[Resolvido!] Banner's

[DigRam 144]

 

PS: tentei mover todos os objetos que apareceram, marquei todas as caixinhas e cliquei em mover para quarentena... mas ficaram 2 que dizem o seguinte quando tento enviar para quarentena: "C:\Users\User\AppData\Roaming\Microsoft\Windows cannot be deleted! Please remove the write protection"

E ficam ali, não vão para quarentena, continuam ali marcados no diagnóstico.

 

:huh:

/////////////\\\\\\\\\\\\\

Opa! nando_xd

 

<!> Com certeza,são falsos positivo. Pode ignorá-los!

0000000000000000000

0000000000000000000

<@> Clique no botão Run Fix --> Aguarde a conclusão!

<!> Repita o procedimento com o script,no OTL,já que houve um erro ao clicar em Run Scan.

<!> Clique,portanto,em Run Fix --> Poste o relatório ao concluir!

 

Abraços!

[nando_xd 0]

Segue abaixo o LOG do OTL com as mesmas linhas

":files

C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

C:\Users\User\AppData\Local\Temp\update_flash11.0.4b.exe

C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785

C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651

:otl

O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found

O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Commands

[purity]

[emptytemp]

[Reboot]" :

 

OTL logfile created on: 07/04/2010 22:47:18 - Run 2

OTL by OldTimer - Version 3.2.1.0 Folder = D:\

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,73 Gb Total Space | 18,59 Gb Free Space | 38,16% Space Free | Partition Type: NTFS

Drive D: | 99,90 Gb Total Space | 53,18 Gb Free Space | 53,23% Space Free | Partition Type: NTFS

Drive E: | 325,00 Mb Total Space | 72,97 Mb Free Space | 22,45% Space Free | Partition Type: NTFS

Drive F: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - [2010/04/07 19:32:37 | 001,713,152 | ---- | M] () -- C:\Users\User\tempc.exe

PRC - [2010/04/07 09:05:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

PRC - [2010/02/18 10:20:12 | 000,054,048 | ---- | M] ( ) -- C:\PROGRA~1\GbPlugin\GbpSv.exe

PRC - [2010/02/09 10:46:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe

PRC - [2010/02/09 10:46:29 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

PRC - [2010/01/28 19:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe

PRC - [2009/07/24 14:05:24 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe

PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/04/07 09:05:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

MOD - [2009/07/13 22:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 22:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 22:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 22:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 22:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 22:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 22:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 22:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/13 22:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/02/18 10:20:12 | 000,054,048 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~1\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2010/02/03 14:56:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)

SRV - [2009/07/13 22:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 22:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 22:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 22:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 22:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 22:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 22:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 22:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/07/13 22:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 22:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 22:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 22:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 22:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 22:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador do ActiveX (AxInstSV)

SRV - [2009/07/13 22:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 22:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: ([2010/02/09 11:06:31 | 000,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [gbpkm] C:\Users\User\tempc.exe ()

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2009/09/21 16:58:33 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/04/07 17:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\GetRight

[2010/04/07 17:42:05 | 000,000,000 | ---D | C] -- C:\Downloads

[2010/04/07 10:39:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\a-squared Free

[2010/04/07 10:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free

[2010/04/07 09:01:20 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/04/06 22:51:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Real

[2010/04/06 20:17:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/04/06 20:17:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm

[2010/04/06 20:17:49 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2010/04/06 20:17:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2010/04/06 20:17:48 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll

[2010/04/06 20:17:48 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll

[2010/04/06 20:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/03/02 13:50:49 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

 

========== Files - Modified Within 14 Days ==========

 

[2010/04/07 22:49:00 | 002,621,440 | -HS- | M] () -- C:\Users\User\NTUSER.DAT

[2010/04/07 22:32:46 | 000,008,704 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/07 19:33:49 | 000,000,000 | ---- | M] () -- C:\Users\User\wm0703.bin

[2010/04/07 19:32:40 | 000,000,000 | ---- | M] () -- C:\Users\User\mob103.bin

[2010/04/07 19:32:37 | 001,713,152 | ---- | M] () -- C:\Users\User\tempc.exe

[2010/04/07 19:32:28 | 000,247,296 | ---- | M] () -- C:\Users\User\tempb.exe

[2010/04/07 19:32:25 | 000,000,000 | ---- | M] () -- C:\Users\User\loda0703.bin

[2010/04/07 17:55:45 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/04/07 17:55:45 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/04/07 17:55:21 | 001,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/04/07 17:55:21 | 000,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2010/04/07 17:55:21 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/04/07 17:55:21 | 000,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2010/04/07 17:55:21 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/04/07 17:50:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/04/07 17:50:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/04/07 17:50:25 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/04/07 17:49:41 | 001,373,697 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db

[2010/03/27 03:11:31 | 000,111,513 | ---- | M] () -- C:\Windows\System32\C_B-SLemLmKu.exe

 

========== Files Created - No Company Name ==========

 

[2010/04/07 19:33:49 | 000,000,000 | ---- | C] () -- C:\Users\User\wm0703.bin

[2010/04/07 19:32:40 | 000,000,000 | ---- | C] () -- C:\Users\User\mob103.bin

[2010/04/07 19:32:28 | 001,713,152 | ---- | C] () -- C:\Users\User\tempc.exe

[2010/04/07 19:32:25 | 000,247,296 | ---- | C] () -- C:\Users\User\tempb.exe

[2010/04/07 19:32:25 | 000,000,000 | ---- | C] () -- C:\Users\User\loda0703.bin

[2010/04/07 12:18:11 | 000,008,704 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/06 20:17:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/04/06 20:17:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/04/06 20:17:49 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2010/04/06 20:17:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2010/04/06 20:17:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/04/06 20:17:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/04/06 20:17:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/04/06 20:17:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/03/27 03:11:31 | 000,111,513 | ---- | C] () -- C:\Windows\System32\C_B-SLemLmKu.exe

[2010/02/04 07:22:42 | 000,001,240 | RHS- | C] () -- C:\Users\User\ntuser.pol

[2010/02/03 14:48:37 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/03 12:58:15 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini

[2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010/02/03 12:58:14 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010/02/03 12:58:13 | 000,262,144 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG1

[2010/02/03 12:58:13 | 000,000,000 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG2

[2010/02/03 12:58:12 | 002,621,440 | -HS- | C] () -- C:\Users\User\NTUSER.DAT

[2009/07/24 14:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini

[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2004/08/13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

 

========== LOP Check ==========

 

[2010/02/03 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit

[2010/04/07 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRight

[2010/04/07 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent

[2009/07/14 01:53:46 | 000,022,436 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< :files >

 

< C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >

[2010/04/07 22:32:46 | 000,008,704 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

< C:\Users\User\AppData\Local\Temp\update_flash11.0.4b.exe >

[2010/04/07 22:48:56 | 000,201,216 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\update_flash11.0.4b.exe

[20 C:\Users\User\AppData\Local\Temp\*.tmp files -> C:\Users\User\AppData\Local\Temp\*.tmp -> ]

 

< C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 >

 

< C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 >

 

< :otl >

 

< O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found >

 

< O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found >

 

< O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found >

Invalid Switch: pagefile) - File not found

 

< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >

 

< :Commands >

 

< [purity] >

 

< [emptytemp] >

 

< [Reboot] >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\Windows\System32:D8655249_Bb.gbp

 

< End of report >

[DigRam 144]

Opa! nando_xd

 

<!> Ainda está incorreto,onde as informações que estão na Quote,deverão ser coladas no campo "Custom Scan Fixes". Após isso,clique em Run Fix.

<!> Ps: Para novas versões,do OTL,o botão é "Consertar".

 

 

<!> Ps: Talvez a imagem que "printei",lhe ajude nesse procedimento.

<!> Portanto,repita a operação e poste o relatório.

 

Abraços!

[nando_xd 0]

Ahh desculpe-me DigRam, mas o meu OTL está em Português... e quando você falava "Run Fix" eu fazia verificação... verificação rápida... desculpe a leseira :P

 

Então conforme dito... coloquei o "Quote" no "Custom Scan Fixes" e cliquei em "Consertar (Run Fix)", ele fez a ação, e reiniciou o computador dizendo que para concluir tinha que reiniciar... após o reinício apareceu uma telinha com bloco de notas... que deduso que seja o relatório, portanto segue abaixo:

 

All processes killed

========== FILES ==========

C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\Users\User\AppData\Local\Temp\update_flash11.0.4b.exe moved successfully.

File\Folder C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 not found.

File\Folder C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 not found.

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mspaint not found.

Registry value HKEY_USERS\S-1-5-21-2689009215-47470672-3141352987-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: User

->Temp folder emptied: 2649053 bytes

->Temporary Internet Files folder emptied: 315706944 bytes

->Java cache emptied: 408399 bytes

->Flash cache emptied: 14131 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6738 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 304,00 mb

 

 

OTL by OldTimer - Version 3.2.1.0 log created on 04082010_092553

 

Files\Folders moved on Reboot...

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJT16T0R\ads[1].htm moved successfully.

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJT16T0R\ads[2].htm moved successfully.

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJT16T0R\triple-sua-videncia-gratuita[1].html moved successfully.

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51FZYV3C\ads[1].htm moved successfully.

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51FZYV3C\barra[1].htm moved successfully.

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51FZYV3C\index[3].htm moved successfully.

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

_________________________________________________________________________________________________________________________

 

Grato por sua atenção Dig, aguardando próximo passo ^^

 

Abrass

[DigRam 144]

Bom Dia! nando_xd

 

<@> Abra o OTL.exe --> Clique em --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

0000000000000000000000

0000000000000000000000

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

< >

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

< >

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

0000000000000000000000

0000000000000000000000

<!> Creio ser este o último procedimento,já que seus logs estão limpos.

<!> Ps: Caso o problema continue,busque configurar seu navegador ( IE8 ),no bloqueio desses banners.

 

Abraços!

[nando_xd 0]

Relatório após conclusão da ação do UsbFix:

 

 

############################## | UsbFix V6.100 |

 

User : User (Administrators) # USER-PC

Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 10:54:14 | 08/04/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 X2 Dual Core Processor 5200+

Microsoft Windows 7 Ultimate (6.1.7600 32-bit) #

Internet Explorer 8.0.7600.16385

Windows Firewall Status : Enabled

 

C:\ -> Local Fixed Disk # 48,73 Go (20,08 Go free) # NTFS

D:\ -> Local Fixed Disk # 99,9 Go (52,34 Go free) # NTFS

E:\ -> Local Fixed Disk # 325 Mo (72,97 Mo free) [Drivers] # NTFS

F:\ -> CD-ROM Disc # 5,48 Go (0 Mo free) [sims3EP01] # UDF

G:\ -> CD-ROM Disc

 

################## | Elements infectieux |

 

Supprimé ! C:\Users\User\tempb.exe

Supprimé ! C:\Users\User\tempb.exe

Supprimé ! C:\$Recycle.Bin\S-1-5-21-2689009215-47470672-3141352987-1000

Supprimé ! D:\$Recycle.Bin\S-1-5-20

Supprimé ! D:\$Recycle.Bin\S-1-5-21-2689009215-47470672-3141352987-1000

Supprimé ! D:\$Recycle.Bin\S-1-5-21-2694784162-560903043-405529356-1000

Supprimé ! E:\$Recycle.Bin\S-1-5-21-2689009215-47470672-3141352987-1000

(!) Non supprimé ! F:\autorun.inf

 

################## | Registre |

 

 

################## | Mountpoints2 |

 

Supprimé ! HKCU\...\Explorer\MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\Command

 

################## | Listing des fichiers présent |

 

[10/06/2009 18:42|--a------|24] C:\autoexec.bat

[10/06/2009 18:42|--a------|10] C:\config.sys

[?|?|?] C:\hiberfil.sys

[?|?|?] C:\pagefile.sys

[08/04/2010 10:56|--a------|1597] C:\UsbFix.txt

[27/03/2010 09:51|--a------|26624] D:\Curr¡culum Vitae @ Luiz Fernando Cassal.doc

[08/04/2010 10:45|--a------|1776011] D:\UsbFix.exe

[24/03/2010 21:33|--a------|319792] D:\utorrent.exe

[27/03/2010 09:51|--ah-----|162] D:\~$rr¡culum Vitae.doc

[22/10/2009 21:25|-ra------|12292] F:\.DS_Store

[22/10/2009 21:40|-ra------|267] F:\.hidden

[14/10/2009 05:23|-ra------|54544] F:\Autorun.exe

[21/09/2009 16:58|-ra------|49] F:\Autorun.inf

[19/06/2008 22:06|-ra------|555520] F:\ISSetup.dll

[21/09/2009 16:58|-ra------|67812] F:\Sims3EP01.ico

[23/10/2009 06:42|-ra------|398608] F:\Sims3EP01Setup.exe

[05/03/2009 17:33|-ra------|319488] F:\_Setup.dll

[23/10/2009 06:38|-ra------|3246836] F:\data1.cab

[23/10/2009 06:38|-ra------|196908] F:\data1.hdr

[23/10/2009 06:42|-ra------|512] F:\data2.cab

[06/08/2009 23:44|-ra------|10134] F:\eauninstall.ico

[23/10/2009 06:42|-ra------|24930] F:\layout.bin

[16/10/2009 17:32|-ra------|170967] F:\setup.gif

[23/10/2009 06:38|-ra------|690] F:\setup.ini

[23/10/2009 06:38|-ra------|282268] F:\setup.inx

[16/10/2009 17:32|-ra------|281479] F:\setup.isn

[23/10/2009 06:38|-ra------|147] F:\skuversion.txt

 

################## | Vaccination |

 

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

 

################## | Upload |

 

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_User-PC.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Merci pour votre contribution .

 

################## | ! Fin du rapport # UsbFix V6.100 ! |

__________________________________________________________________________________________________________________________________________________

 

Bem, agora com o tempo verei se funcionou né... se de fato desapareceram de vez os banner's.

[nando_xd 0]

Muito obrigado por "perder" seu tempo em me ajudar Dig...

e uma última dúvida...

 

 

Onde posso ter pego esse vírus, spyware, sei lá como chamar... que ficava aparecendo os banner's ?? não costumo clicar em coisas que desconheço ou suspeitas... talvez posso ter clicado em alguma propaganda... que pode ter me infectado ? o que pode ter sido a causa ?

 

e uma última coisinha mesmo... ;X

 

 

 

Conforme na "SS 01", lá embaixo está "desativado o modo protegido".

 

Conforme na "SS 02", Só no ítem "Sites Restritos" está ativado aquela marcação, "Habilitar Modo Portegido (requer a reinicialização do Internet Explorer)", me aconselhas a ativar em todos os itens (Internet, Internet Local, Sites Confiáveis) ?

 

Ou deixa assim mesmo ?

 

Qual sua opinião e indicação sobre isso ?

 

PS: Só eu uso esse computador e evito entrar em sites desconhecidos, LINK's estranhos ou algo que possa ser uma ameaça, sou muito cuidadoso com meu computador, porisso peço-lhe este conselho.

 

Obrigado amigão

 

Abraço, tudo de bom e um ótimo trabalho ;)

[DigRam 144]

Boa Tarde! nando_xd

 

################## | Upload |

 

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_User-PC.zip : http://chiquitine.ch...mple/Upload.php

Merci pour votre contribution.

<!> Contribua,caso queira,"upando" o ficheiro em destaque.

0000000000000000000000

0000000000000000000000

Onde posso ter pego esse vírus, spyware, sei lá como chamar... que ficava aparecendo os banner's ?? não costumo clicar em coisas que desconheço ou suspeitas... talvez posso ter clicado em alguma propaganda... que pode ter me infectado ? o que pode ter sido a causa ?

<!> Impossível determinar! Já que falhas de seguridade ou ajustes,ao navegador,propiciam tais ataques.

0000000000000000000000

0000000000000000000000

Conforme na "SS 02", Só no ítem "Sites Restritos" está ativado aquela marcação, "Habilitar Modo Portegido (requer a reinicialização do Internet Explorer)", me aconselhas a ativar em todos os itens (Internet, Internet Local, Sites Confiáveis) ?

 

Ou deixa assim mesmo ?

<!> Pode deixar assim mesmo,onde em "Sites Restritos" o nível pode ser ajustado em "Alto".

0000000000000000000000

<!> Seus logs estão limpos! :)

<!> Tudo Ok?

 

Abraços!

[nando_xd 0]

Sim, muito obrigado por sua ajuda DigRam :joia:

 

Abração. até mais :lol:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.