUS

[2009/11/18 03:34:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2010/02/19 12:16:54 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2010/02/19 23:53:20 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\DriverCure

[2010/02/21 12:42:22 | 00,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\FileCure

[2008/10/09 14:22:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Opera

[2009/01/08 18:52:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\PlayFirst

[2009/09/22 17:51:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\BrOffice.org

[2009/11/25 10:38:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\QuickScan

[2009/12/05 18:14:02 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\K-Meleon

[2009/12/12 20:34:40 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GetRightToGo

[2010/01/04 21:26:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\IObit

[2010/01/26 23:14:08 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GlarySoft

[2010/01/31 17:04:24 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Uniblue

[2010/02/12 18:25:14 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DeviceDoctorSoftware

[2010/02/16 19:20:06 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Easeware

[2010/02/19 23:53:30 | 00,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DriverCure

[2010/02/22 00:58:02 | 00,000,464 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

[2010/02/21 17:23:00 | 00,032,616 | ---- | M] () -- D:\WINDOWS\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

< End of report >

 

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! EDSSX

 

<@> Baixe: < Dial-a-fix >

<@> Tire-o do zip!

<@> Clique em Policies...

<@> Ps: Encontrando políticas restritivas,pode removê-las deixando o campo vazio.

<@> À seguir,clique em "Tools". ( Ícone do martelo )

<@> Clique em "Reinstall Windows Firewall" --> GO --> Aguarde!

<@> Concluindo,clique em "Close" --> Exit.

<@> Ps: Verifique se foi restabelecido a funcionalidade do Firewall do Windows.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Bom dia

 

 

Na central de segurança, consta os 3 itens com a palavra ativado em vermelho .

 

 

 

Obrigado e abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom dia

 

 

Na central de segurança, consta os 3 itens com a palavra ativado em vermelho .

 

 

 

Obrigado e abraços

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

Bom Dia! EDSSX

 

<!> Deveriam estar na cor verde! Tente seu restabelecimento,inserindo ao registro estas informações logo abaixo.

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < securitycenterrestore.reg >

<@> Salve-a no desktop,como arquivo de entradas de registro. ( .reg ) < imagemregrv6.png >

<@> Ps: Não salve-as como texto,onde sua inserção ao registro,seria inócua.

<@> Reinicie o computador,em Modo de segurança.

<@> Execute o arquivo ( .reg ),e confirme sua inserção ao registro.

<@> Terminando,reinicie o computador!

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Esta alteração na cor,independentemente de sua funcionalidade,pode estar relacionada ao ítem 4,relacionado pela Microsoft.

 

< http://www.microsoft.com/brasil/athome/security/protect/windowsxpsp2/wsc.mspx >

 

XPSP2_wsc_shot02.jpg

 

Observação: A Central de Segurança do Windows poderá ter uma aparência diferente do que é exibido na imagem se o seu computador fizer parte de um domínio (um grupo de computadores em uma rede) ou se você tiver instalado software de segurança adicional que altere a funcionalidade da Central de Segurança. Nesse caso, entre em contato com o seu fornecedor de software de segurança ou administrador de TI para receber assistência sobre como gerenciar suas configurações de segurança.

<!> Ou seja...caso seja estabelecida a funcionalidade da Central de Segurança,ignore essa alteração.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Bom dia

 

Ok,está verde/ativado; cfe. print infra e log parcial do USFIX :

 

 

 

############################## | UsbFix V6.055 |

 

User : edsom luis (Administradores) # EDIM

Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8

Start at: 10:56:15 | 22/2/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Sempron 2400+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 17,28 Go (7,5 Go free) # FAT32

D:\ -> Disco fixo local # 59 Go (33,36 Go free) # FAT32

E:\ -> Disco CD-ROM

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder criado por UsbFix.

# D:\autorun.inf -> Folder criado por UsbFix.

 

################## | ! Fim do relatório # UsbFix V6.055 ! |

 

 

 

screenshot009j.png

 

 

 

Obrigado e abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! EDSSX

 

<!> Bom trabalho! :)

°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°

<!> Posso mover este Tópico para Casos Resolvidos?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Boa tarde

 

Aproveitando a oportunidade .

 

 

Meu caro amigo Digram; como voçe pode ver uso o teclado virtual ; pois :

 

http://forum.imasters.com.br/index.php?/topic/378784-desconfiguracao-das-letras/

 

 

Entendo que o nosso amigo jgarcia tem a tua vida pessoal/profissional ;mas o mesmo perguntou se foi instalado o console e sumiu .

 

 

Resumindo , vossa pessoa não poderia me passar um fix/arquivo reg. como este supra ; pois :

 

 

screenshot010nh.png

 

 

 

Da o erro:

 

O Windows não pode iniciar este dispositivo de hardware porque suas informações de configuração (no Registro) estão incompletas ou danificadas. (Código 19)

 

 

 

Meu teclado está travado cfe. print supra (o mesmo funciona ;só que após iniciar o os, trava)

 

 

 

Estes drivers infra , já reinstalei no system 32 e o erro continua .

 

i8042prt.sys

kbdclass.sys ; portanto erro no registro .

 

 

screenshot011ymxl.png

 

 

 

Observe no tópico acima :

 

d:\arquivos de programas\Arquivos comuns\lngcode.txt

d:\arquivos de programas\Arquivos comuns\c3nform.vxml

d:\arquivos de programas\ACIHELP.HLP

d:\arquivos de programas\Acihelp.cnt

d:\windows\system32\drivers\pxkbf.sys

d:\windows\system32\drivers\cmcantirootkit.sys

d:\windows\system32\drivers\IncompleteBoot.cnt

D:\autorun(3).inf

 

 

Drivers:

pxkbf

KProcWatch

CMC AntiRootkit Service

GoogleDesktopManager-060409-093314

 

 

Obrigado e abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! EDSSX

 

<!> Desculpe-me a longa ausência,pois fiquei sem Internet e impossibilitado de dar prosseguimento ao caso.

°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°

<!> Pelo visto,seu problema com o teclado virtual está apontando para a corrupção de dados no registro.

<!> Recomendo a inserção destas informações,abaixo,ao registro.

 

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard]"Application path"="osk.exe""Application type"=dword:00000001"ClientControlCode"=dword:00000085"Display Name"="Teclado virtual""ErrorOnLaunch"="""HideClient"=dword:00000000"Start with Utility Manager"=dword:00000000"Start with Windows"=dword:00000000"WontRespondAction"="""WontRespondTimeout"=dword:00000000

<!> Salve-as como arquivo de entrada ao registro. ( .reg )

<!> Confirme a inserção ou mescle-as ao registro.

<!> Reinicie o computador ao concluir!

<!> Verifique se o problema foi solucionado!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Mas o problema é com o teclado fisico mesmo . (PS/2 )

 

Já verifiquei pela BIOS , alterna para yes ou not, portanto as saidas não estão queimadas ou quebradas .

 

 

 

Obrigado e abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Mas o problema é com o teclado fisico mesmo . (PS/2 )

 

Já verifiquei pela BIOS , alterna para yes ou not, portanto as saidas não estão queimadas ou quebradas .

 

 

 

Obrigado e abraços

//////////////\\\\\\\\\\\\\\\

Opa! EDSSX

 

<!> Se o teclado físico for multimídia ( USB ),tente a reparação logo abaixo.

<!> Substitua o teclado,experimentalmente,já que é um componente de baixo custo.

<!> Ps: Caso não o seja,busque ajuda em Servidores Windows,já que o problema não está relacionado a vírus.

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < Autoplay Repair Wizard >

<@> Execute a ferramenta que,ao final do scan,exibirá um relatório. ( AutoFix[V.x.x.xxxx.xx] )

<@> Utilize o Autoplay Repair Wizard,no reparo de cada unidade,onde teremos relatórios individualizados.

<@> O êxito na correção,virá da seguinte forma: Result: This AutoPlay setting was successfully fixed

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

EDSSX    0

EDSSX
Postado

Boa tarde

 

 

Já testei vários teclados e o problema persiste . Portanto o motivo está no os mesmo .

Vou buscar ajuda em Servidores Windows .

 

 

Pode encerrar este tópico, pois o caso no começo do mesmo foi esclareçido .

 

Obrigado e abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito