EDSSX 0 Denunciar post Postado Abril 5, 2010 Boa tarde Tenho certeza que fui contaminado ao navegar no site, pois ao apareçer a janela do plugin ( cfe. meu post de hoje no tópico infra ), a barra de rolagem travou e o firewall do windows desabilita (habilito e desabilita ) toda hora . http://forum.imasters.com.br/index.php?/topic/387906-virus-ao-acessar-forum-do-imasters/page__pid__1518242__st__0entry1518242 Foi criado automático um icone de um arquivo em minha área de trabalho com o nome gerenciador financeiro . E consta a mensagem : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:40, on 5/4/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\AlienGUIse\wbload.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\CursorXP\CursorXP.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\system32\osk.exe D:\WINDOWS\system32\MSSWCHX.EXE D:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe D:\Arquivos de programas\Java\jre6\bin\java.exe D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe D:\WINDOWS\system32\wscntfy.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr D:\WINDOWS\system32\cmd.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe D:\Documents and Settings\edsom luis\Configurações locais\temp\14D.tmp\evP.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: D:\WINDOWS\system32\wbsys.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe -- End of file - 3811 bytes DDS (Ver_09-12-01.01) - FAT32x86 Run by edsom luis at 18:05:48,23 on seg 05/04/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.119 [GMT -3:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE D:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\AlienGUIse\wbload.exe D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\CursorXP\CursorXP.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\system32\osk.exe D:\WINDOWS\system32\MSSWCHX.EXE D:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe D:\Arquivos de programas\Java\jre6\bin\java.exe D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe D:\WINDOWS\system32\wscntfy.exe D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.com mWindow Title = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe uPolicies-explorer: NoRealMode = 0 (0x0) uPolicies-explorer: HonorAutoRunSetting = 0 (0x0) uPolicies-explorer: NoFileUrl = 0 (0x0) uPolicies-explorer: NoUpdateCheck = 0 (0x0) mPolicies-explorer: HonorAutoRunSetting = 0 (0x0) mPolicies-explorer: NoResolveTrack = 1 (0x1) IE: E&xportar para o Microsoft Excel IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Notify: WB - d:\arquivos de programas\alienguise\fastload.dll AppInit_DLLs: d:\windows\system32\wbsys.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\izozpjim.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR FF - plugin: d:\documents and settings\edsom luis\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160] R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-4-2 11608] R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424] R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2010-4-2 135336] R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2010-4-2 267432] R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-4-2 60936] R3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2010-3-30 38224] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856] R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368] R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032] S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568] S1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 --> hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [?] S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584] S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136] S4 ZeppelinService;plasservice; [x] ============== File Associations =============== inifile=Notepad.exe "%1" =============== Created Last 30 ================ 2010-04-05 16:19:50 0 d-----w- d:\arquivos de programas\ESET 2010-04-05 00:25:48 0 d-----w- d:\windows\system32\wbem\Repository 2010-04-05 00:25:42 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\Software Informer 2010-04-05 00:25:39 0 d-----w- d:\docume~1\alluse~1\dadosd~1\FreeDownloadManager.ORG 2010-04-05 00:25:38 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\Free Download Manager 2010-04-05 00:25:29 0 d--h--w- d:\documents and settings\edsom luis\Recent(8) 2010-04-04 23:53:33 0 d-----w- D:\!KillBox 2010-04-04 19:14:32 0 d-----w- d:\arquivos de programas\arquivos comuns\Apple 2010-04-03 16:40:24 0 d-----w- d:\arquivos de programas\Wise Registry Cleaner 2010-04-02 21:47:02 0 d-----w- d:\arquivos de programas\Ad-Remover 2010-04-02 19:53:14 0 d-----w- d:\windows\CD95F661A5C444F5A6AAECDD91C240BC.TMP 2010-04-02 19:11:02 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\Avira 2010-04-02 18:46:50 0 d-sha-r- D:\autorun.inf 2010-04-02 17:55:22 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2010-04-02 17:55:21 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Avira 2010-04-02 17:55:21 0 d-----w- d:\arquivos de programas\Avira 2010-04-02 17:44:18 0 d--h--w- d:\documents and settings\edsom luis\Recent(7) 2010-04-02 16:13:26 3 ----a-w- d:\windows\rrxx.dll 2010-04-02 14:43:55 0 d-sh--w- D:\Recycled 2010-04-01 17:32:27 0 d-----w- d:\arquivos de programas\Marcos Velasco Security 2010-03-31 01:11:21 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 01:11:17 20824 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-03-31 00:57:57 0 d--h--w- d:\documents and settings\edsom luis\Recent(6) 2010-03-31 00:57:49 0 d--h--w- d:\documents and settings\edsom luis\Recent(5) 2010-03-29 21:56:01 0 d--h--w- d:\documents and settings\edsom luis\Recent(4) 2010-03-20 19:59:07 0 d---a-w- D:\autorun(4).inf ==================== Find3M ==================== 2010-04-05 14:13:30 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt 2010-03-12 21:02:40 261632 ----a-w- d:\windows\PEV.exe 2010-03-04 01:54:22 80630 ----a-w- d:\windows\system32\perfc016.dat 2010-03-04 01:54:22 471828 ----a-w- d:\windows\system32\perfh016.dat 2010-02-25 14:47:48 11070976 ----a-w- d:\windows\system32\dllcache\ieframe.dll 2010-02-24 09:57:24 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe 2010-02-17 04:06:58 126976 ----a-w- d:\windows\MSKeyStoreJNI.dll 2010-02-08 11:23:12 7725 ----a-w- d:\windows\system32\tcpip.reg 2010-02-02 12:27:42 3132 ----a-w- d:\windows\system32\Service_GoogleDesktopManager-060409-093314.reg.dat 2010-02-02 12:27:42 2404 ----a-w- d:\windows\system32\Service_pxkbf.reg.dat 2010-02-02 12:27:42 2380 ----a-w- d:\windows\system32\Service_CMC AntiRootkit Service.reg.dat 2010-02-02 12:27:42 2012 ----a-w- d:\windows\system32\Service_KProcWatch.reg.dat 2010-01-28 12:05:08 69632 ----a-w- d:\windows\system32\MSJCE.dll 2010-01-23 02:15:08 411368 ----a-w- d:\windows\system32\deploytk.dll 2010-01-19 12:16:40 537829 ----a-w- D:\HaxFix.exe 2010-01-13 07:01:00 327168 ----a-w- d:\windows\IsUn0416.exe 2009-12-01 18:16:32 38338 ------w- d:\arquivos de programas\Uninst.isu 2009-11-27 21:47:52 218 ------w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini 2009-11-20 22:11:28 15828 ------w- d:\arquivos de programas\arquivos comuns\license.rtf 2009-11-20 22:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe 2009-11-20 22:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll 2009-11-20 22:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll 2009-11-20 22:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin 2009-11-13 21:19:06 2320 ------w- d:\arquivos de programas\arquivos comuns\operadef6.ini 2009-08-20 15:06:06 126704693 ------w- d:\arquivos de programas\brofficeorg1.cab 2009-08-20 15:04:26 9812992 ------w- d:\arquivos de programas\brofficeorg31.msi 2009-08-19 08:39:36 330 ------w- d:\arquivos de programas\setup.ini 2009-07-10 06:20:00 621546 ----a-w- d:\arquivos de programas\arquivos comuns\ACIHELP.HLP.vir 2009-07-10 06:20:00 3219 ----a-w- d:\arquivos de programas\arquivos comuns\Acihelp.cnt.vir 2009-06-17 17:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt.vir 2008-06-09 13:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml.vir 2004-02-26 16:35:04 7904 ------w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd 2002-03-11 09:06:30 1822520 ------w- d:\arquivos de programas\instmsiw.exe 2002-03-11 08:45:04 1708856 ------w- d:\arquivos de programas\instmsia.exe 2009-01-21 15:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat 2009-09-11 17:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-11-24 09:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.dat 2009-03-08 17:09:26 638816 --sha-w- d:\windows\servicepackfiles\i386\iexplore.exe ============= FINISH: 18:08:20,98 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 19/9/2007 10:51:37 System Uptime: 4/5/2010 11:13:16 (-689 hours ago) Motherboard: ECS | | M825G Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (FAT32) - 17 GiB total, 7,389 GiB free. D: is FIXED (FAT32) - 59 GiB total, 39,127 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008 Service: ati2mtag Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: RADEON 9200 PRO SEC Family (Microsoft Corporation) Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Manufacturer: ATI Technologies Inc. Name: RADEON 9200 PRO SEC Family (Microsoft Corporation) PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108 Service: ati2mtag Class GUID: Description: Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Manufacturer: Name: PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0 Service: Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Teclado padrão com 101/102 teclas ou Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&3656B0&0 Manufacturer: (teclados padrões) Name: Teclado padrão com 101/102 teclas ou Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&3656B0&0 Service: i8042prt Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Controlador de comunicação PCI simples Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Manufacturer: Name: Controlador de comunicação PCI simples PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E Service: Class GUID: Description: Device ID: ROOT\LEGACY_BOCDRIVE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000 Service: Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Dispositivo de áudio USB Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Manufacturer: (Áudio USB genérico) Name: Dispositivo de áudio USB PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000 Service: usbaudio Class GUID: Description: Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_WRCONSUMERSERVICE\0000 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: VirtualBox Bridged Networking Driver Miniport Device ID: ROOT\SUN_VBOXNETFLTMP\0004 Manufacturer: Sun Microsystems, Inc. Name: WAN Miniport (PPTP) - VirtualBox Bridged Networking Driver Miniport PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0004 Service: VBoxNetFlt Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: VirtualBox Bridged Networking Driver Miniport Device ID: ROOT\SUN_VBOXNETFLTMP\0005 Manufacturer: Sun Microsystems, Inc. Name: Miniporta WAN (PPPOE) - VirtualBox Bridged Networking Driver Miniport PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0005 Service: VBoxNetFlt ==== System Restore Points =================== RP97: 4/4/2010 21:56:19 - Ponto de verificação do sistema RP98: 4/4/2010 21:58:25 - PERÍCIA DIGITAL TESTE COM DEUS 0404 DIN RP99: 5/4/2010 16:44:32 - Revo Uninstaller's restore point - ESET Online Scanner v3 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.1 - Português AlienGUIse Theme Manager Apple Application Support Apple Software Update Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2) Atualização de Segurança para Windows Internet Explorer 7 (KB938127) Atualização de Segurança para Windows Internet Explorer 7 (KB958215) Atualização de Segurança para Windows Internet Explorer 7 (KB960714) Atualização de Segurança para Windows Internet Explorer 7 (KB961260) Atualização de Segurança para Windows Internet Explorer 8 (KB969897) Atualização de Segurança para Windows Internet Explorer 8 (KB971961) Atualização de Segurança para Windows Internet Explorer 8 (KB972260) Atualização de Segurança para Windows Internet Explorer 8 (KB974455) Atualização de Segurança para Windows Internet Explorer 8 (KB976325) Atualização de Segurança para Windows Internet Explorer 8 (KB978207) Atualização de Segurança para Windows XP (KB971468) Atualização de Segurança para Windows XP (KB975560) Atualização de Segurança para Windows XP (KB975561) Atualização de Segurança para Windows XP (KB975713) Atualização de Segurança para Windows XP (KB977165) Atualização de Segurança para Windows XP (KB977914) Atualização de Segurança para Windows XP (KB978037) Atualização de Segurança para Windows XP (KB978251) Atualização de Segurança para Windows XP (KB978262) Atualização para Windows Internet Explorer 8 (KB973874) Atualização para Windows Internet Explorer 8 (KB976662) Atualização para Windows Internet Explorer 8 (KB976749) Atualização para Windows Internet Explorer 8 (KB980182) BrOffice.org 3.1 C-Media WDM Audio Driver CCleaner CursorXP EVEREST Home Edition v2.20 Gadwin PrintScreen Google Chrome HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix para Windows XP (KB979306) Java Auto Updater Java 6 Update 18 Junk Mail filter update K-Meleon 1.5.4 en-US (remove only) Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.6) MSXML 4.0 SP2 (KB973688) MV RegClean 5.9 Opera 10.51 Revo Uninstaller 1.85 Safari Update for Microsoft .NET Framework 3.5 SP1 (KB963707) você 9.0 Runtime VIA Rhine-Family Fast-Ethernet Adapter Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Imaging Component Windows Internet Explorer 7 Windows Media Format 11 runtime Wise Registry Cleaner Free 5.21 XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 ==== End Of File =========================== Agradeço Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 Boa Noite! EDSSX <@> Submeta este ficheiro,abaixo,à uma análise em: < VirSCAN.org > <!> D:\Documents and Settings\edsom luis\Configurações locais\temp\14D.tmp\evP.exe <@> Clique em "Enviar arquivo...". <@> Localizado o ficheiro,em seu PC,clique em "Upload" --> Aguarde! <@> Na mensagem,clique em: "Verificar novamente" <@> Concluindo,copie e envie-nos o link ao relatório. <@> Exemplo: Foi verificado o arquivo NodeRefresh.dll,cujo link ao relatório segue abaixo: <@> Link: --> < > 000000000000000000000000 000000000000000000000000 <@> Baixe: < > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Segundo a imagem,mude a opção em "Output" para "Minimal Output". <@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". <@> Marque as caixas: <!> [] LOP check e [] Purity check <@> Clique em: < > --> Aguarde! <@> Poste: <1> OTL.txt <-- <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Abril 6, 2010 Boa noite DigRam Este diretório D:\Documents and Settings\edsom luis\Configurações locais\temp\14D.tmp\evP.exe; segundo a caixa de diálogo, não existe o caminho,verificar o nome . Enquanto estou aqui postando, o avira não pára de apitar; embora não conste nada na quarentena ; pois me pareçe que o avira 2010 não abre a janela de ações . OTL logfile created on: 5/4/2010 21:23:08 - Run 12 OTL by OldTimer - Version 3.2.1.0 Folder = D:\Documents and Settings\edsom luis\Meus documentos\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 511,00 Mb Total Physical Memory | 123,00 Mb Available Physical Memory | 24,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Arquivos de programas Drive C: | 17,28 Gb Total Space | 7,39 Gb Free Space | 42,76% Space Free | Partition Type: FAT32 Drive D: | 59,00 Gb Total Space | 38,82 Gb Free Space | 65,79% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EDIM Current User Name: edsom luis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Documents and Settings\edsom luis\Meus documentos\Downloads\OTL(2).exe (OldTimer Tools) PRC - D:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Arquivos de programas\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - D:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation) PRC - D:\WINDOWS\system32\osk.exe (Microsoft Corporation) PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Arquivos de programas\AlienGUIse\wbload.exe (Stardock Systems, Inc) PRC - D:\Arquivos de programas\CursorXP\CursorXP.exe ( ) PRC - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - D:\WINDOWS\system32\msswchx.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Documents and Settings\edsom luis\Meus documentos\Downloads\OTL(2).exe (OldTimer Tools) MOD - D:\Arquivos de programas\AlienGUIse\wblind.dll (Stardock.Net, Inc) MOD - D:\Arquivos de programas\CursorXP\CurXP0.dll ( ) MOD - D:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc) MOD - D:\Arquivos de programas\AlienGUIse\wbhelp.dll (Stardock.Net, Inc) ========== Win32 Services (SafeList) ========== SRV - (ZeppelinService) -- File not found SRV - (WLSetupSvc) -- File not found SRV - (usnjsvc) -- File not found SRV - (gusvc) -- File not found SRV - (AntiVirService) -- D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SeaPort) -- D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IDriverT) -- D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation) SRV - (MDM) -- D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- D:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- D:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (cpuidlep) -- D:\WINDOWS\system32\drivers\cpuidlep.sys () DRV - (RegGuard) -- D:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (Lbd) -- D:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (VBoxNetAdp) -- D:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxUSBMon) -- D:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.) DRV - (VBoxDrv) -- D:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (avgio) -- D:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- D:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (GbpKm) -- D:\WINDOWS\system32\drivers\GbpKm.sys (GAS Tecnologia) DRV - (rspSanity) -- D:\WINDOWS\system32\drivers\rspSanity32.sys (Resplendence Software Projects Sp.) DRV - (usbaudio) Driver de áudio USB (WDM) -- D:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (xpvcom) -- D:\WINDOWS\system32\drivers\XPVCOM.sys () DRV - (713xTVCard) -- D:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701 IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com IE - HKU\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/webhp?hl=pt-BR" FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: D:\Arquivos de programas\K-Meleon\Plugins [2009/12/05 18:13:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: D:\Arquivos de programas\K-Meleon\Components [2009/12/05 18:13:24 | 000,000,000 | ---D | M] [2009/08/27 21:45:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Extensions [2010/04/02 21:05:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions [2010/01/21 14:31:06 | 000,000,000 | ---D | M] -- D:\Arquivos de programas\Mozilla Firefox\extensions O1 HOSTS File: ([2010/04/02 14:35:58 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKU\S-1-5-21-839522115-1409082233-725345543-1003..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe ( ) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.96.15 189.7.96.16 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (D:\WINDOWS\system32\wbsys.dll) - D:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\WB: DllName - D:\Arquivos de programas\AlienGUIse\fastload.dll - D:\Arquivos de programas\AlienGUIse\fastload.dll (Stardock) O24 - Desktop WallPaper: D:\WINDOWS\InvaderDark1280.bmp O24 - Desktop BackupWallPaper: D:\WINDOWS\InvaderDark1280.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/02 16:53:30 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010/03/20 16:59:08 | 000,000,000 | ---D | M] - C:\autorun(4).inf -- [ FAT32 ] O32 - AutoRun File - [2009/11/14 20:15:58 | 000,000,000 | ---D | M] - C:\autorun(2).inf -- [ FAT32 ] O32 - AutoRun File - [2010/01/02 16:42:56 | 000,000,000 | ---D | M] - C:\autorun(3).inf -- [ FAT32 ] O32 - AutoRun File - [2010/04/02 15:46:52 | 000,000,000 | -HSD | M] - C:\autorun(5).inf -- [ FAT32 ] O32 - AutoRun File - [2010/04/02 15:46:52 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009/11/14 20:15:58 | 000,000,000 | ---D | M] - D:\autorun(2).inf -- [ FAT32 ] O32 - AutoRun File - [2010/01/02 16:42:56 | 000,000,000 | ---D | M] - D:\autorun(3).inf -- [ FAT32 ] O32 - AutoRun File - [2010/03/20 16:59:08 | 000,000,000 | ---D | M] - D:\autorun(4).inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/04/05 19:55:13 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\IObit [2010/04/05 18:39:56 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\edsom luis\Recent [2010/04/05 13:19:50 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\ESET [2010/04/04 21:25:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Software Informer [2010/04/04 21:25:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG [2010/04/04 21:25:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Free Download Manager [2010/04/04 21:25:29 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\edsom luis\Recent(8) [2010/04/04 20:53:33 | 000,000,000 | ---D | C] -- D:\!KillBox [2010/04/04 16:15:06 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Safari [2010/04/04 16:14:32 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Arquivos comuns\Apple [2010/04/04 16:14:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Apple [2010/04/04 16:14:05 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Apple Software Update [2010/04/04 16:14:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\Apple [2010/04/03 13:40:24 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Wise Registry Cleaner [2010/04/03 11:18:20 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Windows Live [2010/04/02 18:47:02 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Ad-Remover [2010/04/02 16:53:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\WinZip [2010/04/02 16:53:14 | 000,000,000 | ---D | C] -- D:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240BC.TMP [2010/04/02 16:11:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Avira [2010/04/02 15:46:50 | 000,000,000 | RHSD | C] -- D:\autorun.inf [2010/04/02 14:55:22 | 000,124,784 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avipbb.sys [2010/04/02 14:55:22 | 000,060,936 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntflt.sys [2010/04/02 14:55:22 | 000,028,520 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\ssmdrv.sys [2010/04/02 14:55:22 | 000,022,360 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntmgr.sys [2010/04/02 14:55:21 | 000,045,416 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntdd.sys [2010/04/02 14:55:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\Avira [2010/04/02 14:55:21 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Avira [2010/04/02 14:44:18 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\edsom luis\Recent(7) [2010/04/02 11:43:55 | 000,000,000 | -HSD | C] -- D:\Recycled [2010/04/01 17:31:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dados de aplicativos\WinZip [2010/04/01 14:32:27 | 000,000,000 | ---D | C] -- D:\Arquivos de programas\Marcos Velasco Security [2010/03/30 23:29:53 | 006,049,917 | ---- | C] (K-Meleon Team) -- D:\Documents and Settings\edsom luis\Meus documentos\K-Meleon1.5.4en-US.exe [2010/03/30 22:11:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/30 22:11:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010/03/30 21:57:57 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\edsom luis\Recent(6) [2010/03/30 21:57:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\edsom luis\Recent(5) [2010/03/29 18:56:01 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\edsom luis\Recent(4) [2010/03/20 16:59:07 | 000,000,000 | ---D | C] -- D:\autorun(4).inf [2009/12/28 01:13:54 | 000,156,160 | ---- | C] (SteelWerX) -- D:\Documents and Settings\edsom luis\swreg.exe [2009/12/28 01:13:54 | 000,006,656 | ---- | C] (keir.net) -- D:\Documents and Settings\edsom luis\md5file.exe [2009/11/20 19:01:18 | 000,832,296 | ---- | C] (Opera Software) -- D:\Arquivos de programas\Arquivos comuns\opera.exe [2009/11/20 19:01:16 | 004,450,088 | ---- | C] (Opera Software) -- D:\Arquivos de programas\Arquivos comuns\opera.dll [2008/12/04 22:08:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET [2007/09/19 10:52:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft [2007/09/19 10:52:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft [2007/09/19 10:33:32 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft [2007/09/19 10:33:32 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft [2002/03/11 06:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- D:\Arquivos de programas\instmsiw.exe [2002/03/11 05:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- D:\Arquivos de programas\instmsia.exe [1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/04/05 21:28:02 | 000,000,464 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job [2010/04/05 21:10:26 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2010/04/05 18:41:04 | 000,002,235 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/04/05 18:37:48 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010/04/05 18:37:38 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010/04/05 18:37:26 | 000,000,012 | ---- | M] () -- D:\WINDOWS\System32\drivers\IncompleteBoot.cnt [2010/04/05 18:35:16 | 002,648,038 | -H-- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\IconCache.db [2010/04/05 13:33:30 | 000,002,262 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010/04/04 21:58:24 | 012,505,088 | ---- | M] () -- D:\Documents and Settings\edsom luis\ntuser.dat [2010/04/04 21:32:36 | 000,000,788 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk [2010/04/03 20:34:16 | 000,000,736 | ---- | M] () -- D:\WINDOWS\win.ini [2010/04/03 20:34:16 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini [2010/04/03 00:34:44 | 000,000,210 | -HS- | M] () -- D:\Documents and Settings\edsom luis\ntuser.ini [2010/04/02 14:55:36 | 000,001,683 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/04/02 13:13:28 | 000,000,003 | ---- | M] () -- D:\WINDOWS\rrxx.dll [2010/04/02 11:19:40 | 003,906,815 | R--- | M] () -- D:\Documents and Settings\edsom luis\Desktop\ComboFix.exe [2010/04/01 14:32:38 | 000,000,917 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk [2010/03/31 19:38:42 | 000,067,584 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\S VT.doc [2010/03/30 23:32:46 | 000,000,642 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\K-Meleon.lnk [2010/03/30 23:30:56 | 006,049,917 | ---- | M] (K-Meleon Team) -- D:\Documents and Settings\edsom luis\Meus documentos\K-Meleon1.5.4en-US.exe [2010/03/30 22:33:08 | 000,002,317 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\Google Chrome.lnk [2010/03/30 22:24:30 | 000,001,524 | ---- | M] () -- D:\Documents and Settings\edsom luis\Desktop\CCleaner.lnk [2010/03/30 22:20:16 | 000,000,536 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk [2010/03/30 22:11:24 | 000,000,640 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/30 19:27:26 | 000,038,912 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\CURRICULO INFORMATICA.doc [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010/03/29 17:34:20 | 000,033,707 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\VT.html [2010/03/25 22:32:42 | 000,015,625 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Laudo 737.odt [2010/03/25 22:31:32 | 000,022,817 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Laudo 737.odt [2010/03/24 13:07:12 | 000,010,958 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Aviso L.odt [2010/03/24 12:59:22 | 000,011,158 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Aviso posto.odt [2010/03/24 11:36:04 | 000,012,581 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\Aviso pericia.odt [2010/03/20 16:33:50 | 000,072,176 | ---- | M] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [2010/03/12 18:02:40 | 000,261,632 | ---- | M] () -- D:\WINDOWS\PEV.exe [2010/03/08 10:53:24 | 000,012,288 | ---- | M] () -- D:\Documents and Settings\edsom luis\Meus documentos\CONTROLE RAIS 2009.doc [1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/04 21:58:23 | 012,505,088 | ---- | C] () -- D:\Documents and Settings\edsom luis\ntuser.dat [2010/04/04 21:37:23 | 000,002,235 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/04/04 21:32:35 | 000,000,788 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk [2010/04/02 19:56:46 | 000,001,578 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/04/02 14:55:34 | 000,001,683 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/04/02 13:13:26 | 000,000,003 | ---- | C] () -- D:\WINDOWS\rrxx.dll [2010/04/01 14:32:36 | 000,000,917 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk [2010/03/30 22:11:23 | 000,000,640 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/29 17:34:18 | 000,033,707 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\VT.html [2010/03/26 23:21:10 | 000,067,584 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\S VT.doc [2010/03/24 13:37:09 | 000,022,817 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Laudo 737.odt [2010/03/24 13:07:10 | 000,010,958 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Aviso L.odt [2010/03/24 11:58:03 | 000,011,158 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Aviso posto.odt [2010/03/24 11:36:01 | 000,012,581 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Aviso pericia.odt [2010/03/23 17:01:12 | 000,015,625 | ---- | C] () -- D:\Documents and Settings\edsom luis\Meus documentos\Laudo 737.odt [2010/02/27 23:16:45 | 000,000,272 | ---- | C] () -- D:\WINDOWS\_delis32.ini [2010/02/23 23:30:49 | 000,000,098 | R--- | C] () -- D:\WINDOWS\System32\drivers\SETUP.INI [2010/02/17 01:06:57 | 000,126,976 | ---- | C] () -- D:\WINDOWS\MSKeyStoreJNI.dll [2010/02/12 16:50:57 | 000,000,008 | RHS- | C] () -- D:\Documents and Settings\edsom luis\ntuser.pol [2010/02/05 17:29:40 | 000,000,064 | ---- | C] () -- D:\WINDOWS\wb.ini [2010/02/04 23:57:03 | 000,000,499 | ---- | C] () -- D:\WINDOWS\System32\Atalho para pxkbf.sys.vir.lnk [2010/02/01 20:31:25 | 000,004,484 | ---- | C] () -- D:\WINDOWS\System32\drivers\cpuidlep.sys [2010/02/01 15:33:07 | 000,027,648 | ---- | C] () -- D:\WINDOWS\System32\AVSredirect.dll.vir.vir [2010/01/31 20:36:02 | 000,000,003 | ---- | C] () -- D:\WINDOWS\System32\rrxx.dll.vir [2010/01/16 16:21:19 | 000,000,003 | ---- | C] () -- D:\WINDOWS\rrxx.dll.vir [2010/01/03 14:46:30 | 000,000,934 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol [2010/01/02 14:15:14 | 000,000,051 | ---- | C] () -- D:\WINDOWS\wininit.ini [2009/12/28 01:13:54 | 000,146,944 | ---- | C] () -- D:\Documents and Settings\edsom luis\catchme.exe [2009/12/28 01:13:54 | 000,051,200 | ---- | C] () -- D:\Documents and Settings\edsom luis\dumphive.exe [2009/12/28 01:13:54 | 000,049,152 | ---- | C] () -- D:\Documents and Settings\edsom luis\vfind.exe [2009/12/28 01:13:54 | 000,040,960 | ---- | C] () -- D:\Documents and Settings\edsom luis\swsc.exe [2009/12/28 01:13:54 | 000,038,400 | ---- | C] () -- D:\Documents and Settings\edsom luis\moveex.exe [2009/12/28 01:13:54 | 000,008,688 | ---- | C] () -- D:\Documents and Settings\edsom luis\run2.hax [2009/12/05 16:47:35 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\edsom luis\ipconfig [2009/12/01 15:16:18 | 000,621,546 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir [2009/12/01 15:16:18 | 000,038,338 | ---- | C] () -- D:\Arquivos de programas\Uninst.isu [2009/12/01 15:16:18 | 000,003,219 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\Acihelp.cnt.vir [2009/11/21 09:56:57 | 000,000,180 | ---- | C] () -- D:\WINDOWS\System32\BsMain.ini [2009/11/20 19:11:28 | 000,015,828 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\license.rtf [2009/11/20 19:00:42 | 000,020,480 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\OUniAnsi.dll [2009/11/20 19:00:24 | 000,653,419 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\encoding.bin [2009/11/18 05:22:15 | 000,000,000 | -H-- | C] () -- D:\Documents and Settings\edsom luis\NTUSER.DAT.tmp.LOG [2009/11/14 19:40:54 | 011,034,624 | ---- | C] () -- D:\Documents and Settings\edsom luis\NTUSER.DAT.bak_jv16pt [2009/11/13 18:19:33 | 000,000,218 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\operaprefs_default.ini [2009/09/17 17:42:12 | 000,001,181 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\ShLog.txt [2009/09/10 15:31:20 | 000,000,506 | ---- | C] () -- D:\WINDOWS\ATICIM.INI [2009/08/26 13:15:46 | 000,011,233 | ---- | C] () -- D:\WINDOWS\System32\fm20enu.dll.zip [2009/08/20 12:06:06 | 126,704,693 | ---- | C] () -- D:\Arquivos de programas\brofficeorg1.cab [2009/08/20 12:04:26 | 009,812,992 | ---- | C] () -- D:\Arquivos de programas\brofficeorg31.msi [2009/08/19 05:39:36 | 000,000,330 | ---- | C] () -- D:\Arquivos de programas\setup.ini [2009/08/14 22:00:32 | 000,000,046 | ---- | C] () -- D:\WINDOWS\Rav.ini [2009/06/17 14:41:58 | 000,003,870 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\lngcode.txt.vir [2009/06/08 19:29:10 | 000,000,036 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\housecall.guid.cache [2009/04/30 11:50:11 | 000,000,041 | ---- | C] () -- D:\WINDOWS\Filzip.ini [2009/04/24 20:16:40 | 000,162,304 | ---- | C] () -- D:\WINDOWS\System32\ztvunrar36.dll [2009/04/24 20:16:40 | 000,077,312 | ---- | C] () -- D:\WINDOWS\System32\ztvunace26.dll [2009/03/27 20:27:53 | 000,002,320 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\operadef6.ini [2009/03/23 22:25:02 | 000,000,129 | ---- | C] () -- D:\WINDOWS\REC-NET.INI [2009/03/16 14:08:40 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\Hlsoft32.dll [2009/03/16 14:08:38 | 000,076,800 | ---- | C] () -- D:\WINDOWS\System32\Hl_enc32.dll [2009/03/16 14:08:37 | 000,031,744 | ---- | C] () -- D:\WINDOWS\System32\Hl_med32.dll [2009/03/16 14:08:35 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\RaisVal.dll [2009/03/16 14:08:34 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\PKWIN32.DLL [2009/03/16 14:08:33 | 000,020,480 | ---- | C] () -- D:\WINDOWS\System32\selar32.dll [2009/02/19 13:29:33 | 000,000,002 | ---- | C] () -- D:\WINDOWS\scanreg.ini [2009/02/18 14:43:08 | 000,111,960 | ---- | C] () -- D:\WINDOWS\System32\INetHTTPFilter.dll [2009/01/18 20:01:53 | 000,262,144 | ---- | C] () -- D:\Documents and Settings\All Users\NTUSER.DAT [2008/12/16 11:36:08 | 000,000,046 | ---- | C] () -- D:\Documents and Settings\edsom luis\.mjsync_pt_BR [2008/11/17 16:19:54 | 000,000,041 | ---- | C] () -- D:\WINDOWS\crw.ini [2008/10/08 20:54:04 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\MSJCE.dll [2008/10/05 15:36:40 | 000,000,826 | ---- | C] () -- D:\Documents and Settings\edsom luis\fixed.WINDOWS.rar [2008/10/05 14:55:21 | 000,000,105 | ---- | C] () -- D:\Documents and Settings\edsom luis\rebuilt.WINDOWS.rar [2008/10/05 14:54:54 | 000,000,826 | ---- | C] () -- D:\Documents and Settings\edsom luis\WINDOWS.rar [2008/10/05 14:50:28 | 086,433,723 | ---- | C] () -- D:\Documents and Settings\edsom luis\Desktop.rar [2008/10/05 14:50:09 | 000,000,256 | ---- | C] () -- D:\Documents and Settings\edsom luis\rebuilt.UserData.rar [2008/10/05 14:50:01 | 000,000,263 | ---- | C] () -- D:\Documents and Settings\edsom luis\UserData.rar [2008/10/05 14:48:39 | 000,004,710 | ---- | C] () -- D:\Documents and Settings\edsom luis\Favoritos.rar [2008/10/05 14:47:06 | 000,027,702 | ---- | C] () -- D:\Documents and Settings\edsom luis\rebuilt.Menu Iniciar.rar [2008/10/05 14:45:58 | 000,029,115 | ---- | C] () -- D:\Documents and Settings\edsom luis\Menu Iniciar.rar [2008/10/05 14:43:56 | 000,049,026 | ---- | C] () -- D:\Documents and Settings\edsom luis\PrivacIE.rar [2008/10/02 19:34:27 | 000,000,520 | ---- | C] () -- D:\Documents and Settings\All Users\Menu Iniciar [2008/09/29 19:22:26 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI [2008/06/27 22:44:10 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\base64.dll [2008/06/27 22:43:47 | 000,132,096 | ---- | C] () -- D:\WINDOWS\System32\Zipdll.dll [2008/06/27 22:43:47 | 000,117,760 | ---- | C] () -- D:\WINDOWS\System32\Unzdll.dll [2008/06/20 21:53:34 | 000,000,025 | ---- | C] () -- D:\WINDOWS\recibo.ini [2008/06/20 21:42:32 | 000,005,361 | ---- | C] () -- D:\WINDOWS\DesinstWRecnet.ini [2008/06/09 10:17:20 | 000,000,301 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\c3nform.vxml.vir [2008/04/03 15:37:06 | 000,027,136 | ---- | C] () -- D:\WINDOWS\System32\WiseDLL.dll [2008/03/26 10:04:42 | 000,002,821 | ---- | C] () -- D:\WINDOWS\TVP3XDrv.ini [2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- D:\WINDOWS\bdoscandellang.ini [2007/09/19 11:23:08 | 000,010,512 | ---- | C] () -- D:\WINDOWS\hpdj3500.ini [2007/09/19 11:08:04 | 000,050,688 | ---- | C] () -- D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/09/19 11:06:07 | 000,000,421 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2007/09/19 10:54:10 | 000,000,210 | -HS- | C] () -- D:\Documents and Settings\edsom luis\ntuser.ini [2007/09/19 10:54:09 | 000,024,576 | -H-- | C] () -- D:\Documents and Settings\edsom luis\ntuser.dat.LOG [2007/03/23 02:00:14 | 000,030,032 | ---- | C] () -- D:\WINDOWS\System32\drivers\XPVCOM.sys [2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\vuins32.dll [2004/03/07 20:16:06 | 000,040,448 | ---- | C] () -- D:\WINDOWS\System32\regobj.dll [2004/02/26 13:35:04 | 000,007,904 | ---- | C] () -- D:\Arquivos de programas\Arquivos comuns\html40_entities.dtd [2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\cmirmdrv.dll [1996/04/03 16:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2008/12/08 20:26:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Newsoft [2009/01/09 11:24:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Playrix Entertainment [2009/02/26 19:04:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\MicroWorld [2009/11/19 02:31:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Iomatic [2010/01/03 04:34:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\PrevxCSI [2010/01/05 19:29:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\VOWSoft [2010/01/29 17:18:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Backup [2009/12/24 17:24:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic [2009/12/24 16:39:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic Anti-Virus PLUS [2009/11/18 03:34:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\TEMP [2010/02/19 12:16:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software [2010/02/19 23:53:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\DriverCure [2010/02/21 12:42:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\FileCure [2010/02/28 11:38:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\ESET [2010/04/01 17:31:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\WinZip [2010/04/04 21:25:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG [2008/10/09 14:22:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Opera [2009/01/08 18:52:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\PlayFirst [2009/09/22 17:51:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\BrOffice.org [2009/11/25 10:38:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\QuickScan [2009/12/05 18:14:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\K-Meleon [2009/12/12 20:34:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GetRightToGo [2010/01/04 21:26:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\IObit [2010/01/26 23:14:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\GlarySoft [2010/01/31 17:04:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Uniblue [2010/02/12 18:25:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DeviceDoctorSoftware [2010/02/16 19:20:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Easeware [2010/02/19 23:53:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\DriverCure [2010/02/28 16:23:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\thecleaner [2010/04/04 21:25:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Free Download Manager [2010/04/04 21:25:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\edsom luis\Dados de aplicativos\Software Informer [2010/04/05 21:28:26 | 000,000,464 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job [2010/04/05 18:35:36 | 000,032,294 | ---- | M] () -- D:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 5/4/2010 21:23:08 - Run 12 OTL by OldTimer - Version 3.2.1.0 Folder = D:\Documents and Settings\edsom luis\Meus documentos\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 511,00 Mb Total Physical Memory | 123,00 Mb Available Physical Memory | 24,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Arquivos de programas Drive C: | 17,28 Gb Total Space | 7,39 Gb Free Space | 42,76% Space Free | Partition Type: FAT32 Drive D: | 59,00 Gb Total Space | 38,82 Gb Free Space | 65,79% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EDIM Current User Name: edsom luis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hta [@ = ] -- Reg Error: Key error. File not found .html [@ = K-Meleon.HTML] -- D:\Arquivos de programas\K-Meleon\K-Meleon.exe (http://kmeleon.sf.net/) [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "D:\Arquivos de programas\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "UacDisableNotify" = 0 "UpdatesDisableNotify" = 0 "FirstRunDisabled" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Arquivos de programas\Arquivos comuns\opera.exe" = D:\Arquivos de programas\Arquivos comuns\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "D:\Arquivos de programas\Java\jre6\bin\javaw.exe" = D:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "D:\Arquivos de programas\Opera\opera.exe" = D:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = você 9.0 Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.1 - Português "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE853177-215B-4C6D-AB90-3DCE66BA7D75}" = BrOffice.org 3.1 "{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AlienGUIse Theme Manager" = AlienGUIse Theme Manager "CCleaner" = CCleaner "C-Media Audio Driver" = C-Media WDM Audio Driver "CursorXP" = CursorXP "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Gadwin PrintScreen" = Gadwin PrintScreen "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "K-Meleon" = K-Meleon 1.5.4 en-US (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MV RegClean 5.9_is1" = MV RegClean 5.9 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Revo Uninstaller" = Revo Uninstaller 1.85 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.21 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2/4/2010 17:52:46 | Computer Name = EDIM | Source = VSS | ID = 4001 Description = Erro do serviço de cópias de sombra de volume: não é possível encontrar áreas de comparação para criar cópias de sombra. Adicione pelo menos uma unidade NTFS ao sistema com espaço livre suficiente. O espaço livre necessário é de pelo menos 100 Mb para o backup ou a cópia de sombra de cada volume. Error - 2/4/2010 17:52:47 | Computer Name = EDIM | Source = VSS | ID = 4001 Description = Erro do serviço de cópias de sombra de volume: não é possível encontrar áreas de comparação para criar cópias de sombra. Adicione pelo menos uma unidade NTFS ao sistema com espaço livre suficiente. O espaço livre necessário é de pelo menos 100 Mb para o backup ou a cópia de sombra de cada volume. Error - 2/4/2010 17:55:18 | Computer Name = EDIM | Source = VSS | ID = 4001 Description = Erro do serviço de cópias de sombra de volume: não é possível encontrar áreas de comparação para criar cópias de sombra. Adicione pelo menos uma unidade NTFS ao sistema com espaço livre suficiente. O espaço livre necessário é de pelo menos 100 Mb para o backup ou a cópia de sombra de cada volume. Error - 2/4/2010 18:38:38 | Computer Name = EDIM | Source = MSDTC | ID = 4163 Description = O arquivo de log do MS DTC não foi encontrado. Após certificar-se de que todos os gerenciadores de recursos coordenados pelo MS DTC não tenham transações em dúvida, execute o msdtc -resetlog para criar o arquivo de lo Error - 2/4/2010 18:38:38 | Computer Name = EDIM | Source = MSDTC | ID = 4185 Description = Falha na inicialização do 'Gerenciador de transações' do MS DTC. LogInit retornou o erro 0x Error - 2/4/2010 18:38:38 | Computer Name = EDIM | Source = MSDTC | ID = 4112 Description = Não foi possível iniciar o 'Gerenciador de transações' do MS DT Error - 2/4/2010 18:38:40 | Computer Name = EDIM | Source = VSS | ID = 4001 Description = Erro do serviço de cópias de sombra de volume: não é possível encontrar áreas de comparação para criar cópias de sombra. Adicione pelo menos uma unidade NTFS ao sistema com espaço livre suficiente. O espaço livre necessário é de pelo menos 100 Mb para o backup ou a cópia de sombra de cada volume. Error - 2/4/2010 18:40:47 | Computer Name = EDIM | Source = VSS | ID = 4001 Description = Erro do serviço de cópias de sombra de volume: não é possível encontrar áreas de comparação para criar cópias de sombra. Adicione pelo menos uma unidade NTFS ao sistema com espaço livre suficiente. O espaço livre necessário é de pelo menos 100 Mb para o backup ou a cópia de sombra de cada volume. Error - 3/4/2010 09:49:52 | Computer Name = EDIM | Source = PerfNet | ID = 2004 Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho do servidor não serão retornados. O código de erro retornado está no dado DWORD 0. Error - 5/4/2010 10:14:05 | Computer Name = EDIM | Source = PerfNet | ID = 2004 Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho do servidor não serão retornados. O código de erro retornado está no dado DWORD 0. [ System Events ] Error - 4/4/2010 10:14:41 | Computer Name = EDIM | Source = sr | ID = 1 Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001' ao processar o arquivo '' no volume 'HarddiskVolume2'. O monitoramento do volume foi interrompido. Error - 4/4/2010 10:15:43 | Computer Name = EDIM | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: NtTdiDr Error - 4/4/2010 20:27:11 | Computer Name = EDIM | Source = sr | ID = 1 Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001' ao processar o arquivo '' no volume 'HarddiskVolume2'. O monitoramento do volume foi interrompido. Error - 4/4/2010 20:27:36 | Computer Name = EDIM | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: NtTdiDr Error - 4/4/2010 21:23:27 | Computer Name = EDIM | Source = sr | ID = 1 Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001' ao processar o arquivo '' no volume 'HarddiskVolume2'. O monitoramento do volume foi interrompido. Error - 4/4/2010 21:23:54 | Computer Name = EDIM | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: NtTdiDr Error - 5/4/2010 10:13:58 | Computer Name = EDIM | Source = sr | ID = 1 Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001' ao processar o arquivo '' no volume 'HarddiskVolume2'. O monitoramento do volume foi interrompido. Error - 5/4/2010 10:14:35 | Computer Name = EDIM | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: NtTdiDr Error - 5/4/2010 17:37:55 | Computer Name = EDIM | Source = sr | ID = 1 Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001' ao processar o arquivo '' no volume 'HarddiskVolume2'. O monitoramento do volume foi interrompido. Error - 5/4/2010 17:38:21 | Computer Name = EDIM | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: NtTdiDr [ TuneUp Events ] Error - 20/4/2009 13:04:07 | Computer Name = EDIM | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > Abraços e obrigado Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 Boa Noite! EDSSX <@> Execute o OTL.exe. <@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes ) :filesD:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini D:\Documents and Settings\edsom luis\Configurações locais\temp\14D.tmp\evP.exe D:\Documents and Settings\edsom luis\Configurações locais\temp\14D.tmp D:\!KillBox :otl O34 - HKLM BootExecute: (autocheck autochk *) - File not found [1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] :services ZeppelinService WLSetupSvc usnjsvc gusvc :Commands [resethosts] [purity] [emptytemp] [Reboot] <@> Clique no botão Run Fix --> Aguarde a conclusão! <@> Terminando,vá até a pasta: D:\_OTL\MovedFiles\*.log <-- Poste! 00000000000000000000 00000000000000000000 <@> Baixe: < > <@> < Link - 2 > <@> < Link - 3 > <@> Atualize o programa! <@> Escolha o escaneamento Completo! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme! <@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. <@> Para maiores detalhes: < Link > <@> Poste: mbam-log-2010-xx-xx (00-00-00).txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Abril 6, 2010 Boa noite Segue: All processes killed ========== FILES ========== D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. File\Folder D:\Documents and Settings\edsom luis\Configurações locais\temp\14D.tmp\evP.exe not found. File\Folder D:\Documents and Settings\edsom luis\Configurações locais\temp\14D.tmp not found. D:\!KillBox\Logs folder moved successfully. D:\!KillBox folder moved successfully. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. D:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240BC.TMP folder deleted successfully. ========== SERVICES/DRIVERS ========== Service ZeppelinService stopped successfully! Service ZeppelinService deleted successfully! Service WLSetupSvc stopped successfully! Service WLSetupSvc deleted successfully! Service usnjsvc stopped successfully! Service usnjsvc deleted successfully! Service gusvc stopped successfully! Service gusvc deleted successfully! ========== COMMANDS ========== D:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 247523 bytes User: edsom luis ->Temp folder emptied: 970278 bytes ->Temporary Internet Files folder emptied: 33775 bytes ->Java cache emptied: 5154 bytes ->FireFox cache emptied: 82360932 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 1029421 bytes ->Flash cache emptied: 434 bytes User: Administrador ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 3566793 bytes ->Flash cache emptied: 564 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 84,00 mb OTL by OldTimer - Version 3.2.1.0 log created on 04052010_225107 Files\Folders moved on Reboot... D:\Documents and Settings\edsom luis\Configurações locais\Temp\Perflib_Perfdata_590.dat moved successfully. Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Versão da Base de Dados: 3958 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/4/2010 23:07:01 mbam-log-2010-04-05 (23-07-01).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 180061 Tempo decorrido: 40 minuto(s), 24 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 Boa Noite! EDSSX <@> Abra o OTL.exe --> Clique em --> Aguarde! <@> Na solicitação,clique OK --> Reinicie o computador! 00000000000000000 00000000000000000 <@> Acesse: < Kaspersky Online Scanner > <@> Clique em Accept. <@> Na janela "Segurança do Java",clique em Aceitar. <@> Aguarde a atualização do banco de dados. ( Update em 100% ) <@> Ps: Desabilite seu antivírus ou firewall. <@> Dê início ao scan,clicando em "My Computer",dentre outras opções. <@> Ps: Para um escaneamento mais rápido,escolha: "Critical areas" <@> Terminando,obtenha o relatório clicando em "View report". <@> Poste-o na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Abril 6, 2010 No momento de atualizar consta : Se da Ok trava a atualização do banco de dados; coincidencia ou não a janela do maldito plugin apareçe . Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 Opa! EDSSX <@> Aborte o procedimento com o Kaspersky. <@> Desinstale o Java e,até surgir uma solução para o problema,navegue neste Fórum utilizando o Firefox. 00000000000000000000 00000000000000000000 <@> Baixe: < > <@> Ps: Este complemento,adicionado ao Firefox,bloqueará o plugin malicioso e seus efeitos. <@> Ps: Para baixar,clique em download. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Abril 10, 2010 Boa noite Certo ,e depois ; sigo ? Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 10, 2010 Boa noite Certo ,e depois ; sigo ? Abraços ////////////\\\\\\\\\\\ Bom Dia! EDSSX <!> Depois? Averigue se o problema continua,após a instalação do complemento. ( NoScript ) <!> Ps: Aqui,pelo menos,não tenho mais observado o pedido da instalação do plugin malicioso. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
EDSSX 0 Denunciar post Postado Abril 13, 2010 Boa noite Ok, perfeito ; aqui também não consta . Abraços e obrigado Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 13, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
