Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
HSES

Pc voltou a desligar sozinho

Recommended Posts

HSES    0

Boa Noite !

Estou usando o mesmo/navegando na internet e de repente siux .

DDS (Ver_09-07-30.01) - FAT32x86

Run by edsom luis at 23:04:53,92 on 23/09/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.146 [GMT -3:00]

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

D:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

D:\WINDOWS\System32\svchost.exe -k eapsvcs

D:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer

mWindow Title =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [Gadwin PrintScreen] d:\arquivos de programas\gadwin systems\printscreen\PrintScreen.exe /nosplash

uRun: [Google Update] "d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

mRun: [GrooveMonitor] "d:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [avgnt] "d:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "d:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - d:\arquivos de programas\broffice.org 3\program\quickstart.exe

StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - d:\arquivos de programas\broffice.org 3\program\quickstart.exe

uPolicies-explorer: NoRealMode = 0 (0x0)

uPolicies-explorer: NoFileUrl = 0 (0x0)

uPolicies-explorer: NoUpdateCheck = 0 (0x0)

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179}

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\arquiv~1\micros~2\office12\GR99D3~1.DLL

Notify: WB - d:\arquivos de programas\alienguise\fastload.dll

AppInit_DLLs: d:\windows\system32\wbsys.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\r46u2xkd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npOGAPlugin.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npdsplay.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\NPOFF12.DLL

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\NPSWF32.dll

FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npwmsdrm.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.cache_size", 51200);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.ogg.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.wave.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.dpi", -1);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("geo.enabled", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160]

R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-8-28 11608]

R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [2009-7-27 148496]

R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [2009-4-29 148496]

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-8-28 108289]

R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-8-28 185089]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 55656]

R2 SeaPort;SeaPort;d:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568]

S0 Partizan;Partizan;d:\windows\system32\drivers\partizan.sys --> d:\windows\system32\drivers\Partizan.sys [?]

S1 lgalcafo;lgalcafo; [x]

S1 nlaljkbk;nlaljkbk; [x]

S2 cpuz132;cpuz132; [x]

S2 GbpSv;Gbp Service; [x]

S3 72568;72568; [x]

S3 9235D;9235D; [x]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x]

S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136]

============== File Associations ===============

inifile=Notepad.exe "%1"

=============== Created Last 30 ================

2009-09-22 23:16 <DIR> --dsh--- D:\Recycled

2009-09-22 23:02 <DIR> --d----- D:\ComboFix

2009-09-22 17:51 <DIR> --d----- d:\docume~1\edsoml~1\dadosd~1\BrOffice.org

2009-09-22 17:50 <DIR> --d----- d:\documents and settings\edsom luis\Gabaritos

2009-09-22 17:49 <DIR> --d----- d:\arquivos de programas\BrOffice.org 3

2009-09-22 17:42 <DIR> --d----- d:\arquivos de programas\redist

2009-09-22 17:42 <DIR> --d----- d:\arquivos de programas\readmes

2009-09-22 17:42 <DIR> --d----- d:\arquivos de programas\licenses

2009-09-22 17:35 <DIR> --d----- D:\FOUND.002

2009-09-22 17:28 <DIR> --d----- d:\arquivos de programas\Q SO NADA OFBR SDQVTIA123

2009-09-22 01:45 <DIR> --d----- d:\arquivos de programas\Marcos Velasco Security

2009-09-21 23:04 <DIR> --d----- d:\arquivos de programas\Microsoft Office Outlook Connector

2009-09-21 10:43 <DIR> --d----- D:\FOUND.001

2009-09-21 01:09 <DIR> --d----- D:\UsbFix

2009-09-21 00:58 98,816 a------- d:\windows\sed.exe

2009-09-20 23:45 <DIR> --d----- d:\arquivos de programas\Microsoft Visual Studio 8

2009-09-18 13:14 <DIR> --d----- d:\documents and settings\edsom luis\.VirtualBox

2009-09-18 13:11 115,856 a------- d:\windows\system32\drivers\VBoxDrv.sys

2009-09-18 13:11 91,856 a------- d:\windows\system32\drivers\VBoxNetAdp.sys

2009-09-18 13:10 41,424 a------- d:\windows\system32\drivers\VBoxUSBMon.sys

2009-09-18 13:09 <DIR> --d----- d:\arquivos de programas\Sun

2009-09-18 00:36 <DIR> --d----- D:\FOUND.000

2009-09-17 17:43 29,584 a------- d:\windows\system32\drivers\regguard.sys

2009-09-17 17:42 2 a----r-- d:\windows\winstart.bat.vi

2009-09-17 17:41 57,556 a------- d:\windows\guard.bmp

2009-09-17 11:12 73,728 a------- d:\windows\system32\javacpl.cpl

2009-09-16 21:31 <DIR> --d----- D:\SDFix

2009-09-16 21:22 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2009-09-16 00:53 <DIR> --d----- d:\windows\SxsCaPendDel

2009-09-14 18:30 229,888 a------- d:\windows\PEV.exe

2009-09-14 18:30 161,792 a------- d:\windows\SWREG.exe

2009-09-14 18:30 98,816 a------- d:\windows\Sed.exe.vi

2009-09-12 22:49 <DIR> --d----- d:\arquivos de programas\Lavalys

2009-09-12 18:25 45 a------- d:\windows\system32\initdebug.nfo

2009-09-12 14:10 229,376 a------- d:\windows\system32\XTAB.ocx

2009-09-12 12:43 28,544 a------- d:\windows\system32\drivers\pavboot.sys

2009-09-12 00:03 <DIR> --d----- D:\Lop SD

2009-09-11 22:36 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Avanquest

2009-09-11 22:31 <DIR> --d--r-- D:\_Backup.RC

2009-09-11 22:30 <DIR> --d----- D:\_Backup

2009-09-11 17:13 64,160 a------- d:\windows\system32\drivers\Lbd.sys

2009-09-11 14:30 54 a------- d:\windows\system32\rp_stats.dat

2009-09-11 14:30 44 a------- d:\windows\system32\statistics.dat

2009-09-11 14:30 39 a------- d:\windows\system32\rp_rules.dat

2009-09-10 16:14 148,496 a------- d:\windows\system32\drivers\45927166.sys

2009-09-10 15:31 506 a------- d:\windows\ATICIM.INI

2009-09-09 20:15 133,648 a------- d:\windows\system32\VBoxNetFltNotify.dll

2009-09-09 20:15 100,368 a------- d:\windows\system32\drivers\VBoxNetFlt.sys

2009-09-09 16:21 <DIR> --d----- D:\ATI

2009-09-09 10:33 153,088 -------- d:\windows\system32\dllcache\triedit.dll

2009-09-08 19:01 579,072 a------- d:\windows\system32\dllcache\user32.dll

2009-09-02 16:09 81,920 -------- d:\windows\system32\ieencode.dll

2009-09-02 15:59 <DIR> --d----- d:\windows\system32\CatRoot_bak

2009-09-02 10:01 100,352 -------- d:\windows\system32\dllcache\iecompat.dll

2009-09-01 10:27 <DIR> --d----- d:\windows\system32\wbem\Repository

2009-08-30 20:56 148,496 a------- d:\windows\system32\drivers\04553182.sys

2009-08-28 22:10 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Avira

2009-08-28 22:09 <DIR> --d----- d:\documents and settings\all users\Modelos

2009-08-28 20:47 <DIR> --d----- d:\windows\system32\wbem\snmp

2009-08-28 20:47 <DIR> --d----- d:\windows\system32\xircom

2009-08-28 20:47 <DIR> --d----- d:\windows\system32\ime

2009-08-28 20:47 <DIR> --d----- d:\windows\system32\drivers\disdn

2009-08-28 20:47 <DIR> --d----- d:\arquivos de programas\msn gaming zone

2009-08-28 00:11 5,760,056 a------- d:\windows\Darkstar.bmp

2009-08-28 00:09 36,864 a------- d:\windows\system32\wbsys.dll

2009-08-28 00:09 64 a------- d:\windows\wb.ini

2009-08-28 00:09 <DIR> --d----- d:\arquivos de programas\arquivos comuns\Stardock

2009-08-28 00:09 <DIR> --d----- d:\arquivos de programas\AlienGUIse

2009-08-27 21:28 <DIR> --d----- d:\windows\system32\wbem\Logs

2009-08-26 22:37 664 a------- d:\windows\system32\d3d9caps.dat

2009-08-26 16:41 148,496 a------- d:\windows\system32\drivers\41789912.sys

2009-08-26 14:32 1,236,480 a------- d:\windows\system\msxml3.dll

2009-08-26 14:18 995,136 a------- d:\windows\system\Msajt200.dll

2009-08-26 13:15 11,233 a------- d:\windows\system32\fm20enu.dll.zip

2009-08-26 13:04 11,233 a------- d:\arquivos de programas\fm20enu.dll.zip

2009-08-26 01:06 <DIR> --d----- D:\ToolBar SD

2009-08-25 21:18 506,248 a------- d:\windows\system\msajt200(2).zip

2009-08-25 20:57 202,496 a----r-- d:\windows\system\vbajet.zip

2009-08-25 20:33 506,248 a------- d:\windows\msajt200.zip

==================== Find3M ====================

2009-09-23 20:45 12 a------- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-09-23 20:42 32 a--sh--- d:\windows\system32\drivers\fidbox.idx

2009-09-23 20:42 32 a--sh--- d:\windows\system32\drivers\fidbox.dat

2009-09-21 23:05 471,022 a------- d:\windows\system32\perfh016.dat

2009-09-21 23:05 79,980 a------- d:\windows\system32\perfc016.dat

2009-09-17 16:19 45 a------- d:\windows\system32\drivers\RemoveAny.log

2009-09-17 11:11 411,368 a------- d:\windows\system32\deploytk.dll

2009-09-10 14:54 38,224 a------- d:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 14:53 19,160 a------- d:\windows\system32\drivers\mbam.sys

2009-08-24 12:12 468,108 a------- d:\windows\system32\prfh0416.dat

2009-08-24 12:12 79,022 a------- d:\windows\system32\prfc0416.dat

2009-08-20 12:06 126,704,693 a------- d:\arquivos de programas\brofficeorg1.cab

2009-08-20 12:04 9,812,992 a------- d:\arquivos de programas\brofficeorg31.msi

2009-08-19 05:39 330 a------- d:\arquivos de programas\setup.ini

2009-08-16 20:12 396,288 a------- D:\HijackThis.exe

2009-08-13 15:48 272 a------- d:\windows\system32\drivers\sfi.dat

2009-08-13 12:21 512,000 -------- d:\windows\system32\dllcache\jscript.dll

2009-08-05 06:00 205,312 a------- d:\windows\system32\mswebdvd.dll

2009-08-05 06:00 205,312 -------- d:\windows\system32\dllcache\mswebdvd.dll

2009-07-28 16:33 55,656 a------- d:\windows\system32\drivers\avgntflt.sys

2009-07-19 18:45 11,067,392 a------- d:\windows\system32\dllcache\ieframe.dll

2009-07-19 10:15 5,937,152 a------- d:\windows\system32\dllcache\mshtml.dll

2009-07-17 16:03 58,880 a------- d:\windows\system32\atl.dll

2009-07-17 16:03 58,880 -------- d:\windows\system32\dllcache\atl.dll

2009-07-12 12:21 4,874,240 a------- d:\windows\system32\dllcache\wmp.dll

2009-07-12 12:21 233,472 a------- d:\windows\system32\wmpdxm.dll

2009-07-12 12:21 233,472 a------- d:\windows\system32\dllcache\wmpdxm.dll

2009-07-10 10:27 1,315,328 -------- d:\windows\system32\dllcache\msoe.dll

2009-07-03 13:59 1,208,832 a------- d:\windows\system32\dllcache\urlmon.dll

2009-07-03 13:59 915,456 a------- d:\windows\system32\dllcache\wininet.dll

2009-07-03 13:59 206,848 a------- d:\windows\system32\dllcache\occache.dll

2009-07-03 13:59 915,456 -------- d:\windows\system32\wininet.dll

2009-07-03 13:59 12,800 -------- d:\windows\system32\dllcache\xpshims.dll

2009-07-03 13:59 594,432 a------- d:\windows\system32\dllcache\msfeeds.dll

2009-07-03 13:59 55,296 a------- d:\windows\system32\dllcache\msfeedsbs.dll

2009-07-03 13:59 25,600 a------- d:\windows\system32\dllcache\jsproxy.dll

2009-07-03 13:59 1,985,536 a------- d:\windows\system32\dllcache\iertutil.dll

2009-07-03 13:59 184,320 a------- d:\windows\system32\dllcache\iepeers.dll

2009-07-03 13:59 246,272 -------- d:\windows\system32\dllcache\ieproxy.dll

2009-07-03 13:59 386,048 a------- d:\windows\system32\dllcache\iedkcs32.dll

2009-07-03 08:01 173,056 a------- d:\windows\system32\dllcache\ie4uinit.exe

2009-03-27 20:27 2,399 a------- d:\arquivos de programas\arquivos comuns\operadef6.ini

2009-02-26 11:04 234,477 a------- d:\arquivos de programas\arquivos comuns\english.lng

2009-02-26 11:04 8,250 a------- d:\arquivos de programas\arquivos comuns\license.rtf

2009-02-26 10:49 3,712,000 a------- d:\arquivos de programas\arquivos comuns\opera.dll

2009-02-26 10:49 20,480 a------- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

2009-02-26 10:49 653,419 a------- d:\arquivos de programas\arquivos comuns\encoding.bin

2009-02-26 10:49 99,328 a------- d:\arquivos de programas\arquivos comuns\opera.exe

2009-01-07 13:52 6,809 a------- d:\arquivos de programas\arquivos comuns\license.txt

2008-09-03 14:12 8,470 a------- d:\arquivos de programas\arquivos comuns\search.ini

2008-06-09 10:17 301 a------- d:\arquivos de programas\arquivos comuns\c3nform.vxml

2008-05-05 09:51 3,873 a------- d:\arquivos de programas\arquivos comuns\lngcode.txt

2004-02-26 13:35 7,904 a------- d:\arquivos de programas\arquivos comuns\html40_entities.dtd

2002-03-11 06:06 1,822,520 a------- d:\arquivos de programas\instmsiw.exe

2002-03-11 05:45 1,708,856 a------- d:\arquivos de programas\instmsia.exe

2009-01-21 12:39 32,768 a--sh--- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat

2009-03-08 14:09 638,816 a--sh--- d:\windows\system32\dllcache\iexplore.exe

2009-03-08 14:09 638,816 a--sh--- d:\windows\servicepackfiles\i386\iexplore.exe

============= FINISH: 23:06:02,62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/09/2007 10:51:37

System Uptime: 23/09/2009 20:44:55 (3 hours ago)

Motherboard: ECS | | M825G

Processor: AMD Sempron 2400+ | Socket-A | 1669/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 17 GiB total, 6,688 GiB free.

D: is FIXED (FAT32) - 59 GiB total, 31,313 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Service: ati2mtag

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO SEC Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO SEC Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Service: ati2mtag

Class GUID:

Description:

Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Manufacturer:

Name:

PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Service:

Class GUID:

Description:

Device ID: ROOT\LEGACY_BOCDRIVE\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000

Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Dispositivo de áudio USB

Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

Manufacturer: (Áudio USB genérico)

Name: Dispositivo de áudio USB

PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

Service: usbaudio

==== System Restore Points ===================

RP149: 20/09/2009 23:58:43 - Driver de impressão Send To Microsoft OneNote Driver instalado

RP150: 21/09/2009 00:00:27 - Software Distribution Service 3.0

RP151: 21/09/2009 00:08:01 - Revo Uninstaller's restore point - Microsoft Office Enterprise 2007

RP152: 21/09/2009 00:08:25 - Removed Microsoft Office Enterprise 2007

RP153: 21/09/2009 00:34:06 - Installed Microsoft Office Enterprise 2007

RP154: 21/09/2009 00:39:13 - Installed Microsoft Office Enterprise 2007

RP155: 21/09/2009 01:31:10 - Software Distribution Service 3.0

RP156: 21/09/2009 01:35:52 - Software Distribution Service 3.0

RP157: 21/09/2009 12:36:22 - Revo Uninstaller's restore point - Microsoft Office Professional Edição 2003

RP158: 21/09/2009 12:40:42 - Removido Microsoft Office Professional Edição 2003

RP159: 21/09/2009 12:51:46 - Configured Microsoft Office Enterprise 2007

RP160: 21/09/2009 12:58:02 - Configured Microsoft Office Enterprise 2007

RP161: 21/09/2009 13:01:04 - Revo Uninstaller's restore point - Windows Live installer

RP162: 21/09/2009 13:01:19 - Removido Windows Live installer

RP163: 21/09/2009 13:16:04 - Software Distribution Service 3.0

RP164: 21/09/2009 13:18:14 - Revo Uninstaller's restore point - Microsoft Office Live Add-in 1.3

RP165: 21/09/2009 13:18:30 - Removed Microsoft Office Live Add-in 1.3

RP166: 21/09/2009 13:23:35 - Configured Microsoft Office Enterprise 2007

RP167: 21/09/2009 14:24:14 - Revo Uninstaller's restore point - Microsoft Office Outlook Connector

RP168: 21/09/2009 14:24:38 - Removed Microsoft Office Outlook Connector

RP169: 21/09/2009 15:02:22 - Software Distribution Service 3.0

RP170: 21/09/2009 15:52:20 - Made by Regsofts

RP171: 21/09/2009 16:01:41 - Made by Regsofts

RP172: 21/09/2009 16:09:53 - Made by Regsofts

RP173: 21/09/2009 16:14:02 - Made by Regsofts

RP174: 21/09/2009 16:39:21 - Made by Regsofts

RP175: 21/09/2009 22:15:48 - Revo Uninstaller's restore point - Microsoft Office Outlook Connector

RP176: 21/09/2009 22:16:14 - Removido Microsoft Office Outlook Connector

RP177: 21/09/2009 22:18:26 - Revo Uninstaller's restore point - Spelling Dictionaries Support For Adobe Reader 9

RP178: 21/09/2009 22:18:54 - Removed Spelling Dictionaries Support For Adobe Reader 9.

RP179: 21/09/2009 23:04:45 - Installed Microsoft Office Outlook Connector

RP180: 21/09/2009 23:17:04 - Windows Media Player KB973540 instalado.

RP181: 21/09/2009 23:37:30 - Revo Uninstaller's restore point - Windows Live installer

RP182: 21/09/2009 23:37:49 - Removido Windows Live installer

RP183: 22/09/2009 00:49:54 - Installed Microsoft Office Word Viewer 2003

RP184: 22/09/2009 01:00:04 - Revo Uninstaller's restore point - Microsoft Office Word Viewer 2003

RP185: 22/09/2009 01:00:32 - Removed Microsoft Office Word Viewer 2003

RP186: 22/09/2009 01:35:57 - Software Distribution Service 3.0

RP187: 22/09/2009 01:52:50 - Software Distribution Service 3.0

RP188: 22/09/2009 12:15:58 - Software Distribution Service 3.0

RP189: 22/09/2009 16:35:09 - Software Distribution Service 3.0

RP190: 22/09/2009 17:39:22 - Instalado BrOffice.org 3.1

RP191: 22/09/2009 17:43:39 - Instalado BrOffice.org 3.1

RP192: 22/09/2009 17:49:22 - Instalado BrOffice.org 3.1

RP193: 22/09/2009 23:56:36 - Software Distribution Service 3.0

RP194: 23/09/2009 18:13:02 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1.3 - Português

AlienGUIse Theme Manager

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB971961)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização para Windows Internet Explorer 8 (KB973874)

Atualização para Windows XP (KB942763)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB973815)

Avira AntiVir Personal - Free Antivirus

BrOffice.org 3.1

C-Media WDM Audio Driver

CCleaner (remove only)

Choice Guard

EVEREST Home Edition v2.20

Gadwin PrintScreen

Google Chrome

GTOneCare

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

hp deskjet 3500

HP Photo and Imaging 2.0 - Deskjet Series

hp print screen utility

Java 6 Update 16

Junk Mail filter update

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 Language Pack - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.0.11)

Mozilla Firefox (3.5)

MV RegClean 5.9

Opera 10.00

Opera 9.64

Revo Uninstaller 1.83

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

Sun VirtualBox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB969907)

Update for Outlook 2007 Junk Email Filter (kb973514)

você 9.0 Runtime

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows XP Service Pack 3

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Log do gmer é longo, por isto não postei aqui .

Obrigado

Editado por HSES
Mencionar que log do gmer é longo

Compartilhar este post


Link para o post
Compartilhar em outros sites
RenatoMejias    1.041

Olá desculpe a demora.

Poste novo log do DDS.

Compartilhar este post


Link para o post
Compartilhar em outros sites
HSES    0
  • Autor do tópico
  • Boa Noite !

    Segue logs do DDS :

    DDS (Ver_09-07-30.01) - FAT32x86

    Run by edsom luis at 20:31:04,87 on 27/09/2009

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.65 [GMT -3:00]

    AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    D:\WINDOWS\system32\svchost -k DcomLaunch

    SVCHOST.EXE

    D:\WINDOWS\System32\svchost.exe -k netsvcs

    SVCHOST.EXE

    SVCHOST.EXE

    D:\Arquivos de programas\AlienGUIse\wbload.exe

    D:\WINDOWS\system32\spoolsv.exe

    D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

    D:\WINDOWS\Explorer.EXE

    D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

    D:\Arquivos de programas\Java\jre6\bin\jusched.exe

    D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

    D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

    D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

    D:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

    D:\WINDOWS\System32\svchost.exe -k eapsvcs

    D:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

    D:\Arquivos de programas\Java\jre6\bin\jqs.exe

    D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

    D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds(2).scr

    ============== Pseudo HJT Report ===============

    mWindow Title =

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    uRun: [Gadwin PrintScreen] d:\arquivos de programas\gadwin systems\printscreen\PrintScreen.exe /nosplash

    uRun: [Google Update] "d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

    mRun: [avgnt] "d:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

    mRun: [sunJavaUpdateSched] "d:\arquivos de programas\java\jre6\bin\jusched.exe"

    mRun: [Adobe Reader Speed Launcher] "d:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [GrooveMonitor] "d:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

    StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - d:\arquivos de programas\broffice.org 3\program\quickstart.exe

    StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - d:\arquivos de programas\broffice.org 3\program\quickstart.exe

    uPolicies-explorer: NoRealMode = 0 (0x0)

    uPolicies-explorer: NoFileUrl = 0 (0x0)

    uPolicies-explorer: NoUpdateCheck = 0 (0x0)

    IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\arquiv~1\micros~2\office12\ONBttnIE.dll

    IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179}

    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\arquivos de programas\hp\hpcoretech\comp\hpuiprot.dll

    Notify: WB - d:\arquivos de programas\alienguise\fastload.dll

    AppInit_DLLs: d:\windows\system32\wbsys.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

    SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File

    ================= FIREFOX ===================

    FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\r46u2xkd.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

    FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

    FF - component: d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

    FF - plugin: d:\arquivos de programas\mozilla firefox 3.5 preview\plugins\npOGAPlugin.dll

    FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npdsplay.dll

    FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\NPOFF12.DLL

    FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\NPSWF32.dll

    FF - plugin: d:\arquivos de programas\opera 10 beta\program\plugins\npwmsdrm.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox 3.5 preview\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    FF - user.js: network.http.max-connections-per-server - 6

    FF - user.js: network.http.max-persistent-connections-per-server - 3

    FF - user.js: nglayout.initialpaint.delay - 750

    FF - user.js: content.notify.interval - 750000

    FF - user.js: content.max.tokenizing.time - 2250000

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.enforce_same_site_origin", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.cache_size", 51200);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.ogg.enabled", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.wave.enabled", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("media.autoplay.enabled", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.storage.default_quota", 5120);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.dpi", -1);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\all.js - pref("geo.enabled", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

    d:\arquivos de programas\mozilla firefox 3.5 preview\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160]

    R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-8-28 11608]

    R1 is-AP9JMdrv;is-AP9JMdrv;d:\windows\system32\drivers\12878755.sys [2009-7-27 148496]

    R1 is-C4H53drv;is-C4H53drv;d:\windows\system32\drivers\70906987.sys [2009-4-29 148496]

    R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856]

    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424]

    R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-8-28 108289]

    R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-8-28 185089]

    R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 55656]

    R2 SeaPort;SeaPort;d:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856]

    R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368]

    R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

    S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568]

    S0 Partizan;Partizan;d:\windows\system32\drivers\partizan.sys --> d:\windows\system32\drivers\Partizan.sys [?]

    S1 lgalcafo;lgalcafo; [x]

    S1 nlaljkbk;nlaljkbk; [x]

    S2 cpuz132;cpuz132; [x]

    S2 GbpSv;Gbp Service; [x]

    S3 72568;72568; [x]

    S3 9235D;9235D; [x]

    S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x]

    S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584]

    S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136]

    ============== File Associations ===============

    inifile=Notepad.exe "%1"

    =============== Created Last 30 ================

    2009-09-26 17:32 <DIR> --dsh--- D:\Recycled

    2009-09-26 15:17 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\F-Secure

    2009-09-26 01:08 <DIR> --d----- D:\FOUND.003

    2009-09-25 22:45 28 a------- d:\windows\kmcdfa2200.dat

    2009-09-25 22:45 <DIR> --d----- d:\arquivos de programas\MMD

    2009-09-25 16:51 <DIR> --d----- d:\documents and settings\edsom luis\Tracing

    2009-09-24 17:58 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

    2009-09-24 13:59 <DIR> a-d--r-- D:\autorun.inf

    2009-09-22 17:51 <DIR> --d----- d:\docume~1\edsoml~1\dadosd~1\BrOffice.org

    2009-09-22 17:50 <DIR> --d----- d:\documents and settings\edsom luis\Gabaritos

    2009-09-22 17:49 <DIR> --d----- d:\arquivos de programas\BrOffice.org 3

    2009-09-22 17:42 <DIR> --d----- d:\arquivos de programas\redist

    2009-09-22 17:42 <DIR> --d----- d:\arquivos de programas\readmes

    2009-09-22 17:42 <DIR> --d----- d:\arquivos de programas\licenses

    2009-09-22 17:35 <DIR> --d----- D:\FOUND.002

    2009-09-22 17:28 <DIR> --d----- d:\arquivos de programas\Q SO NADA OFBR SDQVTIA123

    2009-09-22 01:45 <DIR> --d----- d:\arquivos de programas\Marcos Velasco Security

    2009-09-21 23:04 <DIR> --d----- d:\arquivos de programas\Microsoft Office Outlook Connector

    2009-09-21 10:43 <DIR> --d----- D:\FOUND.001

    2009-09-21 01:09 <DIR> --d----- D:\UsbFix

    2009-09-21 00:58 98,816 a------- d:\windows\sed.exe

    2009-09-20 23:45 <DIR> --d----- d:\arquivos de programas\Microsoft Visual Studio 8

    2009-09-18 13:14 <DIR> --d----- d:\documents and settings\edsom luis\.VirtualBox

    2009-09-18 13:11 115,856 a------- d:\windows\system32\drivers\VBoxDrv.sys

    2009-09-18 13:11 91,856 a------- d:\windows\system32\drivers\VBoxNetAdp.sys

    2009-09-18 13:10 41,424 a------- d:\windows\system32\drivers\VBoxUSBMon.sys

    2009-09-18 13:09 <DIR> --d----- d:\arquivos de programas\Sun

    2009-09-18 00:36 <DIR> --d----- D:\FOUND.000

    2009-09-17 17:43 29,584 a------- d:\windows\system32\drivers\regguard.sys

    2009-09-17 17:42 2 a----r-- d:\windows\winstart.bat.vi

    2009-09-17 17:41 57,556 a------- d:\windows\guard.bmp

    2009-09-17 11:12 73,728 a------- d:\windows\system32\javacpl.cpl

    2009-09-16 21:31 <DIR> --d----- D:\SDFix

    2009-09-16 21:22 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

    2009-09-16 00:53 <DIR> --d----- d:\windows\SxsCaPendDel

    2009-09-14 18:30 229,888 a------- d:\windows\PEV.exe

    2009-09-14 18:30 161,792 a------- d:\windows\SWREG.exe

    2009-09-14 18:30 98,816 a------- d:\windows\Sed.exe.vi

    2009-09-12 22:49 <DIR> --d----- d:\arquivos de programas\Lavalys

    2009-09-12 18:25 45 a------- d:\windows\system32\initdebug.nfo

    2009-09-12 14:10 229,376 a------- d:\windows\system32\XTAB.ocx

    2009-09-12 12:43 28,544 a------- d:\windows\system32\drivers\pavboot.sys

    2009-09-12 00:03 <DIR> --d----- D:\Lop SD

    2009-09-11 22:36 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Avanquest

    2009-09-11 22:31 <DIR> --d--r-- D:\_Backup.RC

    2009-09-11 22:30 <DIR> --d----- D:\_Backup

    2009-09-11 17:13 64,160 a------- d:\windows\system32\drivers\Lbd.sys

    2009-09-11 14:30 54 a------- d:\windows\system32\rp_stats.dat

    2009-09-11 14:30 44 a------- d:\windows\system32\statistics.dat

    2009-09-11 14:30 39 a------- d:\windows\system32\rp_rules.dat

    2009-09-10 16:14 148,496 a------- d:\windows\system32\drivers\45927166.sys

    2009-09-10 15:31 506 a------- d:\windows\ATICIM.INI

    2009-09-09 20:15 133,648 a------- d:\windows\system32\VBoxNetFltNotify.dll

    2009-09-09 20:15 100,368 a------- d:\windows\system32\drivers\VBoxNetFlt.sys

    2009-09-09 16:21 <DIR> --d----- D:\ATI

    2009-09-09 10:33 153,088 -------- d:\windows\system32\dllcache\triedit.dll

    2009-09-08 19:01 579,072 a------- d:\windows\system32\dllcache\user32.dll

    2009-09-02 16:09 81,920 -------- d:\windows\system32\ieencode.dll

    2009-09-02 15:59 <DIR> --d----- d:\windows\system32\CatRoot_bak

    2009-09-02 10:01 100,352 -------- d:\windows\system32\dllcache\iecompat.dll

    2009-09-01 10:27 <DIR> --d----- d:\windows\system32\wbem\Repository

    2009-08-30 20:56 148,496 a------- d:\windows\system32\drivers\04553182.sys

    2009-08-28 22:10 <DIR> --d----- d:\docume~1\alluse~1\dadosd~1\Avira

    2009-08-28 22:09 <DIR> --d----- d:\documents and settings\all users\Modelos

    2009-08-28 20:47 <DIR> --d----- d:\windows\system32\wbem\snmp

    2009-08-28 20:47 <DIR> --d----- d:\windows\system32\xircom

    2009-08-28 20:47 <DIR> --d----- d:\windows\system32\ime

    2009-08-28 20:47 <DIR> --d----- d:\windows\system32\drivers\disdn

    2009-08-28 20:47 <DIR> --d----- d:\arquivos de programas\msn gaming zone

    ==================== Find3M ====================

    2009-09-27 08:34 12 a------- d:\windows\system32\drivers\IncompleteBoot.cnt

    2009-09-26 23:19 32 a--sh--- d:\windows\system32\drivers\fidbox.idx

    2009-09-26 23:19 32 a--sh--- d:\windows\system32\drivers\fidbox.dat

    2009-09-21 23:05 471,022 a------- d:\windows\system32\perfh016.dat

    2009-09-21 23:05 79,980 a------- d:\windows\system32\perfc016.dat

    2009-09-17 16:19 45 a------- d:\windows\system32\drivers\RemoveAny.log

    2009-09-17 11:11 411,368 a------- d:\windows\system32\deploytk.dll

    2009-09-10 14:54 38,224 a------- d:\windows\system32\drivers\mbamswissarmy.sys

    2009-09-10 14:53 19,160 a------- d:\windows\system32\drivers\mbam.sys

    2009-08-26 13:13 11,233 a------- d:\windows\system32\fm20enu.dll.zip

    2009-08-26 13:04 11,233 a------- d:\arquivos de programas\fm20enu.dll.zip

    2009-08-25 20:34 506,248 a------- d:\windows\msajt200.zip

    2009-08-24 12:12 468,108 a------- d:\windows\system32\prfh0416.dat

    2009-08-24 12:12 79,022 a------- d:\windows\system32\prfc0416.dat

    2009-08-20 12:06 126,704,693 a------- d:\arquivos de programas\brofficeorg1.cab

    2009-08-20 12:04 9,812,992 a------- d:\arquivos de programas\brofficeorg31.msi

    2009-08-19 05:39 330 a------- d:\arquivos de programas\setup.ini

    2009-08-16 20:12 396,288 a------- D:\HijackThis.exe

    2009-08-13 15:48 272 a------- d:\windows\system32\drivers\sfi.dat

    2009-08-13 12:21 512,000 -------- d:\windows\system32\dllcache\jscript.dll

    2009-08-05 06:00 205,312 a------- d:\windows\system32\mswebdvd.dll

    2009-08-05 06:00 205,312 -------- d:\windows\system32\dllcache\mswebdvd.dll

    2009-07-26 16:44 48,448 a------- d:\windows\system32\sirenacm.dll

    2009-07-19 18:45 11,067,392 a------- d:\windows\system32\dllcache\ieframe.dll

    2009-07-19 10:15 5,937,152 a------- d:\windows\system32\dllcache\mshtml.dll

    2009-07-17 16:03 58,880 a------- d:\windows\system32\atl.dll

    2009-07-17 16:03 58,880 -------- d:\windows\system32\dllcache\atl.dll

    2009-07-12 12:21 4,874,240 a------- d:\windows\system32\dllcache\wmp.dll

    2009-07-12 12:21 233,472 a------- d:\windows\system32\wmpdxm.dll

    2009-07-12 12:21 233,472 a------- d:\windows\system32\dllcache\wmpdxm.dll

    2009-07-10 10:27 1,315,328 -------- d:\windows\system32\dllcache\msoe.dll

    2009-07-03 13:59 1,208,832 a------- d:\windows\system32\dllcache\urlmon.dll

    2009-07-03 13:59 915,456 a------- d:\windows\system32\dllcache\wininet.dll

    2009-07-03 13:59 206,848 a------- d:\windows\system32\dllcache\occache.dll

    2009-07-03 13:59 915,456 -------- d:\windows\system32\wininet.dll

    2009-07-03 13:59 12,800 -------- d:\windows\system32\dllcache\xpshims.dll

    2009-07-03 13:59 594,432 a------- d:\windows\system32\dllcache\msfeeds.dll

    2009-07-03 13:59 55,296 a------- d:\windows\system32\dllcache\msfeedsbs.dll

    2009-07-03 13:59 25,600 a------- d:\windows\system32\dllcache\jsproxy.dll

    2009-07-03 13:59 1,985,536 a------- d:\windows\system32\dllcache\iertutil.dll

    2009-07-03 13:59 184,320 a------- d:\windows\system32\dllcache\iepeers.dll

    2009-07-03 13:59 246,272 -------- d:\windows\system32\dllcache\ieproxy.dll

    2009-07-03 13:59 386,048 a------- d:\windows\system32\dllcache\iedkcs32.dll

    2009-07-03 08:01 173,056 a------- d:\windows\system32\dllcache\ie4uinit.exe

    2009-03-27 20:27 2,399 a------- d:\arquivos de programas\arquivos comuns\operadef6.ini

    2009-02-26 11:04 234,477 a------- d:\arquivos de programas\arquivos comuns\english.lng

    2009-02-26 11:04 8,250 a------- d:\arquivos de programas\arquivos comuns\license.rtf

    2009-02-26 10:49 3,712,000 a------- d:\arquivos de programas\arquivos comuns\opera.dll

    2009-02-26 10:49 20,480 a------- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

    2009-02-26 10:49 653,419 a------- d:\arquivos de programas\arquivos comuns\encoding.bin

    2009-02-26 10:49 99,328 a------- d:\arquivos de programas\arquivos comuns\opera.exe

    2009-01-07 13:52 6,809 a------- d:\arquivos de programas\arquivos comuns\license.txt

    2008-09-03 14:12 8,470 a------- d:\arquivos de programas\arquivos comuns\search.ini

    2008-06-09 10:17 301 a------- d:\arquivos de programas\arquivos comuns\c3nform.vxml

    2008-05-05 09:51 3,873 a------- d:\arquivos de programas\arquivos comuns\lngcode.txt

    2004-02-26 13:35 7,904 a------- d:\arquivos de programas\arquivos comuns\html40_entities.dtd

    2002-03-11 06:06 1,822,520 a------- d:\arquivos de programas\instmsiw.exe

    2002-03-11 05:45 1,708,856 a------- d:\arquivos de programas\instmsia.exe

    2009-01-21 12:39 32,768 a--sh--- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat

    2009-03-08 14:09 638,816 a--sh--- d:\windows\system32\dllcache\iexplore.exe

    2009-03-08 14:09 638,816 a--sh--- d:\windows\servicepackfiles\i386\iexplore.exe

    ============= FINISH: 20:32:14,53 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 19/09/2007 10:51:37

    System Uptime: 27/09/2009 08:34:35 (12 hours ago)

    Motherboard: ECS | | M825G

    Processor: AMD Sempron 2400+ | Socket-A | 1669/166mhz

    ==== Disk Partitions =========================

    A: is Removable

    C: is FIXED (FAT32) - 17 GiB total, 6,723 GiB free.

    D: is FIXED (FAT32) - 59 GiB total, 35,924 GiB free.

    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

    Description: RADEON 9200 PRO Family (Microsoft Corporation)

    Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

    Manufacturer: ATI Technologies Inc.

    Name: RADEON 9200 PRO Family (Microsoft Corporation)

    PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

    Service: ati2mtag

    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

    Description: RADEON 9200 PRO SEC Family (Microsoft Corporation)

    Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

    Manufacturer: ATI Technologies Inc.

    Name: RADEON 9200 PRO SEC Family (Microsoft Corporation)

    PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

    Service: ati2mtag

    Class GUID:

    Description:

    Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

    Manufacturer:

    Name:

    PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Controlador de comunicação PCI simples

    Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

    Manufacturer:

    Name: Controlador de comunicação PCI simples

    PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

    Service:

    Class GUID:

    Description:

    Device ID: ROOT\LEGACY_BOCDRIVE\0000

    Manufacturer:

    Name:

    PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000

    Service:

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

    Description: Dispositivo de áudio USB

    Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

    Manufacturer: (Áudio USB genérico)

    Name: Dispositivo de áudio USB

    PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

    Service: usbaudio

    ==== System Restore Points ===================

    RP217: 26/09/2009 00:02:25 - Software Distribution Service 3.0

    RP218: 26/09/2009 01:31:45 - Removido Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB

    RP219: 26/09/2009 01:33:02 - Removed Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB

    RP220: 26/09/2009 01:36:24 - Revo Uninstaller's restore point - Microsoft .NET Framework 2.0 Service Pack 2

    RP221: 26/09/2009 16:41:46 - Software Distribution Service 3.0

    RP222: 26/09/2009 23:18:25 - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 9.1.3 - Português

    AlienGUIse Theme Manager

    Atualização de Segurança para o Windows Media Player (KB952069)

    Atualização de Segurança para o Windows Media Player (KB968816)

    Atualização de Segurança para o Windows Media Player (KB973540)

    Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

    Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

    Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

    Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

    Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

    Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

    Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

    Atualização de Segurança para Windows XP (KB923561)

    Atualização de Segurança para Windows XP (KB938464-v2)

    Atualização de Segurança para Windows XP (KB938464)

    Atualização de Segurança para Windows XP (KB941569)

    Atualização de Segurança para Windows XP (KB946648)

    Atualização de Segurança para Windows XP (KB950762)

    Atualização de Segurança para Windows XP (KB950974)

    Atualização de Segurança para Windows XP (KB951066)

    Atualização de Segurança para Windows XP (KB951376-v2)

    Atualização de Segurança para Windows XP (KB951698)

    Atualização de Segurança para Windows XP (KB951748)

    Atualização de Segurança para Windows XP (KB952004)

    Atualização de Segurança para Windows XP (KB952954)

    Atualização de Segurança para Windows XP (KB954211)

    Atualização de Segurança para Windows XP (KB954459)

    Atualização de Segurança para Windows XP (KB954600)

    Atualização de Segurança para Windows XP (KB955069)

    Atualização de Segurança para Windows XP (KB956391)

    Atualização de Segurança para Windows XP (KB956572)

    Atualização de Segurança para Windows XP (KB956744)

    Atualização de Segurança para Windows XP (KB956802)

    Atualização de Segurança para Windows XP (KB956803)

    Atualização de Segurança para Windows XP (KB956841)

    Atualização de Segurança para Windows XP (KB956844)

    Atualização de Segurança para Windows XP (KB957097)

    Atualização de Segurança para Windows XP (KB958644)

    Atualização de Segurança para Windows XP (KB958687)

    Atualização de Segurança para Windows XP (KB958690)

    Atualização de Segurança para Windows XP (KB959426)

    Atualização de Segurança para Windows XP (KB960225)

    Atualização de Segurança para Windows XP (KB960715)

    Atualização de Segurança para Windows XP (KB960803)

    Atualização de Segurança para Windows XP (KB960859)

    Atualização de Segurança para Windows XP (KB961371)

    Atualização de Segurança para Windows XP (KB961373)

    Atualização de Segurança para Windows XP (KB961501)

    Atualização de Segurança para Windows XP (KB968537)

    Atualização de Segurança para Windows XP (KB969898)

    Atualização de Segurança para Windows XP (KB970238)

    Atualização de Segurança para Windows XP (KB971557)

    Atualização de Segurança para Windows XP (KB971633)

    Atualização de Segurança para Windows XP (KB971657)

    Atualização de Segurança para Windows XP (KB971961)

    Atualização de Segurança para Windows XP (KB973346)

    Atualização de Segurança para Windows XP (KB973354)

    Atualização de Segurança para Windows XP (KB973507)

    Atualização de Segurança para Windows XP (KB973869)

    Atualização para Windows Internet Explorer 8 (KB973874)

    Atualização para Windows XP (KB942763)

    Atualização para Windows XP (KB951978)

    Atualização para Windows XP (KB955839)

    Atualização para Windows XP (KB967715)

    Atualização para Windows XP (KB973815)

    Avira AntiVir Personal - Free Antivirus

    BrOffice.org 3.1

    C-Media WDM Audio Driver

    CCleaner (remove only)

    EVEREST Home Edition v2.20

    Gadwin PrintScreen

    Google Chrome

    GTOneCare

    HijackThis 2.0.2

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix para Windows XP (KB952287)

    Hotfix para Windows XP (KB961118)

    Hotfix para Windows XP (KB970653-v3)

    hp deskjet 3500

    HP Photo and Imaging 2.0 - Deskjet Series

    hp print screen utility

    Java 6 Update 16

    Junk Mail filter update

    Malwarebytes' Anti-Malware

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 Language Pack - ptb

    Microsoft .NET Framework 3.5 SP1

    Microsoft Application Error Reporting

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Internationalized Domain Names Mitigation APIs

    Microsoft National Language Support Downlevel APIs

    Microsoft Office 2007 Service Pack 2 (SP2)

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook Connector

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft Search Enhancement Pack

    Microsoft Silverlight

    Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Mozilla Firefox (3.0.11)

    Mozilla Firefox (3.5)

    MV RegClean 5.9

    Opera 10.00

    Opera 9.64

    Revo Uninstaller 1.83

    Security Update for 2007 Microsoft Office System (KB969559)

    Security Update for 2007 Microsoft Office System (KB969679)

    Security Update for Microsoft Office Excel 2007 (KB969682)

    Security Update for Microsoft Office PowerPoint 2007 (KB957789)

    Security Update for Microsoft Office Publisher 2007 (KB969693)

    Security Update for Microsoft Office system 2007 (KB969613)

    Security Update for Microsoft Office Word 2007 (KB969604)

    Sun VirtualBox

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft Office Outlook 2007 (KB969907)

    Update for Outlook 2007 Junk Email Filter (kb973514)

    você 9.0 Runtime

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    WebFldrs XP

    Windows Imaging Component

    Windows Internet Explorer 7

    Windows Internet Explorer 8

    Windows Media Format 11 runtime

    Windows XP Service Pack 3

    XML Paper Specification Shared Components Language Pack 1.0

    XML Paper Specification Shared Components Pack 1.0

    ==== End Of File ===========================

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    HSES    0
  • Autor do tópico
  • Bom dia !

    Eis o log do combofix .

    ComboFix 09-09-28.01 - edsom luis 28/09/2009 23:39:43.104.1 - FAT32x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.153 [GMT -3:00]

    Executando de: D:\Documents and Settings\edsom luis\Desktop\ComboFix.exe

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))

    .

    2009-09-28 22:27:05 . 2009-09-28 22:27:06 0 d-----w- D:\Documents and Settings\edsom luis\Dados de aplicativos\IObit

    2009-09-26 18:17:02 . 2009-09-26 18:17:04 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\F-Secure

    2009-09-26 01:45:43 . 2009-09-26 01:45:44 28 ----a-w- D:\WINDOWS\kmcdfa2200.dat

    2009-09-25 19:51:27 . 2009-09-25 19:51:28 0 d-----w- D:\Documents and Settings\edsom luis\Tracing

    2009-09-24 20:58:40 . 2009-09-24 20:58:42 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2009-09-22 20:51:40 . 2009-09-22 20:51:42 0 d-----w- D:\Documents and Settings\edsom luis\Dados de aplicativos\BrOffice.org

    2009-09-22 20:50:56 . 2009-09-22 20:50:58 0 d-----w- D:\Documents and Settings\edsom luis\Gabaritos

    2009-09-22 20:49:28 . 2009-09-22 20:49:30 0 d-----w- D:\Arquivos de programas\BrOffice.org 3

    2009-09-22 20:42:34 . 2009-09-22 20:42:36 0 d-----w- D:\Arquivos de programas\redist

    2009-09-22 20:42:34 . 2009-09-22 20:42:36 0 d-----w- D:\Arquivos de programas\readmes

    2009-09-22 20:42:34 . 2009-09-22 20:42:36 0 d-----w- D:\Arquivos de programas\licenses

    2009-09-22 20:28:12 . 2009-09-22 20:28:14 0 d-----w- D:\Arquivos de programas\Q SO NADA OFBR SDQVTIA123

    2009-09-22 04:45:30 . 2009-09-22 04:45:32 0 d-----w- D:\Arquivos de programas\Marcos Velasco Security

    2009-09-22 02:04:48 . 2009-09-22 02:04:50 0 d-----w- D:\Arquivos de programas\Microsoft Office Outlook Connector

    2009-09-21 04:09:33 . 2009-09-21 04:09:34 0 d-----w- D:\UsbFix

    2009-09-21 02:45:46 . 2009-09-21 02:45:48 0 d-----w- D:\Arquivos de programas\Microsoft Visual Studio 8

    2009-09-18 16:14:14 . 2009-09-18 16:14:16 0 d-----w- D:\Documents and Settings\edsom luis\.VirtualBox

    2009-09-18 16:11:20 . 2009-09-09 23:15:26 115856 ----a-w- D:\WINDOWS\system32\drivers\VBoxDrv.sys

    2009-09-18 16:11:11 . 2009-09-09 23:15:36 91856 ----a-w- D:\WINDOWS\system32\drivers\VBoxNetAdp.sys

    2009-09-18 16:10:03 . 2009-09-09 23:15:36 41424 ----a-w- D:\WINDOWS\system32\drivers\VBoxUSBMon.sys

    2009-09-18 16:09:41 . 2009-09-18 16:09:42 0 d-----w- D:\Arquivos de programas\Sun

    2009-09-17 20:43:03 . 2009-09-17 20:43:04 29584 ----a-w- D:\WINDOWS\system32\drivers\regguard.sys

    2009-09-17 00:31:24 . 2008-11-06 05:03:28 0 d-----w- D:\SDFix

    2009-09-17 00:22:34 . 2009-09-17 00:22:36 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

    2009-09-16 03:53:16 . 2009-09-16 03:53:18 0 d-----w- D:\WINDOWS\SxsCaPendDel

    2009-09-13 01:49:50 . 2009-09-13 01:49:52 0 d-----w- D:\Arquivos de programas\Lavalys

    2009-09-12 15:43:28 . 2008-06-19 20:24:30 28544 ----a-w- D:\WINDOWS\system32\drivers\pavboot.sys

    2009-09-12 03:03:18 . 2009-09-12 03:03:20 0 d-----w- D:\Lop SD

    2009-09-12 01:36:50 . 2009-09-12 01:36:52 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\Avanquest

    2009-09-12 01:31:07 . 2009-09-12 01:31:08 0 d-----r- D:\_Backup.RC

    2009-09-12 01:26:28 . 2009-09-12 01:26:30 0 d--h--w- D:\Arquivos de programas\InstallShield Installation Information

    2009-09-12 01:25:41 . 2009-09-12 01:25:42 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

    2009-09-12 01:25:39 . 2009-09-12 01:25:40 0 d-----w- D:\Documents and Settings\edsom luis\Dados de aplicativos\InstallShield

    2009-09-11 20:13:54 . 2009-09-11 17:29:04 64160 ----a-w- D:\WINDOWS\system32\drivers\Lbd.sys

    2009-09-11 17:30:11 . 2009-09-11 17:30:46 54 ----a-w- D:\WINDOWS\system32\rp_stats.dat

    2009-09-11 17:30:11 . 2009-09-11 17:30:46 44 ----a-w- D:\WINDOWS\system32\statistics.dat

    2009-09-11 17:30:11 . 2009-09-11 17:30:46 39 ----a-w- D:\WINDOWS\system32\rp_rules.dat

    2009-09-10 19:14:34 . 2008-07-08 17:54:02 148496 ----a-w- D:\WINDOWS\system32\drivers\45927166.sys

    2009-09-09 23:15:16 . 2009-09-09 23:15:16 133648 ----a-w- D:\WINDOWS\system32\VBoxNetFltNotify.dll

    2009-09-09 23:15:10 . 2009-09-09 23:15:10 100368 ----a-w- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys

    2009-09-09 21:15:59 . 2009-09-09 21:16:00 0 d-sh--w- D:\Documents and Settings\Default User\IETldCache

    2009-09-09 19:21:53 . 2009-09-09 19:21:54 0 d-----w- D:\ATI

    2009-09-09 13:33:24 . 2009-06-21 21:48:16 153088 ------w- D:\WINDOWS\system32\dllcache\triedit.dll

    2009-09-08 22:01:04 . 2009-09-08 22:01:06 579072 ----a-w- D:\WINDOWS\system32\dllcache\user32.dll

    2009-09-04 13:09:09 . 2009-09-04 13:09:10 0 d-----w- D:\Documents and Settings\edsom luis\Dados de aplicativos\Yahoo!

    2009-09-02 21:49:11 . 2009-09-02 21:49:12 0 d-----w- D:\WINDOWS\Sun

    2009-09-02 19:09:23 . 2008-04-13 22:20:30 81920 ------w- D:\WINDOWS\system32\ieencode.dll

    2009-09-02 18:59:59 . 2009-09-02 19:00:00 0 d-----w- D:\WINDOWS\system32\CatRoot_bak

    2009-09-02 13:01:56 . 2009-08-07 08:48:40 100352 ------w- D:\WINDOWS\system32\dllcache\iecompat.dll

    2009-09-01 13:27:49 . 2009-09-01 13:27:50 0 d-----w- D:\WINDOWS\system32\wbem\Repository

    2009-08-31 19:31:42 . 2009-08-31 19:31:44 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\Skype

    2009-08-30 23:56:00 . 2008-07-08 17:54:02 148496 ----a-w- D:\WINDOWS\system32\drivers\04553182.sys

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-09-29 00:28:40 . 2009-08-22 14:01:41 12 ----a-w- D:\WINDOWS\system32\drivers\IncompleteBoot.cnt

    2009-09-29 00:06:16 . 2009-04-29 23:59:26 32 --sha-w- D:\WINDOWS\system32\drivers\fidbox.idx

    2009-09-29 00:06:16 . 2009-04-29 23:59:26 32 --sha-w- D:\WINDOWS\system32\drivers\fidbox.dat

    2009-09-24 20:58:06 . 2009-08-27 01:37:55 664 ----a-w- D:\WINDOWS\system32\d3d9caps.dat

    2009-09-22 02:05:12 . 2001-10-28 21:07:18 79980 ----a-w- D:\WINDOWS\system32\perfc016.dat

    2009-09-22 02:05:12 . 2001-10-28 21:07:18 471022 ----a-w- D:\WINDOWS\system32\perfh016.dat

    2009-09-17 14:11:58 . 2008-12-04 13:33:56 411368 ----a-w- D:\WINDOWS\system32\deploytk.dll

    2009-09-10 17:54:06 . 2009-04-23 15:56:20 38224 ----a-w- D:\WINDOWS\system32\drivers\mbamswissarmy.sys

    2009-09-10 17:53:50 . 2009-04-23 15:56:22 19160 ----a-w- D:\WINDOWS\system32\drivers\mbam.sys

    2009-08-29 01:10:58 . 2009-08-29 01:10:57 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\Avira

    2009-08-28 23:47:32 . 2009-08-28 23:47:30 0 d-----w- D:\Arquivos de programas\microsoft frontpage

    2009-08-28 03:09:36 . 2009-08-28 03:09:34 0 d-----w- D:\Arquivos de programas\Arquivos comuns\Stardock

    2009-08-28 03:09:34 . 2009-08-28 03:09:33 0 d-----w- D:\Arquivos de programas\AlienGUIse

    2009-08-26 16:13:12 . 2009-08-26 16:15:46 11233 ----a-w- D:\WINDOWS\system32\fm20enu.dll.zip

    2009-08-26 16:04:28 . 2009-08-26 16:04:30 11233 ----a-w- D:\Arquivos de programas\fm20enu.dll.zip

    2009-08-25 23:34:02 . 2009-08-25 23:33:52 506248 ----a-w- D:\WINDOWS\msajt200.zip

    2009-08-24 15:12:54 . 2009-08-22 15:37:49 468108 ----a-w- D:\WINDOWS\system32\prfh0416.dat

    2009-08-24 15:12:52 . 2009-08-22 15:37:49 79022 ----a-w- D:\WINDOWS\system32\prfc0416.dat

    2009-08-21 02:42:08 . 2009-08-21 02:42:06 0 d-----w- D:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2009-08-20 15:06:06 . 2009-08-20 15:06:06 126704693 ----a-w- D:\Arquivos de programas\brofficeorg1.cab

    2009-08-20 15:04:26 . 2009-08-20 15:04:26 9812992 ----a-w- D:\Arquivos de programas\brofficeorg31.msi

    2009-08-19 08:39:36 . 2009-08-19 08:39:36 330 ----a-w- D:\Arquivos de programas\setup.ini

    2009-08-16 23:12:38 . 2009-08-16 23:12:36 396288 ----a-w- D:\HijackThis.exe

    2009-08-13 18:48:10 . 2009-08-13 18:48:08 272 ----a-w- D:\WINDOWS\system32\drivers\sfi.dat

    2009-08-05 09:00:40 . 2004-08-04 10:45:26 205312 ----a-w- D:\WINDOWS\system32\mswebdvd.dll

    2009-07-28 19:33:58 . 2009-03-19 00:30:50 55656 ----a-w- D:\WINDOWS\system32\drivers\avgntflt.sys

    2009-07-26 19:44:56 . 2009-07-26 19:44:56 48448 ----a-w- D:\WINDOWS\system32\sirenacm.dll

    2009-07-17 19:03:30 . 2004-08-04 10:45:22 58880 ----a-w- D:\WINDOWS\system32\atl.dll

    2009-07-12 15:21:50 . 2004-08-04 10:45:28 233472 ----a-w- D:\WINDOWS\system32\wmpdxm.dll

    2009-07-03 16:59:12 . 2004-08-04 10:45:28 915456 ------w- D:\WINDOWS\system32\wininet.dll

    2009-03-27 23:27:54 . 2009-03-27 23:27:53 2399 ----a-w- D:\Arquivos de programas\Arquivos comuns\operadef6.ini

    2009-02-26 14:04:22 . 2009-02-26 14:04:22 8250 ----a-w- D:\Arquivos de programas\Arquivos comuns\license.rtf

    2009-02-26 14:04:22 . 2009-02-26 14:04:22 234477 ----a-w- D:\Arquivos de programas\Arquivos comuns\english.lng

    2009-02-26 13:49:36 . 2009-02-26 13:49:36 3712000 ----a-w- D:\Arquivos de programas\Arquivos comuns\opera.dll

    2009-02-26 13:49:36 . 2009-02-26 13:49:36 20480 ----a-w- D:\Arquivos de programas\Arquivos comuns\OUniAnsi.dll

    2009-02-26 13:49:24 . 2009-02-26 13:49:24 653419 ----a-w- D:\Arquivos de programas\Arquivos comuns\encoding.bin

    2009-02-26 13:49:18 . 2009-02-26 13:49:18 99328 ----a-w- D:\Arquivos de programas\Arquivos comuns\opera.exe

    2009-01-07 16:52:20 . 2009-01-07 16:52:20 6809 ----a-w- D:\Arquivos de programas\Arquivos comuns\license.txt

    2008-09-03 17:12:44 . 2008-09-03 17:12:44 8470 ----a-w- D:\Arquivos de programas\Arquivos comuns\search.ini

    2008-06-09 13:17:20 . 2008-06-09 13:17:20 301 ----a-w- D:\Arquivos de programas\Arquivos comuns\c3nform.vxml

    2008-05-05 12:51:44 . 2008-05-05 12:51:44 3873 ----a-w- D:\Arquivos de programas\Arquivos comuns\lngcode.txt

    2004-02-26 16:35:04 . 2004-02-26 16:35:04 7904 ----a-w- D:\Arquivos de programas\Arquivos comuns\html40_entities.dtd

    2002-03-11 09:06:30 . 2002-03-11 09:06:30 1822520 ----a-w- D:\Arquivos de programas\instmsiw.exe

    2002-03-11 08:45:04 . 2002-03-11 08:45:04 1708856 ----a-w- D:\Arquivos de programas\instmsia.exe

    2009-03-08 17:09:26 . 2007-09-19 13:42:39 638816 --sha-w- D:\WINDOWS\system32\dllcache\iexplore.exe

    2009-03-08 17:09:26 . 2008-04-14 03:21:01 638816 --sha-w- D:\WINDOWS\ServicePackFiles\i386\iexplore.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Gadwin PrintScreen"="D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 11:08:40 495616]

    "Google Update"="D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-09-16 22:28:24 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "avgnt"="D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 16:08:48 209153]

    "SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-17 14:12:00 149280]

    "Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696]

    "GrooveMonitor"="D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 14:44:34 31072]

    D:\Documents and Settings\edsom luis\Menu Iniciar\Programas\Inicializar\

    BrOffice.org 3.1.lnk - D:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoRealMode"= 0 (0x0)

    "NoFileUrl"= 0 (0x0)

    "NoUpdateCheck"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

    2001-12-21 02:34:52 24576 ----a-w- D:\Arquivos de programas\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=D:\WINDOWS\system32\wbsys.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "D:\\WINDOWS\\system32\\rtcshare.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "D:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

    "D:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    R0 Lbd;Lbd;D:\WINDOWS\system32\drivers\Lbd.sys [11/09/2009 17:13:54 64160]

    R1 is-AP9JMdrv;is-AP9JMdrv;D:\WINDOWS\system32\drivers\12878755.sys [27/07/2009 14:28:42 148496]

    R1 is-C4H53drv;is-C4H53drv;D:\WINDOWS\system32\drivers\70906987.sys [29/04/2009 21:02:21 148496]

    R1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\drivers\VBoxDrv.sys [18/09/2009 13:11:20 115856]

    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\drivers\VBoxUSBMon.sys [18/09/2009 13:10:03 41424]

    R2 713xTVCard;SAA7131 TV Card;D:\WINDOWS\system32\drivers\SAA713x.sys [15/03/2005 12:00:00 277504]

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [28/08/2009 22:11:04 108289]

    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;D:\WINDOWS\system32\drivers\VBoxNetAdp.sys [18/09/2009 13:11:11 91856]

    R3 VBoxNetFlt;VBoxNetFlt Service;D:\WINDOWS\system32\drivers\VBoxNetFlt.sys [09/09/2009 20:15:10 100368]

    R3 xpvcom;XPVCOM Port;D:\WINDOWS\system32\drivers\XPVCOM.sys [23/03/2007 02:00:14 30032]

    S0 GbpKm;Gbp KernelMode;D:\WINDOWS\system32\drivers\GbpKm.sys [18/04/2009 21:46:56 26568]

    S0 Partizan;Partizan;D:\WINDOWS\system32\drivers\Partizan.sys --> D:\WINDOWS\system32\drivers\Partizan.sys [?]

    S1 lgalcafo;lgalcafo; [x]

    S1 nlaljkbk;nlaljkbk; [x]

    S2 cpuz132;cpuz132; [x]

    S2 GbpSv;Gbp Service; [x]

    S3 72568;72568; [x]

    S3 9235D;9235D; [x]

    S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x]

    S3 RegGuard;RegGuard;D:\WINDOWS\system32\drivers\regguard.sys [17/09/2009 17:43:03 29584]

    S3 rspSanity;rspSanity;D:\WINDOWS\system32\drivers\rspSanity32.sys [14/04/2009 19:51:20 30136]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-07 D:\WINDOWS\Tasks\HP DArC Task 2003-04-11 09:53:04ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25:50N4BF150JQ9B.job

    - D:\Arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25:50 . 2003-04-11 18:25:50]

    2009-09-29 D:\WINDOWS\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

    - D:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2009-03-08 07:31:54]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.msn.com

    mWindow Title =

    IE: E&xportar para o Microsoft Excel - D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

    FF - ProfilePath - D:\Documents and Settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

    FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

    FF - component: D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

    FF - plugin: D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npOGAPlugin.dll

    FF - plugin: D:\Arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

    FF - plugin: D:\Arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

    FF - plugin: D:\Arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

    FF - plugin: D:\Arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    FF - user.js: network.http.max-connections-per-server - 6

    FF - user.js: network.http.max-persistent-connections-per-server - 3

    FF - user.js: nglayout.initialpaint.delay - 750

    FF - user.js: content.notify.interval - 750000

    FF - user.js: content.max.tokenizing.time - 2250000

    D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    .

    ------- Associação de arquivos/ficheiros -------

    .

    inifile=Notepad.exe "%1"

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-09-28 23:46:03

    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

    @Denied: (Full) (LocalSystem)

    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

    @DACL=(02 0000)

    "PackageName"="Dashboard.msi"

    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

    @DACL=(02 0000)

    "PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

    "LastUsedSource"=expand:"n;1;D:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

    "6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(1008)

    D:\Arquivos de programas\AlienGUIse\fastload.dll

    - - - - - - - > 'explorer.exe'(3484)

    D:\WINDOWS\system32\WININET.dll

    D:\WINDOWS\system32\webcheck.dll

    D:\WINDOWS\system32\WPDShServiceObj.dll

    D:\WINDOWS\system32\PortableDeviceTypes.dll

    D:\WINDOWS\system32\PortableDeviceApi.dll

    .

    Tempo para conclusão: 2009-09-29 23:48:22

    ComboFix-quarantined-files.txt 2009-09-29 02:48:20

    ComboFix2.txt 2009-09-29 00:01:50

    ComboFix3.txt 2009-09-28 01:28:56

    ComboFix4.txt 2009-09-26 20:28:44

    ComboFix5.txt 2009-09-29 00:14:00

    Pré-execução: 21 pasta(s) 36.872.323.072 bytes disponíveis

    Pós execução: 22 pasta(s) 36.836.605.952 bytes disponíveis

    Current=49 Default=49 Failed=48 LastKnownGood=50 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50

    Obrigado desde já .

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


    Driver::

    is-AP9JMdrv
    is-C4H53drv
    nlaljkbk
    cpuz132
    GbpSv
    72568
    9235D

    File::

    D:\WINDOWS\system32\drivers\12878755.sys
    D:\WINDOWS\system32\drivers\70906987.sys

    FixCset::

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    HSES    0
  • Autor do tópico
  • Boa Noite !

    Eis o teor de C:\ComboFix.txt :

    ComboFix 09-09-28.01 - edsom luis 29/09/2009 22:36.105.1 - FAT32x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.147 [GMT -3:00]

    Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

    Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

    FILE ::

    "d:\windows\system32\drivers\12878755.sys"

    "d:\windows\system32\drivers\70906987.sys"

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    d:\windows\system32\drivers\12878755.sys

    d:\windows\system32\drivers\70906987.sys

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_72568

    -------\Legacy_9235D

    -------\Legacy_CPUZ132

    -------\Legacy_GBPSV

    -------\Legacy_IS-AP9JMDRV

    -------\Legacy_IS-C4H53DRV

    -------\Legacy_NLALJKBK

    -------\Service_72568

    -------\Service_9235D

    -------\Service_cpuz132

    -------\Service_GbpSv

    -------\Service_is-AP9JMdrv

    -------\Service_is-C4H53drv

    -------\Service_nlaljkbk

    (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-28 to 2009-09-30 ))))))))))))))))))))))))))))

    .

    2009-09-29 03:17 . 2009-09-29 03:17 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\AVG8

    2009-09-29 02:54 . 2009-09-29 02:54 -------- d-----w- D:\FOUND.000

    2009-09-28 22:27 . 2009-09-28 22:27 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\IObit

    2009-09-26 18:17 . 2009-09-26 18:17 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\F-Secure

    2009-09-26 01:45 . 2009-09-26 01:45 28 ----a-w- d:\windows\kmcdfa2200.dat

    2009-09-25 19:51 . 2009-09-25 19:51 -------- d-----w- d:\documents and settings\edsom luis\Tracing

    2009-09-24 20:58 . 2009-09-24 20:58 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2009-09-24 17:27 . 2009-09-24 17:27 1878152 ----a-w- d:\windows\system32\CalculoV32.dll

    2009-09-22 20:51 . 2009-09-22 20:51 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org

    2009-09-22 20:50 . 2009-09-22 20:50 -------- d-----w- d:\documents and settings\edsom luis\Gabaritos

    2009-09-22 20:49 . 2009-09-22 20:49 -------- d-----w- d:\arquivos de programas\BrOffice.org 3

    2009-09-22 20:42 . 2009-09-22 20:42 -------- d-----w- d:\arquivos de programas\redist

    2009-09-22 20:42 . 2009-09-22 20:42 -------- d-----w- d:\arquivos de programas\readmes

    2009-09-22 20:42 . 2009-09-22 20:42 -------- d-----w- d:\arquivos de programas\licenses

    2009-09-22 20:28 . 2009-09-22 20:28 -------- d-----w- d:\arquivos de programas\Q SO NADA OFBR SDQVTIA123

    2009-09-22 04:45 . 2009-09-22 04:45 -------- d-----w- d:\arquivos de programas\Marcos Velasco Security

    2009-09-22 02:04 . 2009-09-22 02:04 -------- d-----w- d:\arquivos de programas\Microsoft Office Outlook Connector

    2009-09-21 14:35 . 2009-09-21 14:35 589824 ----a-w- d:\windows\system32\CriticasCalculo.dll

    2009-09-21 04:09 . 2009-09-21 04:09 -------- d-----w- D:\UsbFix

    2009-09-21 02:45 . 2009-09-21 02:45 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

    2009-09-18 16:14 . 2009-09-18 16:14 -------- d-----w- d:\documents and settings\edsom luis\.VirtualBox

    2009-09-18 16:11 . 2009-09-09 23:15 115856 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys

    2009-09-18 16:11 . 2009-09-09 23:15 91856 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys

    2009-09-18 16:10 . 2009-09-09 23:15 41424 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys

    2009-09-18 16:09 . 2009-09-18 16:09 -------- d-----w- d:\arquivos de programas\Sun

    2009-09-17 20:43 . 2009-09-17 20:43 29584 ----a-w- d:\windows\system32\drivers\regguard.sys

    2009-09-17 00:31 . 2008-11-06 05:03 -------- d-----w- D:\SDFix

    2009-09-17 00:22 . 2009-09-17 00:22 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

    2009-09-16 03:53 . 2009-09-16 03:53 -------- d-----w- d:\windows\SxsCaPendDel

    2009-09-13 01:49 . 2009-09-13 01:49 -------- d-----w- d:\arquivos de programas\Lavalys

    2009-09-12 15:43 . 2008-06-19 20:24 28544 ----a-w- d:\windows\system32\drivers\pavboot.sys

    2009-09-12 03:03 . 2009-09-12 03:03 -------- d-----w- D:\Lop SD

    2009-09-12 01:36 . 2009-09-12 01:36 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avanquest

    2009-09-12 01:31 . 2009-09-12 01:31 -------- d-----r- D:\_Backup.RC

    2009-09-12 01:26 . 2009-09-12 01:26 -------- d--h--w- d:\arquivos de programas\InstallShield Installation Information

    2009-09-12 01:25 . 2009-09-12 01:25 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\BVRP Software

    2009-09-12 01:25 . 2009-09-12 01:25 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\InstallShield

    2009-09-11 20:13 . 2009-09-11 17:29 64160 ----a-w- d:\windows\system32\drivers\Lbd.sys

    2009-09-11 17:30 . 2009-09-11 17:30 54 ----a-w- d:\windows\system32\rp_stats.dat

    2009-09-11 17:30 . 2009-09-11 17:30 44 ----a-w- d:\windows\system32\statistics.dat

    2009-09-11 17:30 . 2009-09-11 17:30 39 ----a-w- d:\windows\system32\rp_rules.dat

    2009-09-10 19:14 . 2008-07-08 17:54 148496 ----a-w- d:\windows\system32\drivers\45927166.sys

    2009-09-09 23:15 . 2009-09-09 23:15 133648 ----a-w- d:\windows\system32\VBoxNetFltNotify.dll

    2009-09-09 23:15 . 2009-09-09 23:15 100368 ----a-w- d:\windows\system32\drivers\VBoxNetFlt.sys

    2009-09-09 21:15 . 2009-09-09 21:16 -------- d-sh--w- d:\documents and settings\Default User\IETldCache

    2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- D:\ATI

    2009-09-09 13:33 . 2009-06-21 21:48 153088 ------w- d:\windows\system32\dllcache\triedit.dll

    2009-09-08 22:01 . 2009-09-08 22:01 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

    2009-09-04 13:09 . 2009-09-04 13:09 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

    2009-09-02 21:49 . 2009-09-02 21:49 -------- d-----w- d:\windows\Sun

    2009-09-02 19:09 . 2008-04-13 22:20 81920 ------w- d:\windows\system32\ieencode.dll

    2009-09-02 18:59 . 2009-09-02 19:00 -------- d-----w- d:\windows\system32\CatRoot_bak

    2009-09-02 13:01 . 2009-08-07 08:48 100352 ------w- d:\windows\system32\dllcache\iecompat.dll

    2009-09-01 13:27 . 2009-09-01 13:27 -------- d-----w- d:\windows\system32\wbem\Repository

    2009-08-31 19:31 . 2009-08-31 19:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Skype

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-09-30 01:44 . 2009-08-22 14:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

    2009-09-30 01:43 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

    2009-09-30 01:43 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

    2009-09-24 20:58 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat

    2009-09-22 02:05 . 2001-10-28 21:07 79980 ----a-w- d:\windows\system32\perfc016.dat

    2009-09-22 02:05 . 2001-10-28 21:07 471022 ----a-w- d:\windows\system32\perfh016.dat

    2009-09-17 14:11 . 2008-12-04 13:33 411368 ----a-w- d:\windows\system32\deploytk.dll

    2009-09-10 17:54 . 2009-04-23 15:56 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

    2009-09-10 17:53 . 2009-04-23 15:56 19160 ----a-w- d:\windows\system32\drivers\mbam.sys

    2009-08-29 01:10 . 2009-08-29 01:10 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

    2009-08-28 23:47 . 2009-08-28 23:47 -------- d-----w- d:\arquivos de programas\microsoft frontpage

    2009-08-28 03:09 . 2009-08-28 03:09 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Stardock

    2009-08-28 03:09 . 2009-08-28 03:09 -------- d-----w- d:\arquivos de programas\AlienGUIse

    2009-08-26 16:13 . 2009-08-26 16:15 11233 ----a-w- d:\windows\system32\fm20enu.dll.zip

    2009-08-26 16:04 . 2009-08-26 16:04 11233 ----a-w- d:\arquivos de programas\fm20enu.dll.zip

    2009-08-25 23:34 . 2009-08-25 23:33 506248 ----a-w- d:\windows\msajt200.zip

    2009-08-24 15:12 . 2009-08-22 15:37 468108 ----a-w- d:\windows\system32\prfh0416.dat

    2009-08-24 15:12 . 2009-08-22 15:37 79022 ----a-w- d:\windows\system32\prfc0416.dat

    2009-08-21 02:42 . 2009-08-21 02:42 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

    2009-08-20 15:06 . 2009-08-20 15:06 126704693 ----a-w- d:\arquivos de programas\brofficeorg1.cab

    2009-08-20 15:04 . 2009-08-20 15:04 9812992 ----a-w- d:\arquivos de programas\brofficeorg31.msi

    2009-08-19 08:39 . 2009-08-19 08:39 330 ----a-w- d:\arquivos de programas\setup.ini

    2009-08-16 23:12 . 2009-08-16 23:12 396288 ----a-w- D:\HijackThis.exe

    2009-08-13 18:48 . 2009-08-13 18:48 272 ----a-w- d:\windows\system32\drivers\sfi.dat

    2009-08-05 09:00 . 2004-08-04 10:45 205312 ----a-w- d:\windows\system32\mswebdvd.dll

    2009-07-28 19:33 . 2009-03-19 00:30 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys

    2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- d:\windows\system32\sirenacm.dll

    2009-07-17 19:03 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\atl.dll

    2009-07-12 15:21 . 2004-08-04 10:45 233472 ----a-w- d:\windows\system32\wmpdxm.dll

    2009-07-03 16:59 . 2004-08-04 10:45 915456 ------w- d:\windows\system32\wininet.dll

    2009-03-27 23:27 . 2009-03-27 23:27 2399 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

    2009-02-26 14:04 . 2009-02-26 14:04 8250 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

    2009-02-26 14:04 . 2009-02-26 14:04 234477 ----a-w- d:\arquivos de programas\Arquivos comuns\english.lng

    2009-02-26 13:49 . 2009-02-26 13:49 3712000 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

    2009-02-26 13:49 . 2009-02-26 13:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

    2009-02-26 13:49 . 2009-02-26 13:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

    2009-02-26 13:49 . 2009-02-26 13:49 99328 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

    2009-01-07 16:52 . 2009-01-07 16:52 6809 ----a-w- d:\arquivos de programas\Arquivos comuns\license.txt

    2008-09-03 17:12 . 2008-09-03 17:12 8470 ----a-w- d:\arquivos de programas\Arquivos comuns\search.ini

    2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

    2008-05-05 12:51 . 2008-05-05 12:51 3873 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

    2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- d:\arquivos de programas\instmsiw.exe

    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- d:\arquivos de programas\instmsia.exe

    2009-03-08 17:09 . 2007-09-19 13:42 638816 --sha-w- d:\windows\system32\dllcache\iexplore.exe

    2009-03-08 17:09 . 2008-04-14 03:21 638816 --sha-w- d:\windows\ServicePackFiles\i386\iexplore.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

    "Google Update"="d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    "SunJavaUpdateSched"="d:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-17 149280]

    "Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

    "GrooveMonitor"="d:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

    BrOffice.org 3.1.lnk - d:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoRealMode"= 0 (0x0)

    "NoFileUrl"= 0 (0x0)

    "NoUpdateCheck"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

    2001-12-21 02:34 24576 ----a-w- d:\arquivos de programas\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=d:\windows\system32\wbsys.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "d:\\WINDOWS\\system32\\rtcshare.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

    "d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [11/09/2009 17:13 64160]

    R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/09/2009 13:11 115856]

    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/09/2009 13:10 41424]

    R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [28/08/2009 22:11 108289]

    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/09/2009 13:11 91856]

    R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [09/09/2009 20:15 100368]

    R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

    S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

    S0 Partizan;Partizan;d:\windows\system32\drivers\Partizan.sys --> d:\windows\system32\drivers\Partizan.sys [?]

    S1 lgalcafo;lgalcafo; [x]

    S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x]

    S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [17/09/2009 17:43 29584]

    S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 18:25N4BF150JQ9B.job

    - d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 18:25]

    2009-09-30 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

    - d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.msn.com

    mWindow Title =

    IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} -

    FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\r46u2xkd.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

    FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

    FF - component: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

    FF - plugin: d:\arquivos de programas\Mozilla Firefox 3.5 Preview\plugins\npOGAPlugin.dll

    FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npdsplay.dll

    FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPOFF12.DLL

    FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\NPSWF32.dll

    FF - plugin: d:\arquivos de programas\Opera 10 Beta\program\plugins\npwmsdrm.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    FF - user.js: network.http.max-connections-per-server - 6

    FF - user.js: network.http.max-persistent-connections-per-server - 3

    FF - user.js: nglayout.initialpaint.delay - 750

    FF - user.js: content.notify.interval - 750000

    FF - user.js: content.max.tokenizing.time - 2250000

    d:\arquivos de programas\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-09-29 22:45

    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

    @Denied: (Full) (LocalSystem)

    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

    @DACL=(02 0000)

    "PackageName"="Dashboard.msi"

    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

    @DACL=(02 0000)

    "PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

    "LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

    "6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(1000)

    d:\arquivos de programas\AlienGUIse\fastload.dll

    - - - - - - - > 'explorer.exe'(3524)

    d:\windows\system32\WININET.dll

    d:\windows\system32\webcheck.dll

    d:\windows\system32\WPDShServiceObj.dll

    d:\windows\system32\PortableDeviceTypes.dll

    d:\windows\system32\PortableDeviceApi.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    d:\arquivos de programas\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE

    d:\arquivos de programas\JAVA\JRE6\BIN\JQS.EXE

    d:\arquivos de programas\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

    d:\arquivos de programas\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

    d:\arquivos de programas\BROFFICE.ORG 3\PROGRAM\SOFFICE.EXE

    d:\arquivos de programas\BROFFICE.ORG 3\PROGRAM\SOFFICE.BIN

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-09-30 22:48 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-09-30 01:48

    ComboFix2.txt 2009-09-29 00:01

    ComboFix3.txt 2009-09-28 01:28

    ComboFix4.txt 2009-09-26 20:28

    ComboFix5.txt 2009-09-29 00:14

    Pré-execução: 21 pasta(s) 36.846.338.048 bytes disponíveis

    Pós execução: 23 pasta(s) 36.794.138.624 bytes disponíveis

    270

    Obrigado e abraços

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
    • Seja paciente, o scan pode demorar
    • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
    • Após completar tudo, clique no botão Reports... e clique em Save to file.
    • Dê um nome para o arquivo e salve numa pasta de sua preferência.
    • Feche o resultado clicando no X da janela.
    • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    HSES    0
  • Autor do tópico
  • Bom dia !

    Esta foi a única maneira de rodar o Kaspersky Removal Tool, por etapa ; pois marcando nas caixas as 3 opções juntas não rodava,travava e o pc reiniciava .

    Perçebi que dando o famoso F8 e escolhendo a opção ativar log de inicialização; além de não constar o erro de tela parada ( tela azul ) o pc ainda reinicia .

    Marcando apenas meu computador :

    Scan

    ----

    Scanned: 9288

    Detected: 0

    Untreated: 0

    Start time: 06/10/2009 08:20:05

    Duration: 01:01:10

    Finish time: 06/10/2009 09:21:15

    Detected

    --------

    Status Object

    ------ ------

    Events

    ------

    Time Name Status Reason

    ---- ---- ------ ------

    Statistics

    ----------

    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

    Settings

    --------

    Parameter Value

    --------- -----

    Security Level Recommended

    Action Prompt for action when the scan is complete

    Run mode Manually

    File types Scan all files

    Scan only new and changed files No

    Scan archives All

    Scan embedded OLE objects All

    Skip if object is larger than No

    Skip if scan takes longer than No

    Parse email formats No

    Scan password-protected archives No

    Enable iChecker technology No

    Enable iSwift technology No

    Show detected threats on "Detected" tab Yes

    Rootkits search Yes

    Deep rootkits search No

    Use heuristic analyzer Yes

    Quarantine

    ----------

    Status Object Size Added

    ------ ------ ---- -----

    Backup

    ------

    Status Object Size

    ------ ------ ----

    Marcando apenas a memória :

    Scan

    ----

    Scanned: 4482

    Detected: 0

    Untreated: 0

    Start time: 06/10/2009 09:40:05

    Duration: 00:02:35

    Finish time: 06/10/2009 09:42:40

    Detected

    --------

    Status Object

    ------ ------

    Events

    ------

    Time Name Status Reason

    ---- ---- ------ ------

    Statistics

    ----------

    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

    Settings

    --------

    Parameter Value

    --------- -----

    Security Level Recommended

    Action Prompt for action when the scan is complete

    Run mode Manually

    File types Scan all files

    Scan only new and changed files No

    Scan archives All

    Scan embedded OLE objects All

    Skip if object is larger than No

    Skip if scan takes longer than No

    Parse email formats No

    Scan password-protected archives No

    Enable iChecker technology No

    Enable iSwift technology No

    Show detected threats on "Detected" tab Yes

    Rootkits search Yes

    Deep rootkits search No

    Use heuristic analyzer Yes

    Quarantine

    ----------

    Status Object Size Added

    ------ ------ ---- -----

    Backup

    ------

    Status Object Size

    ------ ------ ----

    Marcando apenas o boot :

    Scan

    ----

    Scanned: 5

    Detected: 0

    Untreated: 0

    Start time: 06/10/2009 10:15:30

    Duration: 00:00:20

    Finish time: 06/10/2009 10:15:50

    Detected

    --------

    Status Object

    ------ ------

    Events

    ------

    Time Name Status Reason

    ---- ---- ------ ------

    Statistics

    ----------

    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

    Settings

    --------

    Parameter Value

    --------- -----

    Security Level Recommended

    Action Prompt for action when the scan is complete

    Run mode Manually

    File types Scan all files

    Scan only new and changed files No

    Scan archives All

    Scan embedded OLE objects All

    Skip if object is larger than No

    Skip if scan takes longer than No

    Parse email formats No

    Scan password-protected archives No

    Enable iChecker technology No

    Enable iSwift technology No

    Show detected threats on "Detected" tab Yes

    Rootkits search Yes

    Deep rootkits search No

    Use heuristic analyzer Yes

    Quarantine

    ----------

    Status Object Size Added

    ------ ------ ---- -----

    Backup

    ------

    Status Object Size

    ------ ------ ----

    Grato

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Olá,

    Seu computador reinicia ou desliga?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    HSES    0
  • Autor do tópico
  • Boa Tarde !

    Ele desliga e reinicia .

    Grato

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Provavelmente é problema relacionado a hardware, recomendo que poste na seção apropriada.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    HSES    0
  • Autor do tópico
  • Boa Tarde !

    Ok, vou postar .

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×